Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dwindling space & slow start-ups


  • This topic is locked This topic is locked
31 replies to this topic

#1 otisman

otisman

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 20 March 2015 - 07:46 PM

My computer has 2.70TB of space.  When I got to 1TB left I decided to delete a lot of files to try to keep half free.  I started deleting and my open space started dwindling.  The more I deleted the less space I had.  I currently have 458GB.  I have been trying to read about why this might happen and I found 2 frequent topics 1) something to do with partitions (way out of my league as to what that is) and 2) a virus.  I run Norton and nothing shows up except some tracking cookies.  Malaware also come up clean.

 

 

 

Issue No. 2.  When I start my computer it takes forever for my homepage (Comcast) to load.  It frequently freezes and I have to close the window several times before everything loads.  It takes on average 7-8 minutes to load.  This began when I started to delete files.  I do not believe I deleted anything necessary - mostly games or movies.  When I search for a possible cause I found that I should review my list of "add-ons".   Since they all look important to me I don't know if the space is causing the problem or the "add-ons".

 

Any suggestions, recommendations or such would be appreciated.

 

Thank you.

 

 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:03 AM

Posted 25 March 2015 - 09:56 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem. Feel free to call me Makka or something like that.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 25 March 2015 - 06:22 PM

Thank you for responding.  I disabled my virus/malware scanners per your instruction and ran the FRST program.  Below are the logs.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Maria (administrator) on MARIA-HP on 25-03-2015 19:15:41
Running from C:\Users\Maria\Desktop\New folder (2)
Loaded Profiles: Maria (Available profiles: Maria)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Gemalto N.V.) C:\Users\Maria\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe
( ) C:\Windows\System32\dleacoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_134_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [765952 2010-04-01] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe [135168 2009-06-22] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2013-06-23] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatchTray15.exe [294632 2013-08-19] (Corel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-08] (Google Inc.)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Maria\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {165A6CE7-B571-4736-9096-C3B010B98332} URL = http://search.whiteskyservices.com/?wstoken=910E370D-3E1A-4BB2-8C14-8B56A97073C0&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {6A6BFF93-2829-4B7A-A464-E9B7CE750FB7} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150105,20028,0,31,0
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Fast Connect -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.15.311.2\NativeBHO.dll [2015-03-11] (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://clkitchens.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-03-25]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-17]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo.com/?type=888596&fr=yo-yhp-ch
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=888596&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSuggestURL: Default -> http://vinstaller.com/kmsx/ysuggest.html?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo! Search) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\eefhnbpnnaaokmclnihgajdnlgljajjg [2015-03-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-12-26]
CHR Extension: (Google Wallet) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457960 2013-08-19] ()
R2 a360; C:\windows\System32\a360.dll [1464320 2015-01-25] () [File not signed]
R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22760 2013-08-19] ()
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S2 cartmgr; C:\windows\System32\cartmgr.dll [1464320 2014-09-27] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
R2 dlea_device; C:\windows\system32\dleacoms.exe [1047552 2009-12-09] ( )
R2 dlea_device; C:\windows\SysWOW64\dleacoms.exe [593920 2009-12-09] ( )
S2 dpcEptMapper; C:\windows\System32\dpcEptMapper.dll [1464320 2014-08-01] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S2 hasSstp; C:\windows\System32\hasSstp.dll [1464320 2015-01-05] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 jDVaultSvc; C:\windows\System32\jDVaultSvc.dll [1464320 2015-02-12] () [File not signed]
S2 jlaSvc; C:\windows\System32\jlaSvc.dll [1464320 2014-12-17] () [File not signed]
S2 lPBusEnum; C:\windows\System32\lPBusEnum.dll [1464320 2015-03-11] () [File not signed]
S2 mlaSvc; C:\windows\System32\mlaSvc.dll [1464320 2014-12-04] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
S2 ncpipreg; C:\windows\System32\ncpipreg.dll [1464320 2014-11-29] () [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)
S2 qupdate; C:\windows\System32\qupdate.dll [1464320 2014-10-12] () [File not signed]
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
S2 reLookupSvc; C:\windows\System32\reLookupSvc.dll [1464320 2014-11-15] () [File not signed]
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-09-27] ()
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxMediaDB15.exe [1097448 2013-08-19] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatch15.exe [341736 2013-08-19] (Corel Corporation)
S2 sertPropSvc; C:\windows\System32\sertPropSvc.dll [1464320 2014-10-26] () [File not signed]
S2 sontCache3.0.0.0; C:\windows\System32\sontCache3.0.0.0.dll [1464320 2014-08-13] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-11-27] (Enigma Software Group USA, LLC.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [161744 2015-03-10] (RaMMicHaeL)
S2 vENS; C:\windows\System32\vENS.dll [1464320 2014-10-05] () [File not signed]
S2 vontCache; C:\windows\System32\vontCache.dll [1464320 2014-12-29] () [File not signed]
S2 wetman; C:\windows\System32\wetman.dll [1464320 2015-01-30] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 wolmgrx; C:\windows\System32\wolmgrx.dll [1464320 2014-09-20] () [File not signed]
S2 xbioSrvc; C:\windows\System32\xbioSrvc.dll [1464320 2014-12-11] () [File not signed]
S2 xdfs; C:\windows\System32\xdfs.dll [1464320 2015-02-21] () [File not signed]
S2 xDSVia64; C:\windows\System32\xDSVia64.dll [1464320 2014-10-04] () [File not signed]
S2 yontCache; C:\windows\System32\yontCache.dll [1464320 2015-02-27] () [File not signed]
S2 AFAsdqUV; "C:\ProgramData\pIPlGT\AFAsdqUV.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DbusAudio; C:\Windows\System32\drivers\DbusAudio.sys [34040 2011-09-01] (Windows ® Codename Longhorn DDK provider)
S3 DrmRAudio; C:\Windows\System32\drivers\DrmRAudio.sys [34504 2013-12-16] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-09] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-11-27] (Enigma Software Group USA, LLC.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-04-06] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150323.001\IDSvia64.sys [669400 2015-03-13] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150325.003\ENG64.SYS [129752 2015-02-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150325.003\EX64.SYS [2137304 2015-02-14] (Symantec Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2486416 2014-12-31] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2013-08-19] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2013-08-19] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2013-08-19] (Corel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: jDVaultSvc -> C:\windows\System32\jDVaultSvc.dll ()
NETSVC: jlaSvc -> C:\windows\System32\jlaSvc.dll ()
NETSVC: vontCache -> C:\windows\System32\vontCache.dll ()
NETSVC: wetman -> C:\windows\System32\wetman.dll ()
NETSVC: lPBusEnum -> C:\windows\System32\lPBusEnum.dll ()
NETSVC: xbioSrvc -> C:\windows\System32\xbioSrvc.dll ()
NETSVC: reLookupSvc -> C:\windows\System32\reLookupSvc.dll ()
NETSVC: ncpipreg -> C:\windows\System32\ncpipreg.dll ()
NETSVC: vENS -> C:\windows\System32\vENS.dll ()
NETSVC: yontCache -> C:\windows\System32\yontCache.dll ()
NETSVC: xdfs -> C:\windows\System32\xdfs.dll ()
NETSVC: hasSstp -> C:\windows\System32\hasSstp.dll ()
NETSVC: sertPropSvc -> C:\windows\System32\sertPropSvc.dll ()
NETSVC: dpcEptMapper -> C:\windows\System32\dpcEptMapper.dll ()
NETSVC: wolmgrx -> C:\windows\System32\wolmgrx.dll ()
NETSVC: a360 -> C:\windows\System32\a360.dll ()
NETSVC: mlaSvc -> C:\windows\System32\mlaSvc.dll ()
NETSVC: xDSVia64 -> C:\windows\System32\xDSVia64.dll ()
NETSVC: cartmgr -> C:\windows\System32\cartmgr.dll ()
NETSVC: qupdate -> C:\windows\System32\qupdate.dll ()
NETSVC: sontCache3.0.0.0 -> C:\windows\System32\sontCache3.0.0.0.dll ()

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 19:11 - 2015-03-25 19:15 - 00000000 ____D () C:\FRST
2015-03-22 14:05 - 2015-02-21 02:40 - 00096639 _____ () C:\Users\Maria\Downloads\2014 - The Hunger Games - Mockingjay Part 1.srt
2015-03-22 13:59 - 2013-04-18 18:00 - 313208753 _____ () C:\Users\Maria\Downloads\The Art of Candle Making - 2008.mp4
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Users\Maria\Downloads\Rachel and the Stranger (1948)
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Users\Maria\Downloads\Phantom of Chinatown (1940)
2015-03-22 11:43 - 2015-03-22 11:46 - 00000000 ____D () C:\Users\Maria\Downloads\d.2013.u316520.Rapidmoviez.com
2015-03-22 11:43 - 2015-03-22 11:43 - 00000000 ____D () C:\Users\Maria\Downloads\c.2015.u399303.Rapidmoviez.com
2015-03-20 18:13 - 2015-03-20 18:14 - 00000000 ____D () C:\Users\Maria\Desktop\DKbyML
2015-03-20 18:05 - 2015-03-20 18:05 - 01742928 _____ (BitTorrent Inc.) C:\Users\Maria\Downloads\uTorrent.exe
2015-03-19 23:24 - 2014-12-02 14:13 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-03-19 19:49 - 2015-03-19 19:50 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_2191
2015-03-16 18:32 - 2015-03-25 08:52 - 00000000 ____D () C:\Users\Maria\Desktop\Tug
2015-03-16 17:59 - 2015-03-16 19:30 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_421
2015-03-15 16:59 - 2015-03-15 16:59 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\FarmMystery
2015-03-15 16:54 - 2015-03-15 16:54 - 00003292 _____ () C:\windows\System32\Tasks\{38FBC635-B187-466F-8535-89E9B2D68493}
2015-03-15 12:33 - 2015-03-15 12:33 - 00000000 ____D () C:\Users\Maria\Desktop\KA HB I - 1975.zip
2015-03-15 12:19 - 2015-03-15 12:19 - 00000000 ____D () C:\Users\Maria\Desktop\KA-HBbylon2
2015-03-15 12:18 - 2015-03-15 12:24 - 131072000 _____ () C:\Users\Maria\Desktop\KA HB I - 1975.zip.001
2015-03-15 12:18 - 2015-03-15 12:24 - 117874764 _____ () C:\Users\Maria\Desktop\KA HB I - 1975.zip.002
2015-03-15 10:29 - 2015-03-15 10:30 - 00000000 ____D () C:\Users\Maria\Desktop\TGRI11DA
2015-03-14 21:23 - 2015-03-14 21:23 - 00000000 ____D () C:\Users\Maria\Downloads\YIFY.info_-_Interstellar.2014.DVDScr.XVID.AC3.HQ
2015-03-14 21:21 - 2015-02-21 03:30 - 553103535 _____ () C:\Users\Maria\Downloads\2014 - The Hunger Games - Mockingjay Part 1.mkv
2015-03-13 18:43 - 2015-03-13 18:43 - 00000000 ____D () C:\Users\Maria\Desktop\MyScrapChickBellyBox
2015-03-13 09:39 - 2015-03-13 09:40 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_942
2015-03-11 19:52 - 2015-03-11 19:52 - 01464320 _____ () C:\windows\system32\lPBusEnum.dll
2015-03-11 19:52 - 2015-03-11 19:52 - 00000657 _____ () C:\windows\system32\lPBusEnum.ocx
2015-03-11 17:51 - 2015-03-11 17:51 - 00000000 ____D () C:\Users\Maria\Documents\aap
2015-03-10 22:41 - 2015-03-10 22:41 - 00000000 ____D () C:\Users\Maria\Desktop\TeGer
2015-03-09 22:24 - 2015-03-09 22:24 - 00000823 _____ () C:\Users\Maria\Documents\describe.txt
2015-03-08 17:37 - 2015-03-25 15:40 - 00000000 ____D () C:\Users\Maria\Documents\Jobs Applied
2015-03-08 17:15 - 2015-03-08 17:15 - 04718744 _____ () C:\ProgramData\SPL83A6.tmp
2015-03-08 16:51 - 2015-03-08 16:51 - 00183808 _____ () C:\Users\Maria\Desktop\hr-application.wiz.ux8fzcp.partial
2015-03-08 14:57 - 2015-03-08 14:57 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\SanDisk
2015-03-08 14:57 - 2015-03-08 14:57 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
2015-03-07 13:55 - 2015-03-07 13:57 - 303654387 ____R () C:\Users\Maria\Downloads\India's Daughter   Indian rapist BBC documentary Delhi Nirbhaya full HD.webm
2015-03-05 09:43 - 2015-03-25 19:15 - 00000000 ____D () C:\Users\Maria\Desktop\New folder (2)
2015-03-05 09:27 - 2014-05-17 18:54 - 00000000 ____D () C:\Users\Maria\Desktop\Diane Leyne - [Satisfaction, Texas 04] - Playing for Satisfaction [Siren Menage Everlasting] (html)
2015-03-04 19:01 - 2015-03-04 21:49 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_3F52
2015-03-03 23:29 - 2015-03-03 23:29 - 00000000 _____ () C:\windows\SysWOW64\shoCC1E.tmp
2015-03-01 13:41 - 2015-03-16 12:52 - 00000000 ____D () C:\Users\Maria\Desktop\Draft Order Ref N58958001
2015-03-01 13:41 - 2015-03-01 13:41 - 00038119 _____ () C:\Users\Maria\Desktop\Draft Order Ref N58958001.zip
2015-03-01 13:40 - 2015-03-01 13:40 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_21CB
2015-02-28 11:58 - 2015-02-28 11:58 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_CFB
2015-02-27 23:30 - 2015-02-27 23:30 - 00000000 _____ () C:\windows\SysWOW64\sho893.tmp
2015-02-27 23:28 - 2015-02-27 23:28 - 00000076 _____ () C:\Users\Maria\Desktop\cat.txt
2015-02-27 19:17 - 2015-02-27 19:17 - 01464320 _____ () C:\windows\system32\yontCache.dll
2015-02-27 19:17 - 2015-02-27 19:17 - 00000657 _____ () C:\windows\system32\yontCache.ocx
2015-02-24 22:04 - 2015-03-25 19:00 - 00030762 _____ () C:\Users\Maria\Desktop\Book1.xlsx
2015-02-23 13:05 - 2015-02-23 13:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-02-23 12:57 - 2015-01-15 04:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-23 12:57 - 2015-01-15 04:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-23 12:57 - 2015-01-15 04:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-23 12:57 - 2015-01-15 04:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-23 12:57 - 2015-01-15 04:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-23 12:57 - 2015-01-15 04:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-23 12:57 - 2015-01-15 04:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-23 12:57 - 2015-01-15 04:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-23 12:57 - 2015-01-15 04:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-23 12:57 - 2015-01-15 04:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-23 12:57 - 2015-01-15 04:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-23 12:57 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-23 12:57 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-23 12:57 - 2015-01-15 03:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-23 12:57 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-23 12:57 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-23 12:57 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-23 12:57 - 2015-01-15 00:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-23 12:57 - 2015-01-14 01:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-23 12:57 - 2015-01-14 01:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-23 12:57 - 2015-01-12 23:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-23 12:57 - 2015-01-12 22:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-23 12:57 - 2015-01-11 23:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-23 12:57 - 2015-01-11 23:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-23 12:57 - 2015-01-11 23:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-23 12:57 - 2015-01-11 22:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-23 12:57 - 2015-01-11 22:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-23 12:57 - 2015-01-11 22:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-23 12:57 - 2015-01-11 22:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-23 12:57 - 2015-01-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-23 12:57 - 2015-01-11 22:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-23 12:57 - 2015-01-11 22:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-23 12:57 - 2015-01-11 22:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-23 12:57 - 2015-01-11 22:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-23 12:57 - 2015-01-11 22:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-23 12:57 - 2015-01-11 22:33 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-23 12:57 - 2015-01-11 22:32 - 06041088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-23 12:57 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-23 12:57 - 2015-01-11 22:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-23 12:57 - 2015-01-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-23 12:57 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-23 12:57 - 2015-01-11 22:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-23 12:57 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-23 12:57 - 2015-01-11 22:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-23 12:57 - 2015-01-11 22:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-23 12:57 - 2015-01-11 22:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-23 12:57 - 2015-01-11 22:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-23 12:57 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-23 12:57 - 2015-01-11 22:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-23 12:57 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-23 12:57 - 2015-01-11 22:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-23 12:57 - 2015-01-11 21:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-23 12:57 - 2015-01-11 21:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-23 12:57 - 2015-01-11 21:55 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-23 12:57 - 2015-01-11 21:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-23 12:57 - 2015-01-11 21:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-23 12:57 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-23 12:57 - 2015-01-11 21:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-23 12:57 - 2015-01-11 21:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-23 12:57 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-23 12:57 - 2015-01-11 21:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-23 12:57 - 2015-01-11 21:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-23 12:57 - 2015-01-11 21:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-23 12:57 - 2015-01-11 21:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-23 12:57 - 2015-01-11 21:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-23 12:57 - 2015-01-11 21:29 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-23 12:57 - 2015-01-11 21:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-23 12:57 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-23 12:57 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-23 12:57 - 2015-01-11 21:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-23 12:57 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-23 12:57 - 2015-01-11 21:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-23 12:57 - 2015-01-11 21:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-23 12:57 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-23 12:57 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-23 12:57 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-23 12:57 - 2014-12-12 01:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-23 12:57 - 2014-12-12 01:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-23 12:57 - 2014-10-03 22:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-23 12:57 - 2014-10-03 21:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-23 12:57 - 2014-10-03 21:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-23 12:57 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-23 12:57 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-23 12:57 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-23 12:57 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-23 12:56 - 2015-01-14 02:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-23 12:56 - 2015-01-14 02:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-23 12:56 - 2015-01-14 02:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-23 12:56 - 2015-01-14 02:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-23 12:56 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-23 12:56 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-23 12:56 - 2015-01-14 01:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-23 12:56 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-23 12:56 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-23 12:56 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-23 12:56 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-23 12:55 - 2015-02-03 23:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-23 12:55 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-23 12:55 - 2015-01-10 02:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-23 12:54 - 2015-01-08 22:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 19:13 - 2013-07-04 19:06 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 19:13 - 2013-05-25 21:05 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{C71CF554-B784-48C5-B89F-CECCF82CBFB2}
2015-03-25 19:00 - 2014-12-09 21:42 - 00000000 ____D () C:\Users\Maria\Documents\Jobs
2015-03-25 18:45 - 2013-12-08 16:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 14:39 - 2013-05-26 17:21 - 00000000 ____D () C:\Users\Maria\AppData\Local\CrashDumps
2015-03-25 13:56 - 2014-12-18 15:10 - 00004972 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Maria-HP-Maria Maria-HP
2015-03-25 12:13 - 2013-06-02 15:24 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2015-03-25 09:10 - 2013-06-02 15:25 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\ID Vault
2015-03-25 09:10 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 09:10 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 09:09 - 2013-05-25 21:01 - 01595779 _____ () C:\windows\WindowsUpdate.log
2015-03-25 09:05 - 2014-09-01 09:54 - 00000000 ____D () C:\Users\Maria\AppData\Local\Adobe
2015-03-25 08:52 - 2013-05-17 14:34 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-25 08:51 - 2013-05-26 15:43 - 00146064 _____ () C:\ProgramData\dleascan.log
2015-03-25 08:50 - 2013-07-04 19:06 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 08:50 - 2009-07-14 00:51 - 00134540 _____ () C:\windows\setupact.log
2015-03-25 08:49 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-22 20:59 - 2013-12-08 16:25 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-03-22 20:59 - 2013-05-17 14:27 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 20:59 - 2013-05-17 14:27 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 16:54 - 2013-05-26 14:21 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\vlc
2015-03-22 16:18 - 2015-01-04 11:16 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMaria
2015-03-22 16:18 - 2015-01-04 11:16 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForMaria.job
2015-03-22 13:58 - 2014-07-05 17:22 - 00000000 ____D () C:\Users\Maria\Downloads\Tom
2015-03-22 09:38 - 2013-05-26 16:11 - 00000000 ____D () C:\ProgramData\Dl_cats
2015-03-22 09:37 - 2013-05-26 16:22 - 00066600 _____ () C:\ProgramData\dleaJSW.log
2015-03-21 21:22 - 2013-07-12 19:03 - 00000000 ____D () C:\Users\Maria\Downloads\Books
2015-03-21 12:14 - 2014-11-28 17:24 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-21 11:27 - 2010-11-20 23:47 - 02076806 _____ () C:\windows\PFRO.log
2015-03-20 20:36 - 2013-12-21 17:42 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\uTorrent
2015-03-20 18:07 - 2014-12-06 12:10 - 00000000 ____D () C:\ProgramData\Unchecky
2015-03-19 23:24 - 2014-02-09 19:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-19 23:24 - 2014-02-09 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-19 11:06 - 2013-06-02 15:25 - 00000000 ____D () C:\Users\Maria\AppData\Local\ID Vault
2015-03-19 11:00 - 2014-12-05 19:25 - 00002199 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Connect.lnk
2015-03-19 11:00 - 2014-12-05 19:25 - 00002187 _____ () C:\Users\Public\Desktop\Fast Connect.lnk
2015-03-18 20:36 - 2014-08-07 08:36 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 10:43 - 2009-07-14 00:45 - 00573856 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-15 16:57 - 2013-07-14 13:43 - 00000000 ____D () C:\games
2015-03-15 16:54 - 2014-05-28 18:07 - 00002476 _____ () C:\Users\Maria\Desktop\Hidden Expedition - Smithsonian Hope Diamond CE.lnk
2015-03-15 16:54 - 2014-05-28 18:07 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Expedition - Smithsonian Hope Diamond CE
2015-03-15 16:48 - 2013-07-19 10:32 - 00000000 ____D () C:\Users\Maria\Documents\Calibre Library
2015-03-15 10:22 - 2009-07-14 01:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-15 09:28 - 2013-05-28 11:40 - 00167600 _____ () C:\Users\Maria\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-15 09:15 - 2013-05-26 09:12 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-03-15 07:54 - 2013-07-30 19:55 - 00000000 ____D () C:\Users\Maria\Downloads\Games
2015-03-15 07:36 - 2014-12-28 21:07 - 00000000 ____D () C:\Users\Maria\Downloads\Agatha.Raisin.The.Quiche.Of.Death
2015-03-15 07:35 - 2013-08-04 11:02 - 00000000 ____D () C:\Users\Maria\Downloads\Applications
2015-03-14 21:19 - 2013-07-18 19:18 - 00000000 ____D () C:\Users\Maria\Downloads\Movies
2015-03-14 16:13 - 2014-12-02 15:28 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-13 09:30 - 2014-04-03 17:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-12 16:02 - 2013-05-17 14:20 - 00000000 ____D () C:\ProgramData\Temp
2015-03-11 19:51 - 2014-06-29 18:14 - 00002841 _____ () C:\Users\Public\Desktop\Xilisoft DVD Creator.lnk
2015-03-11 19:51 - 2014-06-29 14:01 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Xilisoft
2015-03-08 20:31 - 2015-01-27 01:19 - 00000455 _____ () C:\Users\Maria\Documents\Contacts.txt
2015-03-08 17:17 - 2013-05-25 21:06 - 00000000 ____D () C:\Users\Maria\AppData\Local\VirtualStore
2015-03-04 12:22 - 2013-05-28 14:49 - 00000000 ____D () C:\Users\Maria\AppData\Local\Google
2015-03-02 22:30 - 2013-12-01 14:46 - 01572864 ___SH () C:\Users\Maria\Downloads\Thumbs.db
2015-03-02 20:59 - 2014-02-02 10:34 - 00000000 ____D () C:\Users\Maria\Downloads\Magazines
2015-02-26 15:06 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2015-02-23 18:51 - 2015-01-06 13:20 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-23 18:51 - 2014-04-29 21:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-23 15:49 - 2013-07-23 18:33 - 00000000 ____D () C:\Program Files (x86)\LeeGT-Games
2015-02-23 14:57 - 2014-07-16 18:07 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Hidden Objects Romance
2015-02-23 13:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-23 13:05 - 2013-07-13 22:40 - 00000000 ____D () C:\windows\system32\MRT
2015-02-23 12:59 - 2013-06-08 13:28 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-03-20 07:53 - 2014-03-20 07:53 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-06-22 17:24 - 2014-06-26 19:05 - 0099384 _____ () C:\Users\Maria\AppData\Roaming\inst.exe
2014-06-22 17:24 - 2014-06-26 19:05 - 0007859 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.cat
2014-06-22 17:24 - 2014-06-26 19:05 - 0001167 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.inf
2014-06-22 17:24 - 2014-06-26 19:05 - 0000055 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.log
2014-06-22 17:24 - 2014-06-26 19:05 - 0082816 _____ (VSO Software) C:\Users\Maria\AppData\Roaming\pcouffin.sys
2014-02-28 21:25 - 2014-02-28 21:25 - 0000042 _____ () C:\Users\Maria\AppData\Roaming\WB.CFG
2013-06-09 12:02 - 2013-06-16 06:17 - 0000173 _____ () C:\Users\Maria\AppData\Local\msmathematics.qat.Maria
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2013-10-21 12:33 - 2015-02-19 13:30 - 0011108 _____ () C:\ProgramData\dlea.log
2013-09-07 18:30 - 2014-12-28 21:41 - 0000553 _____ () C:\ProgramData\dleaDiagnostics.log
2013-05-26 16:22 - 2015-03-22 09:37 - 0066600 _____ () C:\ProgramData\dleaJSW.log
2013-05-26 15:43 - 2015-03-25 08:51 - 0146064 _____ () C:\ProgramData\dleascan.log
2013-05-27 11:45 - 2014-11-23 16:46 - 0000756 _____ () C:\ProgramData\FastPics.log
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-09-13 06:56 - 2013-09-13 06:56 - 0002456 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag
2014-12-29 15:39 - 2014-12-29 15:39 - 0067681 _____ () C:\ProgramData\SPL258B.tmp
2015-01-19 11:53 - 2015-01-19 11:53 - 0087811 _____ () C:\ProgramData\SPL5456.tmp
2014-11-30 15:56 - 2014-11-30 15:56 - 0099946 _____ () C:\ProgramData\SPL63D3.tmp
2015-01-16 12:13 - 2015-01-16 12:13 - 0724473 _____ () C:\ProgramData\SPL6665.tmp
2014-03-11 11:36 - 2014-03-11 11:36 - 3190040 _____ () C:\ProgramData\SPL68C6.tmp
2014-12-24 16:50 - 2014-12-24 16:50 - 0937733 _____ () C:\ProgramData\SPL778F.tmp
2015-01-19 09:44 - 2015-01-19 09:44 - 1597306 _____ () C:\ProgramData\SPL7BB4.tmp
2015-03-08 17:15 - 2015-03-08 17:15 - 4718744 _____ () C:\ProgramData\SPL83A6.tmp
2015-01-19 12:09 - 2015-01-19 12:09 - 0091859 _____ () C:\ProgramData\SPL859.tmp
2014-12-29 14:06 - 2014-12-29 14:06 - 1253090 _____ () C:\ProgramData\SPL94A2.tmp
2014-11-23 16:12 - 2014-11-23 16:12 - 0368105 _____ () C:\ProgramData\SPLA0E.tmp
2014-02-19 13:06 - 2014-02-19 13:06 - 1915209 _____ () C:\ProgramData\SPLB9F0.tmp
2015-01-16 12:56 - 2015-01-16 12:56 - 0725089 _____ () C:\ProgramData\SPLC226.tmp
2015-02-02 15:07 - 2015-02-02 15:07 - 1278112 _____ () C:\ProgramData\SPLCD40.tmp
2013-07-17 20:15 - 2013-07-17 20:15 - 0147153 _____ () C:\ProgramData\SPLD89F.tmp
2013-07-18 13:47 - 2013-07-18 13:47 - 0147153 _____ () C:\ProgramData\SPLEA.tmp
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some content of TEMP:
====================
C:\Users\Maria\AppData\Local\Temp\Extract.exe
C:\Users\Maria\AppData\Local\Temp\install_flashplayer17x32ax_gtbd_awe_aih.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 15:17

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Maria at 2015-03-25 19:16:17
Running from C:\Users\Maria\Desktop\New folder (2)
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version:  - )
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
4 Great Games GOLD (HKLM-x32\...\4 Great Games GOLD1.0) (Version: 1.0 - Gogii Games)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Around the World in 80 Days (HKLM-x32\...\BFG-Around the World in 80 Days) (Version:  - )
Babylonia (HKLM-x32\...\BFG-Babylonia) (Version:  - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Big City Adventure Deluxe Pack (HKLM-x32\...\{A4F17891-1761-46D7-BAD3-9115EB8EABAD}) (Version: 6.6.6 - LeeGT-Games)
Big City Adventure: Rio de Janeiro (HKLM-x32\...\BFG-Big City Adventure - Rio de Janeiro) (Version:  - )
Big City Adventure: Tokyo (HKLM-x32\...\BFG-Big City Adventure - Tokyo) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{7BCD1A5E-F903-48C9-9CB2-37E5A6FB2111}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
Bookworm Adventures (HKLM-x32\...\BFG-Bookworm Adventures) (Version:  - )
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
calibre 64bit (HKLM\...\{9BC77540-BA1D-44B9-AEA7-600362A08F7C}) (Version: 1.27.0 - Kovid Goyal)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Corel PaintShop Pro X7  (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)
Corel PaintShop Pro X7 (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dazzle Video Capture DVC100 X64 Driver 1.06 (x32 Version: 1.06.0000 - Pinnacle) Hidden
Dell Toolbar (HKLM-x32\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - )
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elementals - The Magic Key (HKLM-x32\...\Elementals - The Magic Key_is1) (Version:  - Playrix Entertainment)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden
Esoterica - Hollow Earth (HKLM-x32\...\Esoterica - Hollow EarthFinal) (Version: Final - AllSmartGames)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fashion Solitaire (HKLM-x32\...\Fashion Solitaire) (Version: 32.0.0.0 - Shockwave.com)
Fast Connect (HKLM-x32\...\ID Vault) (Version: 1.15.311.2 - White Sky)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom 3 (HKLM-x32\...\BFG-Fishdom 3) (Version:  - )
Glass Eye 2000 (HKLM-x32\...\Glass Eye 2000) (Version: 3.1 - Dragonfly Software)
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haunted Legends 4 - The Curse of Vox Collectors Edition (HKLM-x32\...\Haunted Legends 4 - The Curse of Vox Collectors EditionFinal) (Version: Final - AllSmartGames)
Hauntings Of Mystery Manor (HKLM-x32\...\Hauntings Of Mystery Manor_is1) (Version:  - Cindy Pondillo)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Expedition - Smithsonian Hope Diamond CE (HKLM-x32\...\Hidden Expedition - Smithsonian Hope Diamond CEFinal) (Version: Final - AllSmartGames)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 6.0.0.0 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
ICA (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
InstallConverter bundle uninstaller (HKLM-x32\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
IPM_PSP_COM (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 17.0.0.199 - Corel Corporation) Hidden
iTunes (HKLM\...\{BCF07271-A853-4D3A-B668-4B752174CAA8}) (Version: 10.3.1.55 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051F0}) (Version: 7.0.510 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jojo's Fashion Show (HKLM-x32\...\BFG-Jojo's Fashion Show) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Little Shop - City Lights (HKLM-x32\...\Little Shop - City Lights) (Version: 1.0.0.32 - LeeGT-Games)
LogMeIn (HKLM-x32\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic DVD Ripper V8.1.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Make The Cut! (HKLM-x32\...\Make The Cut!) (Version: 4.6.1.0 - Make The Cut, LLC.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobi File Reader (HKLM-x32\...\{FFA8548C-9BC2-427F-9F81-E64F620A30CB}_is1) (Version:  - mobifilereader.com)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery Case Files ®: Dire Grove ™ (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version:  - )
Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 2014 (HKLM-x32\...\{B7D4C429-9CAB-4B97-A879-AFD1F922DD27}) (Version: 15.0.06800 - Nero AG)
Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 5.1.0.26 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NTComic CBR Reader (HKLM-x32\...\{205F179A-33F4-4D5E-BB14-B889D3003357}) (Version: 2.1.5 - NTComic)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.95 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Popup Card Studio (HKLM-x32\...\Popup Card Studio) (Version: 1.1.0.0 - Make The Cut, LLC.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PrintFolder 1.3 (HKLM-x32\...\PrintFolder_is1) (Version:  - No Nonsense Software)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PSPPContent (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPro64 (Version: 17.0.0.199 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.53.0 - Mediatek)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.71 - Denis Kozlov)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Roxio Creator NXT 2 (HKLM-x32\...\{F6514099-C638-4F5D-878B-E1C68875B0E6}) (Version: 15.0.5.2 - Roxio)
Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Scrapbook Design Studio 2.0 (HKLM-x32\...\Scrapbook Design Studio 2.0_is1) (Version: 2.0.0.0 - Belltech Systems)
Setup (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
Sharpe Investigations - Death on the Seine (HKLM-x32\...\Sharpe Investigations - Death on the Seine) (Version: 1.0.0 - LeeGT-Games)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Shrouded Tales - The Spellbound Land  (HKLM-x32\...\Your Product1.0) (Version: 1.0 - Your Company)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Unchecky v0.3.7 (HKLM-x32\...\Unchecky) (Version: 0.3.7 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wondershare Scrapbook Studio(Build 2.5.0.7) (HKLM-x32\...\Wondershare Scrapbook Studio_is1) (Version: 2.5.0.7 - WonderShare Software Co.,Ltd.)
Xilisoft Audio Converter Pro (HKLM-x32\...\Xilisoft Audio Converter Pro) (Version: 6.5.0.20130130 - Xilisoft)
Xilisoft Blu-ray Creator 2 (HKLM-x32\...\Xilisoft Blu-ray Creator 2) (Version: 2.0.4.0707 - Xilisoft)
Xilisoft Blu-ray Ripper (HKLM-x32\...\Xilisoft Blu-ray Ripper) (Version: 7.1.0.20120409 - Xilisoft)
Xilisoft DVD Copy 2 (HKLM-x32\...\Xilisoft DVD Copy 2) (Version: 2.0.2.20130128 - Xilisoft)
Xilisoft DVD Ripper Ultimate (HKLM-x32\...\Xilisoft DVD Ripper Ultimate) (Version: 7.8.0.20140401 - Xilisoft)
Xilisoft MKV Converter (HKLM-x32\...\Xilisoft MKV Converter) (Version: 7.4.0.20120710 - Xilisoft)
Xilisoft Movie Maker 6 (HKLM-x32\...\Xilisoft Movie Maker 6) (Version: 6.6.0.20120823 - Xilisoft)
Xilisoft Photo DVD Maker (HKLM-x32\...\Xilisoft Photo DVD Maker) (Version: 1.5.1.1124 - Xilisoft)
Xilisoft Photo Slideshow Maker (HKLM-x32\...\Xilisoft Photo Slideshow Maker) (Version: 1.0.2.0214 - Xilisoft)
Xilisoft Video Converter Smart (HKLM-x32\...\Xilisoft Video Converter Smart) (Version: 1.0.0.20140424 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.0.20140401 - Xilisoft)
Xilisoft Video Editor 2 (HKLM-x32\...\Xilisoft Video Editor 2) (Version: 2.2.0.20120901 - Xilisoft)
Xilisoft YouTube Video Converter (HKLM-x32\...\Xilisoft YouTube Video Converter) (Version: 5.6.0.20140331 - Xilisoft)
Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT 2\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

19-03-2015 23:23:36 Installed Java 7 Update 51

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-03-25 08:51 - 00001204 ____A C:\windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02E1A306-80DF-4ED4-A716-F3361B11003F} - System32\Tasks\{454A1F39-8BD3-4108-8500-791666E7F1AF} => pcalua.exe -a "C:\Program Files (x86)\Plus-HD-9.3\Uninstall.exe" -c /fromcontrolpanel=1
Task: {075FA6C8-ED24-466A-9646-F7CA7F76494A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0917B649-698F-46D9-A3CD-0B33E54D79F8} - System32\Tasks\{38FBC635-B187-466F-8535-89E9B2D68493} => pcalua.exe -a "C:\Users\Maria\Downloads\Games\Leegit\Hidden Expedition - Smithsonian Hope Diamond Collector's Edition.exe" -d C:\Users\Maria\Downloads\Games\Leegit
Task: {0A728E6B-A707-4038-AC4E-51237E98776C} - System32\Tasks\{8E001C5E-699F-4705-84E9-3AED489BCF3A} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {10EAA32F-F22D-419E-BBAD-23746F29DD90} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {124785F9-D34F-41BA-B61A-21DA4FAC2D93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {14344BFE-BED1-4519-978D-2E0A2DAE77DE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-22] (Adobe Systems Incorporated)
Task: {21BD934C-AEA5-4BC7-BD5D-F4418CAB9A8D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {27AE0F96-5FCE-486C-99D2-D5768BCCD71A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Maria-HP-Maria Maria-HP => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {3CEB6076-6630-466C-93AF-EA9F52B6E019} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {402787C6-DDEB-4E05-A848-090B4651575A} - System32\Tasks\{BAB78B95-8DF2-4DC2-9CD2-CF37C240405D} => pcalua.exe -a "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X\INS9XMSI.EXE" -d "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X"
Task: {4513C47A-E822-4D9B-AC16-BB8B78365119} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {474D822B-336E-4883-81A8-7A1F38B65510} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {53E9BA54-8876-413A-9D59-001129AF9B5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {5ED38F79-5A25-439B-B75F-15565AB0205C} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {5F194F3B-CCC4-48E4-8821-6BFA188C16A9} - System32\Tasks\{205C3F10-F5F9-45E2-9920-465A7C192C0E} => pcalua.exe -a C:\Users\Maria\Downloads\InstallFashionSolitaire.exe -d C:\Users\Maria\Desktop
Task: {61D57778-AD0D-4901-801C-AE33903EC35F} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-03-19] (CyberLink)
Task: {79700BB1-CC91-4218-825D-C972459911F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7D6189A2-9793-4745-86BF-DFE772E793DB} - System32\Tasks\{C1D1001A-EE21-4D45-8FEB-1E119E60B1BD} => pcalua.exe -a "C:\Users\Maria\Downloads\Xilisoft DVD Creator 7.1.3 build 20130701\Xilisoft DVD Creator 7.1.3 build 20130701.exe" -d "C:\Users\Maria\Downloads\Xilisoft DVD Creator 7.1.3 build 20130701"
Task: {7E469713-05D4-44BA-88CE-245810F440C6} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8230CB4D-4135-4A80-851F-A3ABCB791709} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {85832FB1-EA49-4363-92B8-63F0C8BEDCA3} - System32\Tasks\{A58CFB80-23CC-4FF8-A5EF-42410066BEF0} => pcalua.exe -a C:\Users\Maria\Desktop\JavaSetup8u25.com -d C:\Users\Maria\Desktop
Task: {87BB1811-6E12-425F-B4C8-6C0B8DC3D1D2} - System32\Tasks\AdobeAAMUpdater-1.0-Maria-HP-Maria => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {8C8F57D8-909D-4E98-88D3-254E83442D7A} - System32\Tasks\{703DB18F-3221-46F9-BAB4-F2E7737BB5F4} => pcalua.exe -a C:\Users\Maria\AppData\Local\Temp\{A8238531-2A35-44D7-B73B-6F29B4F566F3}\setup.exe -d C:\Users\Maria\Desktop
Task: {AB9803D4-6C8F-4D17-9CBE-D54A37DC9B39} - System32\Tasks\{72C29983-C726-494C-97A6-BB212BE923AB} => pcalua.exe -a "C:\Users\Maria\Downloads\Games\Hidden Expedition - Smithsonian Hope Diamond Collector's Edition.exe" -d C:\Users\Maria\Downloads\Games
Task: {BAA1E294-8B2F-4811-A26E-CD02EC6D36CA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {BDA503CD-E7D1-4506-926B-315940C01EE2} - System32\Tasks\{FD8AF0F4-64EC-4068-84CB-0858547685F6} => pcalua.exe -a "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X\INSNTMSI.EXE" -d "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X"
Task: {DB0D4767-10AF-4598-9E0F-9CFBC9B5C4FA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {E4D92872-DE4F-4DD7-9E60-37AE522DD0A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {EBE30115-8792-41EE-B352-F58AC39650F0} - System32\Tasks\HPCeeScheduleForMaria => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {FA285B41-A9F5-4E1A-81D1-7BE66370EFA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FB30A81F-8BBE-45C3-8697-5064098EB31B} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForMaria.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-25 12:50 - 2015-01-25 12:50 - 01464320 _____ () c:\windows\system32\a360.dll
2013-05-17 14:14 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-26 15:44 - 2009-11-04 14:18 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2015-03-13 09:28 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-19 01:35 - 2013-08-19 01:35 - 00457960 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2014-11-23 16:40 - 2010-04-01 13:23 - 00765952 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
2014-11-23 16:40 - 2009-06-22 09:08 - 00135168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
2013-08-19 02:04 - 2013-08-19 02:04 - 00022760 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2014-04-03 17:43 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-05-21 23:20 - 2010-05-21 23:20 - 00045224 _____ () C:\windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
2009-12-16 12:42 - 2009-12-16 12:42 - 00205824 _____ () C:\Program Files\Dell\V310-V510 Series\dleamicro.dll
2010-04-01 18:30 - 2010-04-01 18:30 - 01558528 _____ () C:\Program Files\Dell\V310-V510 Series\dleadrs64.dll
2009-11-26 09:54 - 2009-11-26 09:54 - 00075264 _____ () C:\Program Files\Dell\V310-V510 Series\dleacfg64.dll
2009-03-10 06:44 - 2009-03-10 06:44 - 00015360 _____ () C:\Program Files\Dell\V310-V510 Series\dleacaps64.dll
2009-03-05 18:55 - 2009-03-05 18:55 - 00057344 _____ () C:\Program Files\Dell\V310-V510 Series\dleacnv464.dll
2012-09-27 19:23 - 2012-09-27 19:23 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
2014-11-23 16:40 - 2009-11-26 04:49 - 00086180 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacfg.dll
2014-11-23 16:40 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
2014-11-23 16:40 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
2014-11-23 16:40 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaDRS.dll
2014-11-23 16:40 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
2014-11-23 16:40 - 2009-03-05 13:55 - 00059904 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
2013-05-26 15:43 - 2009-02-20 03:50 - 00381440 _____ () C:\windows\system32\dleasm.dll
2013-05-26 15:43 - 2009-02-20 03:50 - 00028672 _____ () C:\windows\system32\dleasmr.dll
2014-11-23 16:40 - 2009-06-22 09:08 - 00708608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epwizard.DLL
2014-11-23 16:40 - 2009-06-22 09:06 - 00159744 _____ () C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
2014-11-23 16:40 - 2009-06-22 09:06 - 00114688 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Eputil.DLL
2014-11-23 16:40 - 2009-06-22 09:05 - 00139264 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Imagutil.DLL
2014-11-23 16:40 - 2009-06-22 09:06 - 00061440 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epfunct.DLL
2014-11-23 16:40 - 2009-06-22 09:08 - 02203648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPWizRes.dll
2014-11-23 16:40 - 2009-06-22 09:08 - 00045056 _____ () C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
2014-11-23 16:40 - 2009-06-22 09:08 - 00196608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPOEMDll.dll
2014-11-23 16:40 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
2014-11-23 16:40 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 03322600 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 00524520 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 00108776 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2012-02-14 19:05 - 2012-02-14 19:37 - 11796096 _____ () C:\Users\Maria\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2014-09-06 13:21 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-06 13:21 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2012-09-27 19:24 - 2012-09-27 19:24 - 00146064 _____ () C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RB_ContextMenu.dll
2015-03-11 14:48 - 2015-03-11 14:48 - 00548152 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:268A5068
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:35A81752
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:C8B8CEBD

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-738952025-4262938640-2191891780-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-738952025-4262938640-2191891780-500 - Administrator - Disabled)
Guest (S-1-5-21-738952025-4262938640-2191891780-501 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-738952025-4262938640-2191891780-1002 - Administrator - Enabled)
Maria (S-1-5-21-738952025-4262938640-2191891780-1000 - Administrator - Enabled) => C:\Users\Maria

==================== Faulty Device Manager Devices =============

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 05:10:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c48

Start Time: 01d066fb2684001f

Termination Time: 7

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (03/25/2015 02:39:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17631, time stamp: 0x54b31a70
Faulting module name: Flash32_17_0_0_134.ocx, version: 17.0.0.134, time stamp: 0x54f647d6
Exception code: 0xc0000005
Fault offset: 0x00665bb0
Faulting process id: 0x1c74
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/25/2015 08:58:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe QT32 Server.exe, version: 6.0.0.0, time stamp: 0x4e6f973d
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x4cf4536a
Exception code: 0xc0000005
Fault offset: 0x55a4bb89
Faulting process id: 0x1cdc
Faulting application start time: 0xAdobe QT32 Server.exe0
Faulting application path: Adobe QT32 Server.exe1
Faulting module path: Adobe QT32 Server.exe2
Report Id: Adobe QT32 Server.exe3

Error: (03/25/2015 08:56:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14a8

Start Time: 01d066fb09dccf60

Termination Time: 2

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id: 554eaf2d-d2ee-11e4-981a-7054d2e40262

Error: (03/25/2015 08:55:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ddc

Start Time: 01d066fa5ac10d5e

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id: 15cd12c1-d2ee-11e4-981a-7054d2e40262

Error: (03/25/2015 08:51:46 AM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (03/25/2015 08:51:46 AM) (Source: IDVault) (EventID: 0) (User: )
Description: Display Flag Error Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error: (03/25/2015 08:51:42 AM) (Source: IDVault) (EventID: 0) (User: )
Description: IsStartupTypeAutomatic failed for W32TimeCall was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error: (03/24/2015 00:54:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {075c8e09-26ad-47a4-a575-6fd07cc464e1}

Error: (03/24/2015 10:36:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18e4

Start Time: 01d0663f5e7798fd

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (03/25/2015 03:25:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (03/25/2015 02:48:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {84F66100-FF7C-4FB4-B0C0-02CD7FB668FE}

Error: (03/25/2015 10:18:00 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (03/25/2015 10:18:00 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (03/25/2015 10:05:29 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (03/25/2015 09:08:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (03/25/2015 09:01:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/25/2015 08:52:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Client Virtualization Handler service failed to start due to the following error:
%%1053

Error: (03/25/2015 08:52:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.

Error: (03/25/2015 08:51:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AFAsdqUV service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (03/25/2015 05:10:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.176311c4801d066fb2684001f7C:\Program Files\Internet Explorer\IEXPLORE.EXE

Error: (03/25/2015 02:39:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1763154b31a70Flash32_17_0_0_134.ocx17.0.0.13454f647d6c000000500665bb01c7401d06729a0a70237C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SysWOW64\Macromed\Flash\Flash32_17_0_0_134.ocx3ffdc7c2-d31e-11e4-981a-7054d2e40262

Error: (03/25/2015 08:58:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Adobe QT32 Server.exe6.0.0.04e6f973dQuickTime.qts_unloaded0.0.0.04cf4536ac000000555a4bb891cdc01d066fb4336dd92c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\32\Adobe QT32 Server.exeQuickTime.qtsb3de5bf6-d2ee-11e4-981a-7054d2e40262

Error: (03/25/2015 08:56:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1763114a801d066fb09dccf602C:\Program Files\Internet Explorer\IEXPLORE.EXE554eaf2d-d2ee-11e4-981a-7054d2e40262

Error: (03/25/2015 08:55:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17631ddc01d066fa5ac10d5e0C:\Program Files\Internet Explorer\IEXPLORE.EXE15cd12c1-d2ee-11e4-981a-7054d2e40262

Error: (03/25/2015 08:51:46 AM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (03/25/2015 08:51:46 AM) (Source: IDVault) (EventID: 0) (User: )
Description: Display Flag Error Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error: (03/25/2015 08:51:42 AM) (Source: IDVault) (EventID: 0) (User: )
Description: IsStartupTypeAutomatic failed for W32TimeCall was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error: (03/24/2015 00:54:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {075c8e09-26ad-47a4-a575-6fd07cc464e1}

Error: (03/24/2015 10:36:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1763118e401d0663f5e7798fd0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

CodeIntegrity Errors:
===================================
  Date: 2014-03-20 20:33:23.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-20 20:32:38.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-20 20:29:48.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-20 20:29:43.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-20 20:29:03.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-20 20:19:56.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-20 20:19:52.185
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-20 20:19:35.503
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-20 19:53:11.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-20 19:52:31.174
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 43%
Total physical RAM: 10197.41 MB
Available physical RAM: 5779.96 MB
Total Pagefile: 20393.01 MB
Available Pagefile: 15970.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:2773.91 GB) (Free:450.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:20.38 GB) (Free:2.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: C9292085)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:03 AM

Posted 26 March 2015 - 12:42 PM

Please without the bold text, it is hard to read.

Cheers

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 26 March 2015 - 04:08 PM

Sorry did not even notice. I hope this is better


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Maria (administrator) on MARIA-HP on 25-03-2015 19:15:41
Running from C:\Users\Maria\Desktop\New folder (2)
Loaded Profiles: Maria (Available profiles: Maria)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Gemalto N.V.) C:\Users\Maria\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe
( ) C:\Windows\System32\dleacoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_134_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [765952 2010-04-01] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe [135168 2009-06-22] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2013-06-23] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatchTray15.exe [294632 2013-08-19] (Corel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-08] (Google Inc.)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Maria\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {165A6CE7-B571-4736-9096-C3B010B98332} URL = http://search.whiteskyservices.com/?wstoken=910E370D-3E1A-4BB2-8C14-8B56A97073C0&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {6A6BFF93-2829-4B7A-A464-E9B7CE750FB7} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150105,20028,0,31,0
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Fast Connect -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.15.311.2\NativeBHO.dll [2015-03-11] (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://clkitchens.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-03-25]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-17]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo.com/?type=888596&fr=yo-yhp-ch
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=888596&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSuggestURL: Default -> http://vinstaller.com/kmsx/ysuggest.html?output=fxjson&amp;command={searchTerms}
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo! Search) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\eefhnbpnnaaokmclnihgajdnlgljajjg [2015-03-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-12-26]
CHR Extension: (Google Wallet) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457960 2013-08-19] ()
R2 a360; C:\windows\System32\a360.dll [1464320 2015-01-25] () [File not signed]
R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22760 2013-08-19] ()
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S2 cartmgr; C:\windows\System32\cartmgr.dll [1464320 2014-09-27] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
R2 dlea_device; C:\windows\system32\dleacoms.exe [1047552 2009-12-09] ( )
R2 dlea_device; C:\windows\SysWOW64\dleacoms.exe [593920 2009-12-09] ( )
S2 dpcEptMapper; C:\windows\System32\dpcEptMapper.dll [1464320 2014-08-01] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S2 hasSstp; C:\windows\System32\hasSstp.dll [1464320 2015-01-05] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 jDVaultSvc; C:\windows\System32\jDVaultSvc.dll [1464320 2015-02-12] () [File not signed]
S2 jlaSvc; C:\windows\System32\jlaSvc.dll [1464320 2014-12-17] () [File not signed]
S2 lPBusEnum; C:\windows\System32\lPBusEnum.dll [1464320 2015-03-11] () [File not signed]
S2 mlaSvc; C:\windows\System32\mlaSvc.dll [1464320 2014-12-04] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
S2 ncpipreg; C:\windows\System32\ncpipreg.dll [1464320 2014-11-29] () [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)
S2 qupdate; C:\windows\System32\qupdate.dll [1464320 2014-10-12] () [File not signed]
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
S2 reLookupSvc; C:\windows\System32\reLookupSvc.dll [1464320 2014-11-15] () [File not signed]
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-09-27] ()
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxMediaDB15.exe [1097448 2013-08-19] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatch15.exe [341736 2013-08-19] (Corel Corporation)
S2 sertPropSvc; C:\windows\System32\sertPropSvc.dll [1464320 2014-10-26] () [File not signed]
S2 sontCache3.0.0.0; C:\windows\System32\sontCache3.0.0.0.dll [1464320 2014-08-13] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-11-27] (Enigma Software Group USA, LLC.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [161744 2015-03-10] (RaMMicHaeL)
S2 vENS; C:\windows\System32\vENS.dll [1464320 2014-10-05] () [File not signed]
S2 vontCache; C:\windows\System32\vontCache.dll [1464320 2014-12-29] () [File not signed]
S2 wetman; C:\windows\System32\wetman.dll [1464320 2015-01-30] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 wolmgrx; C:\windows\System32\wolmgrx.dll [1464320 2014-09-20] () [File not signed]
S2 xbioSrvc; C:\windows\System32\xbioSrvc.dll [1464320 2014-12-11] () [File not signed]
S2 xdfs; C:\windows\System32\xdfs.dll [1464320 2015-02-21] () [File not signed]
S2 xDSVia64; C:\windows\System32\xDSVia64.dll [1464320 2014-10-04] () [File not signed]
S2 yontCache; C:\windows\System32\yontCache.dll [1464320 2015-02-27] () [File not signed]
S2 AFAsdqUV; "C:\ProgramData\pIPlGT\AFAsdqUV.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DbusAudio; C:\Windows\System32\drivers\DbusAudio.sys [34040 2011-09-01] (Windows ® Codename Longhorn DDK provider)
S3 DrmRAudio; C:\Windows\System32\drivers\DrmRAudio.sys [34504 2013-12-16] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-09] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-11-27] (Enigma Software Group USA, LLC.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-04-06] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150323.001\IDSvia64.sys [669400 2015-03-13] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150325.003\ENG64.SYS [129752 2015-02-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150325.003\EX64.SYS [2137304 2015-02-14] (Symantec Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2486416 2014-12-31] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2013-08-19] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2013-08-19] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2013-08-19] (Corel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: jDVaultSvc -> C:\windows\System32\jDVaultSvc.dll ()
NETSVC: jlaSvc -> C:\windows\System32\jlaSvc.dll ()
NETSVC: vontCache -> C:\windows\System32\vontCache.dll ()
NETSVC: wetman -> C:\windows\System32\wetman.dll ()
NETSVC: lPBusEnum -> C:\windows\System32\lPBusEnum.dll ()
NETSVC: xbioSrvc -> C:\windows\System32\xbioSrvc.dll ()
NETSVC: reLookupSvc -> C:\windows\System32\reLookupSvc.dll ()
NETSVC: ncpipreg -> C:\windows\System32\ncpipreg.dll ()
NETSVC: vENS -> C:\windows\System32\vENS.dll ()
NETSVC: yontCache -> C:\windows\System32\yontCache.dll ()
NETSVC: xdfs -> C:\windows\System32\xdfs.dll ()
NETSVC: hasSstp -> C:\windows\System32\hasSstp.dll ()
NETSVC: sertPropSvc -> C:\windows\System32\sertPropSvc.dll ()
NETSVC: dpcEptMapper -> C:\windows\System32\dpcEptMapper.dll ()
NETSVC: wolmgrx -> C:\windows\System32\wolmgrx.dll ()
NETSVC: a360 -> C:\windows\System32\a360.dll ()
NETSVC: mlaSvc -> C:\windows\System32\mlaSvc.dll ()
NETSVC: xDSVia64 -> C:\windows\System32\xDSVia64.dll ()
NETSVC: cartmgr -> C:\windows\System32\cartmgr.dll ()
NETSVC: qupdate -> C:\windows\System32\qupdate.dll ()
NETSVC: sontCache3.0.0.0 -> C:\windows\System32\sontCache3.0.0.0.dll ()

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 19:11 - 2015-03-25 19:15 - 00000000 ____D () C:\FRST
2015-03-22 14:05 - 2015-02-21 02:40 - 00096639 _____ () C:\Users\Maria\Downloads\2014 - The Hunger Games - Mockingjay Part 1.srt
2015-03-22 13:59 - 2013-04-18 18:00 - 313208753 _____ () C:\Users\Maria\Downloads\The Art of Candle Making - 2008.mp4
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Users\Maria\Downloads\Rachel and the Stranger (1948)
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Users\Maria\Downloads\Phantom of Chinatown (1940)
2015-03-22 11:43 - 2015-03-22 11:46 - 00000000 ____D () C:\Users\Maria\Downloads\d.2013.u316520.Rapidmoviez.com
2015-03-22 11:43 - 2015-03-22 11:43 - 00000000 ____D () C:\Users\Maria\Downloads\c.2015.u399303.Rapidmoviez.com
2015-03-20 18:13 - 2015-03-20 18:14 - 00000000 ____D () C:\Users\Maria\Desktop\DKbyML
2015-03-20 18:05 - 2015-03-20 18:05 - 01742928 _____ (BitTorrent Inc.) C:\Users\Maria\Downloads\uTorrent.exe
2015-03-19 23:24 - 2014-12-02 14:13 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-03-19 19:49 - 2015-03-19 19:50 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_2191
2015-03-16 18:32 - 2015-03-25 08:52 - 00000000 ____D () C:\Users\Maria\Desktop\Tug
2015-03-16 17:59 - 2015-03-16 19:30 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_421
2015-03-15 16:59 - 2015-03-15 16:59 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\FarmMystery
2015-03-15 16:54 - 2015-03-15 16:54 - 00003292 _____ () C:\windows\System32\Tasks\{38FBC635-B187-466F-8535-89E9B2D68493}
2015-03-15 12:33 - 2015-03-15 12:33 - 00000000 ____D () C:\Users\Maria\Desktop\KA HB I - 1975.zip
2015-03-15 12:19 - 2015-03-15 12:19 - 00000000 ____D () C:\Users\Maria\Desktop\KA-HBbylon2
2015-03-15 12:18 - 2015-03-15 12:24 - 131072000 _____ () C:\Users\Maria\Desktop\KA HB I - 1975.zip.001
2015-03-15 12:18 - 2015-03-15 12:24 - 117874764 _____ () C:\Users\Maria\Desktop\KA HB I - 1975.zip.002
2015-03-15 10:29 - 2015-03-15 10:30 - 00000000 ____D () C:\Users\Maria\Desktop\TGRI11DA
2015-03-14 21:23 - 2015-03-14 21:23 - 00000000 ____D () C:\Users\Maria\Downloads\YIFY.info_-_Interstellar.2014.DVDScr.XVID.AC3.HQ
2015-03-14 21:21 - 2015-02-21 03:30 - 553103535 _____ () C:\Users\Maria\Downloads\2014 - The Hunger Games - Mockingjay Part 1.mkv
2015-03-13 18:43 - 2015-03-13 18:43 - 00000000 ____D () C:\Users\Maria\Desktop\MyScrapChickBellyBox
2015-03-13 09:39 - 2015-03-13 09:40 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_942
2015-03-11 19:52 - 2015-03-11 19:52 - 01464320 _____ () C:\windows\system32\lPBusEnum.dll
2015-03-11 19:52 - 2015-03-11 19:52 - 00000657 _____ () C:\windows\system32\lPBusEnum.ocx
2015-03-11 17:51 - 2015-03-11 17:51 - 00000000 ____D () C:\Users\Maria\Documents\aap
2015-03-10 22:41 - 2015-03-10 22:41 - 00000000 ____D () C:\Users\Maria\Desktop\TeGer
2015-03-09 22:24 - 2015-03-09 22:24 - 00000823 _____ () C:\Users\Maria\Documents\describe.txt
2015-03-08 17:37 - 2015-03-25 15:40 - 00000000 ____D () C:\Users\Maria\Documents\Jobs Applied
2015-03-08 17:15 - 2015-03-08 17:15 - 04718744 _____ () C:\ProgramData\SPL83A6.tmp
2015-03-08 16:51 - 2015-03-08 16:51 - 00183808 _____ () C:\Users\Maria\Desktop\hr-application.wiz.ux8fzcp.partial
2015-03-08 14:57 - 2015-03-08 14:57 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\SanDisk
2015-03-08 14:57 - 2015-03-08 14:57 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
2015-03-07 13:55 - 2015-03-07 13:57 - 303654387 ____R () C:\Users\Maria\Downloads\India's Daughter Indian rapist BBC documentary Delhi Nirbhaya full HD.webm
2015-03-05 09:43 - 2015-03-25 19:15 - 00000000 ____D () C:\Users\Maria\Desktop\New folder (2)
2015-03-05 09:27 - 2014-05-17 18:54 - 00000000 ____D () C:\Users\Maria\Desktop\Diane Leyne - [Satisfaction, Texas 04] - Playing for Satisfaction [Siren Menage Everlasting] (html)
2015-03-04 19:01 - 2015-03-04 21:49 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_3F52
2015-03-03 23:29 - 2015-03-03 23:29 - 00000000 _____ () C:\windows\SysWOW64\shoCC1E.tmp
2015-03-01 13:41 - 2015-03-16 12:52 - 00000000 ____D () C:\Users\Maria\Desktop\Draft Order Ref N58958001
2015-03-01 13:41 - 2015-03-01 13:41 - 00038119 _____ () C:\Users\Maria\Desktop\Draft Order Ref N58958001.zip
2015-03-01 13:40 - 2015-03-01 13:40 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_21CB
2015-02-28 11:58 - 2015-02-28 11:58 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_CFB
2015-02-27 23:30 - 2015-02-27 23:30 - 00000000 _____ () C:\windows\SysWOW64\sho893.tmp
2015-02-27 23:28 - 2015-02-27 23:28 - 00000076 _____ () C:\Users\Maria\Desktop\cat.txt
2015-02-27 19:17 - 2015-02-27 19:17 - 01464320 _____ () C:\windows\system32\yontCache.dll
2015-02-27 19:17 - 2015-02-27 19:17 - 00000657 _____ () C:\windows\system32\yontCache.ocx
2015-02-24 22:04 - 2015-03-25 19:00 - 00030762 _____ () C:\Users\Maria\Desktop\Book1.xlsx
2015-02-23 13:05 - 2015-02-23 13:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-02-23 12:57 - 2015-01-15 04:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-23 12:57 - 2015-01-15 04:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-23 12:57 - 2015-01-15 04:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-23 12:57 - 2015-01-15 04:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-23 12:57 - 2015-01-15 04:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-23 12:57 - 2015-01-15 04:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-23 12:57 - 2015-01-15 04:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-23 12:57 - 2015-01-15 04:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-23 12:57 - 2015-01-15 04:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-23 12:57 - 2015-01-15 04:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-23 12:57 - 2015-01-15 04:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-23 12:57 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-23 12:57 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-23 12:57 - 2015-01-15 03:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-23 12:57 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-23 12:57 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-23 12:57 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-23 12:57 - 2015-01-15 00:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-23 12:57 - 2015-01-14 01:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-23 12:57 - 2015-01-14 01:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-23 12:57 - 2015-01-12 23:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-23 12:57 - 2015-01-12 22:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-23 12:57 - 2015-01-11 23:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-23 12:57 - 2015-01-11 23:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-23 12:57 - 2015-01-11 23:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-23 12:57 - 2015-01-11 22:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-23 12:57 - 2015-01-11 22:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-23 12:57 - 2015-01-11 22:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-23 12:57 - 2015-01-11 22:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-23 12:57 - 2015-01-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-23 12:57 - 2015-01-11 22:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-23 12:57 - 2015-01-11 22:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-23 12:57 - 2015-01-11 22:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-23 12:57 - 2015-01-11 22:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-23 12:57 - 2015-01-11 22:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-23 12:57 - 2015-01-11 22:33 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-23 12:57 - 2015-01-11 22:32 - 06041088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-23 12:57 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-23 12:57 - 2015-01-11 22:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-23 12:57 - 2015-01-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-23 12:57 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-23 12:57 - 2015-01-11 22:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-23 12:57 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-23 12:57 - 2015-01-11 22:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-23 12:57 - 2015-01-11 22:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-23 12:57 - 2015-01-11 22:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-23 12:57 - 2015-01-11 22:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-23 12:57 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-23 12:57 - 2015-01-11 22:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-23 12:57 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-23 12:57 - 2015-01-11 22:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-23 12:57 - 2015-01-11 21:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-23 12:57 - 2015-01-11 21:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-23 12:57 - 2015-01-11 21:55 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-23 12:57 - 2015-01-11 21:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-23 12:57 - 2015-01-11 21:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-23 12:57 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-23 12:57 - 2015-01-11 21:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-23 12:57 - 2015-01-11 21:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-23 12:57 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-23 12:57 - 2015-01-11 21:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-23 12:57 - 2015-01-11 21:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-23 12:57 - 2015-01-11 21:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-23 12:57 - 2015-01-11 21:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-23 12:57 - 2015-01-11 21:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-23 12:57 - 2015-01-11 21:29 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-23 12:57 - 2015-01-11 21:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-23 12:57 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-23 12:57 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-23 12:57 - 2015-01-11 21:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-23 12:57 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-23 12:57 - 2015-01-11 21:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-23 12:57 - 2015-01-11 21:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-23 12:57 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-23 12:57 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-23 12:57 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-23 12:57 - 2014-12-12 01:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-23 12:57 - 2014-12-12 01:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-23 12:57 - 2014-10-03 22:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-23 12:57 - 2014-10-03 21:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-23 12:57 - 2014-10-03 21:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-23 12:57 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-23 12:57 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-23 12:57 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-23 12:57 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-23 12:56 - 2015-01-14 02:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-23 12:56 - 2015-01-14 02:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-23 12:56 - 2015-01-14 02:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-23 12:56 - 2015-01-14 02:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-23 12:56 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-23 12:56 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-23 12:56 - 2015-01-14 01:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-23 12:56 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-23 12:56 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-23 12:56 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-23 12:56 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-23 12:55 - 2015-02-03 23:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-23 12:55 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-23 12:55 - 2015-01-10 02:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-23 12:54 - 2015-01-08 22:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 19:13 - 2013-07-04 19:06 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 19:13 - 2013-05-25 21:05 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{C71CF554-B784-48C5-B89F-CECCF82CBFB2}
2015-03-25 19:00 - 2014-12-09 21:42 - 00000000 ____D () C:\Users\Maria\Documents\Jobs
2015-03-25 18:45 - 2013-12-08 16:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 14:39 - 2013-05-26 17:21 - 00000000 ____D () C:\Users\Maria\AppData\Local\CrashDumps
2015-03-25 13:56 - 2014-12-18 15:10 - 00004972 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Maria-HP-Maria Maria-HP
2015-03-25 12:13 - 2013-06-02 15:24 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2015-03-25 09:10 - 2013-06-02 15:25 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\ID Vault
2015-03-25 09:10 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 09:10 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 09:09 - 2013-05-25 21:01 - 01595779 _____ () C:\windows\WindowsUpdate.log
2015-03-25 09:05 - 2014-09-01 09:54 - 00000000 ____D () C:\Users\Maria\AppData\Local\Adobe
2015-03-25 08:52 - 2013-05-17 14:34 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-25 08:51 - 2013-05-26 15:43 - 00146064 _____ () C:\ProgramData\dleascan.log
2015-03-25 08:50 - 2013-07-04 19:06 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 08:50 - 2009-07-14 00:51 - 00134540 _____ () C:\windows\setupact.log
2015-03-25 08:49 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-22 20:59 - 2013-12-08 16:25 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-03-22 20:59 - 2013-05-17 14:27 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 20:59 - 2013-05-17 14:27 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 16:54 - 2013-05-26 14:21 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\vlc
2015-03-22 16:18 - 2015-01-04 11:16 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMaria
2015-03-22 16:18 - 2015-01-04 11:16 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForMaria.job
2015-03-22 13:58 - 2014-07-05 17:22 - 00000000 ____D () C:\Users\Maria\Downloads\Tom
2015-03-22 09:38 - 2013-05-26 16:11 - 00000000 ____D () C:\ProgramData\Dl_cats
2015-03-22 09:37 - 2013-05-26 16:22 - 00066600 _____ () C:\ProgramData\dleaJSW.log
2015-03-21 21:22 - 2013-07-12 19:03 - 00000000 ____D () C:\Users\Maria\Downloads\Books
2015-03-21 12:14 - 2014-11-28 17:24 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-21 11:27 - 2010-11-20 23:47 - 02076806 _____ () C:\windows\PFRO.log
2015-03-20 20:36 - 2013-12-21 17:42 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\uTorrent
2015-03-20 18:07 - 2014-12-06 12:10 - 00000000 ____D () C:\ProgramData\Unchecky
2015-03-19 23:24 - 2014-02-09 19:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-19 23:24 - 2014-02-09 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-19 11:06 - 2013-06-02 15:25 - 00000000 ____D () C:\Users\Maria\AppData\Local\ID Vault
2015-03-19 11:00 - 2014-12-05 19:25 - 00002199 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Connect.lnk
2015-03-19 11:00 - 2014-12-05 19:25 - 00002187 _____ () C:\Users\Public\Desktop\Fast Connect.lnk
2015-03-18 20:36 - 2014-08-07 08:36 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 10:43 - 2009-07-14 00:45 - 00573856 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-15 16:57 - 2013-07-14 13:43 - 00000000 ____D () C:\games
2015-03-15 16:54 - 2014-05-28 18:07 - 00002476 _____ () C:\Users\Maria\Desktop\Hidden Expedition - Smithsonian Hope Diamond CE.lnk
2015-03-15 16:54 - 2014-05-28 18:07 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Expedition - Smithsonian Hope Diamond CE
2015-03-15 16:48 - 2013-07-19 10:32 - 00000000 ____D () C:\Users\Maria\Documents\Calibre Library
2015-03-15 10:22 - 2009-07-14 01:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-15 09:28 - 2013-05-28 11:40 - 00167600 _____ () C:\Users\Maria\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-15 09:15 - 2013-05-26 09:12 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-03-15 07:54 - 2013-07-30 19:55 - 00000000 ____D () C:\Users\Maria\Downloads\Games
2015-03-15 07:36 - 2014-12-28 21:07 - 00000000 ____D () C:\Users\Maria\Downloads\Agatha.Raisin.The.Quiche.Of.Death
2015-03-15 07:35 - 2013-08-04 11:02 - 00000000 ____D () C:\Users\Maria\Downloads\Applications
2015-03-14 21:19 - 2013-07-18 19:18 - 00000000 ____D () C:\Users\Maria\Downloads\Movies
2015-03-14 16:13 - 2014-12-02 15:28 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-13 09:30 - 2014-04-03 17:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-12 16:02 - 2013-05-17 14:20 - 00000000 ____D () C:\ProgramData\Temp
2015-03-11 19:51 - 2014-06-29 18:14 - 00002841 _____ () C:\Users\Public\Desktop\Xilisoft DVD Creator.lnk
2015-03-11 19:51 - 2014-06-29 14:01 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Xilisoft
2015-03-08 20:31 - 2015-01-27 01:19 - 00000455 _____ () C:\Users\Maria\Documents\Contacts.txt
2015-03-08 17:17 - 2013-05-25 21:06 - 00000000 ____D () C:\Users\Maria\AppData\Local\VirtualStore
2015-03-04 12:22 - 2013-05-28 14:49 - 00000000 ____D () C:\Users\Maria\AppData\Local\Google
2015-03-02 22:30 - 2013-12-01 14:46 - 01572864 ___SH () C:\Users\Maria\Downloads\Thumbs.db
2015-03-02 20:59 - 2014-02-02 10:34 - 00000000 ____D () C:\Users\Maria\Downloads\Magazines
2015-02-26 15:06 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2015-02-23 18:51 - 2015-01-06 13:20 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-23 18:51 - 2014-04-29 21:30 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-23 15:49 - 2013-07-23 18:33 - 00000000 ____D () C:\Program Files (x86)\LeeGT-Games
2015-02-23 14:57 - 2014-07-16 18:07 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Hidden Objects Romance
2015-02-23 13:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-23 13:05 - 2013-07-13 22:40 - 00000000 ____D () C:\windows\system32\MRT
2015-02-23 12:59 - 2013-06-08 13:28 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-03-20 07:53 - 2014-03-20 07:53 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-06-22 17:24 - 2014-06-26 19:05 - 0099384 _____ () C:\Users\Maria\AppData\Roaming\inst.exe
2014-06-22 17:24 - 2014-06-26 19:05 - 0007859 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.cat
2014-06-22 17:24 - 2014-06-26 19:05 - 0001167 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.inf
2014-06-22 17:24 - 2014-06-26 19:05 - 0000055 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.log
2014-06-22 17:24 - 2014-06-26 19:05 - 0082816 _____ (VSO Software) C:\Users\Maria\AppData\Roaming\pcouffin.sys
2014-02-28 21:25 - 2014-02-28 21:25 - 0000042 _____ () C:\Users\Maria\AppData\Roaming\WB.CFG
2013-06-09 12:02 - 2013-06-16 06:17 - 0000173 _____ () C:\Users\Maria\AppData\Local\msmathematics.qat.Maria
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2013-10-21 12:33 - 2015-02-19 13:30 - 0011108 _____ () C:\ProgramData\dlea.log
2013-09-07 18:30 - 2014-12-28 21:41 - 0000553 _____ () C:\ProgramData\dleaDiagnostics.log
2013-05-26 16:22 - 2015-03-22 09:37 - 0066600 _____ () C:\ProgramData\dleaJSW.log
2013-05-26 15:43 - 2015-03-25 08:51 - 0146064 _____ () C:\ProgramData\dleascan.log
2013-05-27 11:45 - 2014-11-23 16:46 - 0000756 _____ () C:\ProgramData\FastPics.log
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-09-13 06:56 - 2013-09-13 06:56 - 0002456 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag
2014-12-29 15:39 - 2014-12-29 15:39 - 0067681 _____ () C:\ProgramData\SPL258B.tmp
2015-01-19 11:53 - 2015-01-19 11:53 - 0087811 _____ () C:\ProgramData\SPL5456.tmp
2014-11-30 15:56 - 2014-11-30 15:56 - 0099946 _____ () C:\ProgramData\SPL63D3.tmp
2015-01-16 12:13 - 2015-01-16 12:13 - 0724473 _____ () C:\ProgramData\SPL6665.tmp
2014-03-11 11:36 - 2014-03-11 11:36 - 3190040 _____ () C:\ProgramData\SPL68C6.tmp
2014-12-24 16:50 - 2014-12-24 16:50 - 0937733 _____ () C:\ProgramData\SPL778F.tmp
2015-01-19 09:44 - 2015-01-19 09:44 - 1597306 _____ () C:\ProgramData\SPL7BB4.tmp
2015-03-08 17:15 - 2015-03-08 17:15 - 4718744 _____ () C:\ProgramData\SPL83A6.tmp
2015-01-19 12:09 - 2015-01-19 12:09 - 0091859 _____ () C:\ProgramData\SPL859.tmp
2014-12-29 14:06 - 2014-12-29 14:06 - 1253090 _____ () C:\ProgramData\SPL94A2.tmp
2014-11-23 16:12 - 2014-11-23 16:12 - 0368105 _____ () C:\ProgramData\SPLA0E.tmp
2014-02-19 13:06 - 2014-02-19 13:06 - 1915209 _____ () C:\ProgramData\SPLB9F0.tmp
2015-01-16 12:56 - 2015-01-16 12:56 - 0725089 _____ () C:\ProgramData\SPLC226.tmp
2015-02-02 15:07 - 2015-02-02 15:07 - 1278112 _____ () C:\ProgramData\SPLCD40.tmp
2013-07-17 20:15 - 2013-07-17 20:15 - 0147153 _____ () C:\ProgramData\SPLD89F.tmp
2013-07-18 13:47 - 2013-07-18 13:47 - 0147153 _____ () C:\ProgramData\SPLEA.tmp
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some content of TEMP:
====================
C:\Users\Maria\AppData\Local\Temp\Extract.exe
C:\Users\Maria\AppData\Local\Temp\install_flashplayer17x32ax_gtbd_awe_aih.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 15:17

==================== End Of Log ============================

Addition.txt



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Maria at 2015-03-25 19:16:17
Running from C:\Users\Maria\Desktop\New folder (2)
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version: - )
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
4 Great Games GOLD (HKLM-x32\...\4 Great Games GOLD1.0) (Version: 1.0 - Gogii Games)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Around the World in 80 Days (HKLM-x32\...\BFG-Around the World in 80 Days) (Version: - )
Babylonia (HKLM-x32\...\BFG-Babylonia) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Big City Adventure Deluxe Pack (HKLM-x32\...\{A4F17891-1761-46D7-BAD3-9115EB8EABAD}) (Version: 6.6.6 - LeeGT-Games)
Big City Adventure: Rio de Janeiro (HKLM-x32\...\BFG-Big City Adventure - Rio de Janeiro) (Version: - )
Big City Adventure: Tokyo (HKLM-x32\...\BFG-Big City Adventure - Tokyo) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{7BCD1A5E-F903-48C9-9CB2-37E5A6FB2111}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
Bookworm Adventures (HKLM-x32\...\BFG-Bookworm Adventures) (Version: - )
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
calibre 64bit (HKLM\...\{9BC77540-BA1D-44B9-AEA7-600362A08F7C}) (Version: 1.27.0 - Kovid Goyal)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Corel PaintShop Pro X7 (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)
Corel PaintShop Pro X7 (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dazzle Video Capture DVC100 X64 Driver 1.06 (x32 Version: 1.06.0000 - Pinnacle) Hidden
Dell Toolbar (HKLM-x32\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - )
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elementals - The Magic Key (HKLM-x32\...\Elementals - The Magic Key_is1) (Version: - Playrix Entertainment)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden
Esoterica - Hollow Earth (HKLM-x32\...\Esoterica - Hollow EarthFinal) (Version: Final - AllSmartGames)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fashion Solitaire (HKLM-x32\...\Fashion Solitaire) (Version: 32.0.0.0 - Shockwave.com)
Fast Connect (HKLM-x32\...\ID Vault) (Version: 1.15.311.2 - White Sky)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom 3 (HKLM-x32\...\BFG-Fishdom 3) (Version: - )
Glass Eye 2000 (HKLM-x32\...\Glass Eye 2000) (Version: 3.1 - Dragonfly Software)
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haunted Legends 4 - The Curse of Vox Collectors Edition (HKLM-x32\...\Haunted Legends 4 - The Curse of Vox Collectors EditionFinal) (Version: Final - AllSmartGames)
Hauntings Of Mystery Manor (HKLM-x32\...\Hauntings Of Mystery Manor_is1) (Version: - Cindy Pondillo)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Expedition - Smithsonian Hope Diamond CE (HKLM-x32\...\Hidden Expedition - Smithsonian Hope Diamond CEFinal) (Version: Final - AllSmartGames)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 6.0.0.0 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
ICA (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
InstallConverter bundle uninstaller (HKLM-x32\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IPM_PSP_COM (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 17.0.0.199 - Corel Corporation) Hidden
iTunes (HKLM\...\{BCF07271-A853-4D3A-B668-4B752174CAA8}) (Version: 10.3.1.55 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051F0}) (Version: 7.0.510 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jojo's Fashion Show (HKLM-x32\...\BFG-Jojo's Fashion Show) (Version: - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Little Shop - City Lights (HKLM-x32\...\Little Shop - City Lights) (Version: 1.0.0.32 - LeeGT-Games)
LogMeIn (HKLM-x32\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic DVD Ripper V8.1.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version: - Magic DVD Software, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Make The Cut! (HKLM-x32\...\Make The Cut!) (Version: 4.6.1.0 - Make The Cut, LLC.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobi File Reader (HKLM-x32\...\{FFA8548C-9BC2-427F-9F81-E64F620A30CB}_is1) (Version: - mobifilereader.com)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery Case Files &reg;: Dire Grove ™ (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version: - )
Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 2014 (HKLM-x32\...\{B7D4C429-9CAB-4B97-A879-AFD1F922DD27}) (Version: 15.0.06800 - Nero AG)
Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 5.1.0.26 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NTComic CBR Reader (HKLM-x32\...\{205F179A-33F4-4D5E-BB14-B889D3003357}) (Version: 2.1.5 - NTComic)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.95 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Popup Card Studio (HKLM-x32\...\Popup Card Studio) (Version: 1.1.0.0 - Make The Cut, LLC.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PrintFolder 1.3 (HKLM-x32\...\PrintFolder_is1) (Version: - No Nonsense Software)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PSPPContent (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPro64 (Version: 17.0.0.199 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.53.0 - Mediatek)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.71 - Denis Kozlov)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Roxio Creator NXT 2 (HKLM-x32\...\{F6514099-C638-4F5D-878B-E1C68875B0E6}) (Version: 15.0.5.2 - Roxio)
Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Scrapbook Design Studio 2.0 (HKLM-x32\...\Scrapbook Design Studio 2.0_is1) (Version: 2.0.0.0 - Belltech Systems)
Setup (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
Sharpe Investigations - Death on the Seine (HKLM-x32\...\Sharpe Investigations - Death on the Seine) (Version: 1.0.0 - LeeGT-Games)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Shrouded Tales - The Spellbound Land (HKLM-x32\...\Your Product1.0) (Version: 1.0 - Your Company)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Unchecky v0.3.7 (HKLM-x32\...\Unchecky) (Version: 0.3.7 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wondershare Scrapbook Studio(Build 2.5.0.7) (HKLM-x32\...\Wondershare Scrapbook Studio_is1) (Version: 2.5.0.7 - WonderShare Software Co.,Ltd.)
Xilisoft Audio Converter Pro (HKLM-x32\...\Xilisoft Audio Converter Pro) (Version: 6.5.0.20130130 - Xilisoft)
Xilisoft Blu-ray Creator 2 (HKLM-x32\...\Xilisoft Blu-ray Creator 2) (Version: 2.0.4.0707 - Xilisoft)
Xilisoft Blu-ray Ripper (HKLM-x32\...\Xilisoft Blu-ray Ripper) (Version: 7.1.0.20120409 - Xilisoft)
Xilisoft DVD Copy 2 (HKLM-x32\...\Xilisoft DVD Copy 2) (Version: 2.0.2.20130128 - Xilisoft)
Xilisoft DVD Ripper Ultimate (HKLM-x32\...\Xilisoft DVD Ripper Ultimate) (Version: 7.8.0.20140401 - Xilisoft)
Xilisoft MKV Converter (HKLM-x32\...\Xilisoft MKV Converter) (Version: 7.4.0.20120710 - Xilisoft)
Xilisoft Movie Maker 6 (HKLM-x32\...\Xilisoft Movie Maker 6) (Version: 6.6.0.20120823 - Xilisoft)
Xilisoft Photo DVD Maker (HKLM-x32\...\Xilisoft Photo DVD Maker) (Version: 1.5.1.1124 - Xilisoft)
Xilisoft Photo Slideshow Maker (HKLM-x32\...\Xilisoft Photo Slideshow Maker) (Version: 1.0.2.0214 - Xilisoft)
Xilisoft Video Converter Smart (HKLM-x32\...\Xilisoft Video Converter Smart) (Version: 1.0.0.20140424 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.0.20140401 - Xilisoft)
Xilisoft Video Editor 2 (HKLM-x32\...\Xilisoft Video Editor 2) (Version: 2.2.0.20120901 - Xilisoft)
Xilisoft YouTube Video Converter (HKLM-x32\...\Xilisoft YouTube Video Converter) (Version: 5.6.0.20140331 - Xilisoft)
Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT 2\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

19-03-2015 23:23:36 Installed Java 7 Update 51

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-03-25 08:51 - 00001204 ____A C:\windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02E1A306-80DF-4ED4-A716-F3361B11003F} - System32\Tasks\{454A1F39-8BD3-4108-8500-791666E7F1AF} => pcalua.exe -a "C:\Program Files (x86)\Plus-HD-9.3\Uninstall.exe" -c /fromcontrolpanel=1
Task: {075FA6C8-ED24-466A-9646-F7CA7F76494A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0917B649-698F-46D9-A3CD-0B33E54D79F8} - System32\Tasks\{38FBC635-B187-466F-8535-89E9B2D68493} => pcalua.exe -a "C:\Users\Maria\Downloads\Games\Leegit\Hidden Expedition - Smithsonian Hope Diamond Collector's Edition.exe" -d C:\Users\Maria\Downloads\Games\Leegit
Task: {0A728E6B-A707-4038-AC4E-51237E98776C} - System32\Tasks\{8E001C5E-699F-4705-84E9-3AED489BCF3A} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {10EAA32F-F22D-419E-BBAD-23746F29DD90} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {124785F9-D34F-41BA-B61A-21DA4FAC2D93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {14344BFE-BED1-4519-978D-2E0A2DAE77DE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-22] (Adobe Systems Incorporated)
Task: {21BD934C-AEA5-4BC7-BD5D-F4418CAB9A8D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {27AE0F96-5FCE-486C-99D2-D5768BCCD71A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Maria-HP-Maria Maria-HP => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {3CEB6076-6630-466C-93AF-EA9F52B6E019} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {402787C6-DDEB-4E05-A848-090B4651575A} - System32\Tasks\{BAB78B95-8DF2-4DC2-9CD2-CF37C240405D} => pcalua.exe -a "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X\INS9XMSI.EXE" -d "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X"
Task: {4513C47A-E822-4D9B-AC16-BB8B78365119} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {474D822B-336E-4883-81A8-7A1F38B65510} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {53E9BA54-8876-413A-9D59-001129AF9B5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {5ED38F79-5A25-439B-B75F-15565AB0205C} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {5F194F3B-CCC4-48E4-8821-6BFA188C16A9} - System32\Tasks\{205C3F10-F5F9-45E2-9920-465A7C192C0E} => pcalua.exe -a C:\Users\Maria\Downloads\InstallFashionSolitaire.exe -d C:\Users\Maria\Desktop
Task: {61D57778-AD0D-4901-801C-AE33903EC35F} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-03-19] (CyberLink)
Task: {79700BB1-CC91-4218-825D-C972459911F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7D6189A2-9793-4745-86BF-DFE772E793DB} - System32\Tasks\{C1D1001A-EE21-4D45-8FEB-1E119E60B1BD} => pcalua.exe -a "C:\Users\Maria\Downloads\Xilisoft DVD Creator 7.1.3 build 20130701\Xilisoft DVD Creator 7.1.3 build 20130701.exe" -d "C:\Users\Maria\Downloads\Xilisoft DVD Creator 7.1.3 build 20130701"
Task: {7E469713-05D4-44BA-88CE-245810F440C6} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8230CB4D-4135-4A80-851F-A3ABCB791709} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {85832FB1-EA49-4363-92B8-63F0C8BEDCA3} - System32\Tasks\{A58CFB80-23CC-4FF8-A5EF-42410066BEF0} => pcalua.exe -a C:\Users\Maria\Desktop\JavaSetup8u25.com -d C:\Users\Maria\Desktop
Task: {87BB1811-6E12-425F-B4C8-6C0B8DC3D1D2} - System32\Tasks\AdobeAAMUpdater-1.0-Maria-HP-Maria => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {8C8F57D8-909D-4E98-88D3-254E83442D7A} - System32\Tasks\{703DB18F-3221-46F9-BAB4-F2E7737BB5F4} => pcalua.exe -a C:\Users\Maria\AppData\Local\Temp\{A8238531-2A35-44D7-B73B-6F29B4F566F3}\setup.exe -d C:\Users\Maria\Desktop
Task: {AB9803D4-6C8F-4D17-9CBE-D54A37DC9B39} - System32\Tasks\{72C29983-C726-494C-97A6-BB212BE923AB} => pcalua.exe -a "C:\Users\Maria\Downloads\Games\Hidden Expedition - Smithsonian Hope Diamond Collector's Edition.exe" -d C:\Users\Maria\Downloads\Games
Task: {BAA1E294-8B2F-4811-A26E-CD02EC6D36CA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {BDA503CD-E7D1-4506-926B-315940C01EE2} - System32\Tasks\{FD8AF0F4-64EC-4068-84CB-0858547685F6} => pcalua.exe -a "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X\INSNTMSI.EXE" -d "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X"
Task: {DB0D4767-10AF-4598-9E0F-9CFBC9B5C4FA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {E4D92872-DE4F-4DD7-9E60-37AE522DD0A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {EBE30115-8792-41EE-B352-F58AC39650F0} - System32\Tasks\HPCeeScheduleForMaria => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {FA285B41-A9F5-4E1A-81D1-7BE66370EFA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FB30A81F-8BBE-45C3-8697-5064098EB31B} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForMaria.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-25 12:50 - 2015-01-25 12:50 - 01464320 _____ () c:\windows\system32\a360.dll
2013-05-17 14:14 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-26 15:44 - 2009-11-04 14:18 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2015-03-13 09:28 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-19 01:35 - 2013-08-19 01:35 - 00457960 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2014-11-23 16:40 - 2010-04-01 13:23 - 00765952 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
2014-11-23 16:40 - 2009-06-22 09:08 - 00135168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
2013-08-19 02:04 - 2013-08-19 02:04 - 00022760 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2014-04-03 17:43 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-05-21 23:20 - 2010-05-21 23:20 - 00045224 _____ () C:\windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
2009-12-16 12:42 - 2009-12-16 12:42 - 00205824 _____ () C:\Program Files\Dell\V310-V510 Series\dleamicro.dll
2010-04-01 18:30 - 2010-04-01 18:30 - 01558528 _____ () C:\Program Files\Dell\V310-V510 Series\dleadrs64.dll
2009-11-26 09:54 - 2009-11-26 09:54 - 00075264 _____ () C:\Program Files\Dell\V310-V510 Series\dleacfg64.dll
2009-03-10 06:44 - 2009-03-10 06:44 - 00015360 _____ () C:\Program Files\Dell\V310-V510 Series\dleacaps64.dll
2009-03-05 18:55 - 2009-03-05 18:55 - 00057344 _____ () C:\Program Files\Dell\V310-V510 Series\dleacnv464.dll
2012-09-27 19:23 - 2012-09-27 19:23 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
2014-11-23 16:40 - 2009-11-26 04:49 - 00086180 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacfg.dll
2014-11-23 16:40 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
2014-11-23 16:40 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
2014-11-23 16:40 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaDRS.dll
2014-11-23 16:40 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
2014-11-23 16:40 - 2009-03-05 13:55 - 00059904 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
2013-05-26 15:43 - 2009-02-20 03:50 - 00381440 _____ () C:\windows\system32\dleasm.dll
2013-05-26 15:43 - 2009-02-20 03:50 - 00028672 _____ () C:\windows\system32\dleasmr.dll
2014-11-23 16:40 - 2009-06-22 09:08 - 00708608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epwizard.DLL
2014-11-23 16:40 - 2009-06-22 09:06 - 00159744 _____ () C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
2014-11-23 16:40 - 2009-06-22 09:06 - 00114688 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Eputil.DLL
2014-11-23 16:40 - 2009-06-22 09:05 - 00139264 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Imagutil.DLL
2014-11-23 16:40 - 2009-06-22 09:06 - 00061440 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epfunct.DLL
2014-11-23 16:40 - 2009-06-22 09:08 - 02203648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPWizRes.dll
2014-11-23 16:40 - 2009-06-22 09:08 - 00045056 _____ () C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
2014-11-23 16:40 - 2009-06-22 09:08 - 00196608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPOEMDll.dll
2014-11-23 16:40 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
2014-11-23 16:40 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 03322600 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 00524520 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 00108776 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2012-02-14 19:05 - 2012-02-14 19:37 - 11796096 _____ () C:\Users\Maria\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2014-09-06 13:21 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-06 13:21 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2012-09-27 19:24 - 2012-09-27 19:24 - 00146064 _____ () C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RB_ContextMenu.dll
2015-03-11 14:48 - 2015-03-11 14:48 - 00548152 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:268A5068
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:35A81752
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:C8B8CEBD

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-738952025-4262938640-2191891780-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-738952025-4262938640-2191891780-500 - Administrator - Disabled)
Guest (S-1-5-21-738952025-4262938640-2191891780-501 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-738952025-4262938640-2191891780-1002 - Administrator - Enabled)
Maria (S-1-5-21-738952025-4262938640-2191891780-1000 - Administrator - Enabled) => C:\Users\Maria

==================== Faulty Device Manager Devices =============

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 05:10:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c48

Start Time: 01d066fb2684001f

Termination Time: 7

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (03/25/2015 02:39:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17631, time stamp: 0x54b31a70
Faulting module name: Flash32_17_0_0_134.ocx, version: 17.0.0.134, time stamp: 0x54f647d6
Exception code: 0xc0000005
Fault offset: 0x00665bb0
Faulting process id: 0x1c74
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/25/2015 08:58:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe QT32 Server.exe, version: 6.0.0.0, time stamp: 0x4e6f973d
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x4cf4536a
Exception code: 0xc0000005
Fault offset: 0x55a4bb89
Faulting process id: 0x1cdc
Faulting application start time: 0xAdobe QT32 Server.exe0
Faulting application path: Adobe QT32 Server.exe1
Faulting module path: Adobe QT32 Server.exe2
Report Id: Adobe QT32 Server.exe3

Error: (03/25/2015 08:56:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14a8

Start Time: 01d066fb09dccf60

Termination Time: 2

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id: 554eaf2d-d2ee-11e4-981a-7054d2e40262

Error: (03/25/2015 08:55:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ddc

Start Time: 01d066fa5ac10d5e

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id: 15cd12c1-d2ee-11e4-981a-7054d2e40262

Error: (03/25/2015 08:51:46 AM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (03/25/2015 08:51:46 AM) (Source: IDVault) (EventID: 0) (User: )
Description: Display Flag Error Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error: (03/25/2015 08:51:42 AM) (Source: IDVault) (EventID: 0) (User: )
Description: IsStartupTypeAutomatic failed for W32TimeCall was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error: (03/24/2015 00:54:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {075c8e09-26ad-47a4-a575-6fd07cc464e1}

Error: (03/24/2015 10:36:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18e4

Start Time: 01d0663f5e7798fd

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (03/25/2015 03:25:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (03/25/2015 02:48:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {84F66100-FF7C-4FB4-B0C0-02CD7FB668FE}

Error: (03/25/2015 10:18:00 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (03/25/2015 10:18:00 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (03/25/2015 10:05:29 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (03/25/2015 09:08:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (03/25/2015 09:01:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/25/2015 08:52:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Client Virtualization Handler service failed to start due to the following error:
%%1053

Error: (03/25/2015 08:52:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.

Error: (03/25/2015 08:51:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AFAsdqUV service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (03/25/2015 05:10:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.176311c4801d066fb2684001f7C:\Program Files\Internet Explorer\IEXPLORE.EXE

Error: (03/25/2015 02:39:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1763154b31a70Flash32_17_0_0_134.ocx17.0.0.13454f647d6c000000500665bb01c7401d06729a0a70237C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SysWOW64\Macromed\Flash\Flash32_17_0_0_134.ocx3ffdc7c2-d31e-11e4-981a-7054d2e40262

Error: (03/25/2015 08:58:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Adobe QT32 Server.exe6.0.0.04e6f973dQuickTime.qts_unloaded0.0.0.04cf4536ac000000555a4bb891cdc01d066fb4336dd92c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\32\Adobe QT32 Server.exeQuickTime.qtsb3de5bf6-d2ee-11e4-981a-7054d2e40262

Error: (03/25/2015 08:56:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1763114a801d066fb09dccf602C:\Program Files\Internet Explorer\IEXPLORE.EXE554eaf2d-d2ee-11e4-981a-7054d2e40262

Error: (03/25/2015 08:55:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17631ddc01d066fa5ac10d5e0C:\Program Files\Internet Explorer\IEXPLORE.EXE15cd12c1-d2ee-11e4-981a-7054d2e40262

Error: (03/25/2015 08:51:46 AM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (03/25/2015 08:51:46 AM) (Source: IDVault) (EventID: 0) (User: )
Description: Display Flag Error Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error: (03/25/2015 08:51:42 AM) (Source: IDVault) (EventID: 0) (User: )
Description: IsStartupTypeAutomatic failed for W32TimeCall was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

Error: (03/24/2015 00:54:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {075c8e09-26ad-47a4-a575-6fd07cc464e1}

Error: (03/24/2015 10:36:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1763118e401d0663f5e7798fd0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

CodeIntegrity Errors:
===================================
Date: 2014-03-20 20:33:23.627
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:32:38.349
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:29:48.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:29:43.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:29:03.311
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:19:56.676
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:19:52.185
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 20:19:35.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 19:53:11.828
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-03-20 19:52:31.174
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 43%
Total physical RAM: 10197.41 MB
Available physical RAM: 5779.96 MB
Total Pagefile: 20393.01 MB
Available Pagefile: 15970.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:2773.91 GB) (Free:450.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:20.38 GB) (Free:2.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: C9292085)

Partition: GPT Partition Type.

==================== End Of Log ============================

#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:03 AM

Posted 26 March 2015 - 04:10 PM

Hey,
well done. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

    Step 2: Malwarebytes

    Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • At the end, be sure a check-mark is placed next to the following:
      • Enable free trial of Malwarebytes Anti-Malware Premium
      • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    The log is available throughout History ->Application logs. Please post it contents in your next reply.
    Step 3: Junkware Removal Tool

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 4: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 27 March 2015 - 06:11 PM

Okay - a lot of logs in order listed in your message.

 

Adware 

# AdwCleaner v4.113 - Logfile created 26/03/2015 at 23:01:59
# Updated 22/03/2015 by Xplode
# Database : 2015-03-26.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Maria - MARIA-HP
# Running from : C:\Users\Maria\Desktop\New folder (2)\adwcleaner[1].exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Winferno
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
Folder Deleted : C:\Users\Maria\AppData\Local\Rainmaker_Software_Group_
Folder Deleted : C:\Users\Maria\AppData\Roaming\Rainmaker Software Group LLC.?
Folder Deleted : C:\Users\Maria\Documents\ProPCCleaner
Folder Deleted : C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\eefhnbpnnaaokmclnihgajdnlgljajjg
Folder Deleted : C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

***** [ Scheduled tasks ] *****

Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eefhnbpnnaaokmclnihgajdnlgljajjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3FD7986C-6BB2-4FA2-B625-9F81F809DDF5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43961815-C068-4AE8-8EE2-57A48838CBCB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4765F299-E703-4F85-8687-6AE6FEF88752}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BD4C52-A661-4CF7-A0EA-667D66892650}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EF7F2EF-EBB9-4135-AC8E-6314F1D489ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61D3238E-E8D6-43FB-B9A1-62F93755EAE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BAFC2E0-626A-402C-AED8-80AC3B681725}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AADC40B7-03C3-4BEF-BA32-D42836BECC86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6C2D020-BD01-4667-B83F-B6FADC36A940}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFA39D83-8D44-476E-84E4-FDC1EA8B75F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC3BAFA9-428F-4A74-8E32-BBE54702C420}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\Fighters
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKCU\Software\Winferno
Key Deleted : HKLM\SOFTWARE\Fighters
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adbabylon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdn.adbabylon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.nl
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\kbank.delta.nl
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\petango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopsweetlulu.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweetlyscrappedart.blogspot.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweettmakesthree.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweettreatsmore.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweetwater.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tailoryoursweets.blogspot.in
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.petango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.sweettmakesthree.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.sweetwater.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.yourtango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yourtango.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Mozilla Firefox v

-\\ Google Chrome v41.0.2272.101

[C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [7307 bytes] - [26/03/2015 22:59:29]
AdwCleaner[S0].txt - [7162 bytes] - [26/03/2015 23:01:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7221  bytes] ##########

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/27/2015
Scan Time: 5:23:59 PM
Logfile: Malware scan.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.27.10
Rootkit Database: v2015.03.26.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Maria

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 419286
Time Elapsed: 12 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Users\Maria\AppData\Local\Temp\uttA118.tmp, Quarantined, [305689c1becc1d19fc8acc53a85e25db],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Home Premium x64
Ran by Maria on Fri 03/27/2015 at 18:37:14.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\isuspm

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARMANAGER_BA9226F4-E3ED928D.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\Maria\AppData\Roaming\flexnet"
Successfully deleted: [Empty Folder] C:\Users\Maria\appdata\local\{D1E7CD41-22BF-4894-A7D8-AC40EB376DCE}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/27/2015 at 18:41:34.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Maria (administrator) on MARIA-HP on 27-03-2015 18:55:46
Running from C:\Users\Maria\Desktop\New folder (2)
Loaded Profiles: Maria (Available profiles: Maria)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Gemalto N.V.) C:\Users\Maria\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe
( ) C:\Windows\System32\dleacoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [765952 2010-04-01] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe [135168 2009-06-22] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2013-06-23] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatchTray15.exe [294632 2013-08-19] (Corel Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-03-17] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-08] (Google Inc.)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Maria\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {165A6CE7-B571-4736-9096-C3B010B98332} URL = http://search.whiteskyservices.com/?wstoken=910E370D-3E1A-4BB2-8C14-8B56A97073C0&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {6A6BFF93-2829-4B7A-A464-E9B7CE750FB7} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150105,20028,0,31,0
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Fast Connect -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.15.311.2\NativeBHO.dll [2015-03-11] (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://clkitchens.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-03-27]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-17]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo.com/?type=888596&fr=yo-yhp-ch
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=888596&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSuggestURL: Default -> http://vinstaller.com/kmsx/ysuggest.html?output=fxjson&amp;command={searchTerms}
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Identity Safe) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457960 2013-08-19] ()
R2 a360; C:\windows\System32\a360.dll [1464320 2015-01-25] () [File not signed]
R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
S2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22760 2013-08-19] ()
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S2 cartmgr; C:\windows\System32\cartmgr.dll [1464320 2014-09-27] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
R2 dlea_device; C:\windows\system32\dleacoms.exe [1047552 2009-12-09] ( )
R2 dlea_device; C:\windows\SysWOW64\dleacoms.exe [593920 2009-12-09] ( )
S2 dpcEptMapper; C:\windows\System32\dpcEptMapper.dll [1464320 2014-08-01] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S2 hasSstp; C:\windows\System32\hasSstp.dll [1464320 2015-01-05] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 jDVaultSvc; C:\windows\System32\jDVaultSvc.dll [1464320 2015-02-12] () [File not signed]
S2 jlaSvc; C:\windows\System32\jlaSvc.dll [1464320 2014-12-17] () [File not signed]
S2 lPBusEnum; C:\windows\System32\lPBusEnum.dll [1464320 2015-03-11] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 mlaSvc; C:\windows\System32\mlaSvc.dll [1464320 2014-12-04] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
S2 ncpipreg; C:\windows\System32\ncpipreg.dll [1464320 2014-11-29] () [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)
S2 qupdate; C:\windows\System32\qupdate.dll [1464320 2014-10-12] () [File not signed]
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
S2 reLookupSvc; C:\windows\System32\reLookupSvc.dll [1464320 2014-11-15] () [File not signed]
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-09-27] ()
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxMediaDB15.exe [1097448 2013-08-19] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatch15.exe [341736 2013-08-19] (Corel Corporation)
S2 sertPropSvc; C:\windows\System32\sertPropSvc.dll [1464320 2014-10-26] () [File not signed]
S2 sontCache3.0.0.0; C:\windows\System32\sontCache3.0.0.0.dll [1464320 2014-08-13] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-11-27] (Enigma Software Group USA, LLC.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [161744 2015-03-10] (RaMMicHaeL)
S2 vENS; C:\windows\System32\vENS.dll [1464320 2014-10-05] () [File not signed]
S2 vontCache; C:\windows\System32\vontCache.dll [1464320 2014-12-29] () [File not signed]
S2 wetman; C:\windows\System32\wetman.dll [1464320 2015-01-30] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 wolmgrx; C:\windows\System32\wolmgrx.dll [1464320 2014-09-20] () [File not signed]
S2 xbioSrvc; C:\windows\System32\xbioSrvc.dll [1464320 2014-12-11] () [File not signed]
S2 xdfs; C:\windows\System32\xdfs.dll [1464320 2015-02-21] () [File not signed]
S2 xDSVia64; C:\windows\System32\xDSVia64.dll [1464320 2014-10-04] () [File not signed]
S2 yontCache; C:\windows\System32\yontCache.dll [1464320 2015-02-27] () [File not signed]
S2 AFAsdqUV; "C:\ProgramData\pIPlGT\AFAsdqUV.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DbusAudio; C:\Windows\System32\drivers\DbusAudio.sys [34040 2011-09-01] (Windows ® Codename Longhorn DDK provider)
S3 DrmRAudio; C:\Windows\System32\drivers\DrmRAudio.sys [34504 2013-12-16] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-09] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-11-27] (Enigma Software Group USA, LLC.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-04-06] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150324.005\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
U0 ijyf; C:\Windows\System32\drivers\xyniaf.sys [79064 2015-03-27] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150326.032\ENG64.SYS [129752 2015-02-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150326.032\EX64.SYS [2137304 2015-02-14] (Symantec Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2486416 2014-12-31] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2013-08-19] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2013-08-19] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2013-08-19] (Corel Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys 99EE5EB9FCBAD85F1992C47C5BB68649
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys E45CDE1C8340DFEDF1D6724263F39E5B
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\DbusAudio.sys 4A4D12F0C7FD2DE35EA9E8838FF0909C
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\DrmRAudio.sys A59661BAF656A17C673B96687DFA704B
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 47A68B3DBBB34D4FE61DE221A8536627
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys B9773081AAF65E6D553496BA0CADCBB3
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 7AEC5E76816178BF6C543A155D8208B6
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\windows\system32\drivers\hitmanpro37.sys FCE2251FE4464DCAA2F4684F19A8EE9B
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys C224331A54571C8C9162F7714400BBBD
C:\Windows\System32\DRIVERS\iaStorA.sys 0A34D806EF2767E62CAFEA1A150A8830
C:\Windows\System32\DRIVERS\iaStorF.sys 6EE3E8FB6C5B1DCC42464BF95F32AC7A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150324.005\IDSvia64.sys 4A2CAA578E0A829A15CD76CEC66A1E41
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\xyniaf.sys 60F5579B6B33F509C52200207F79B795
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\drivers\iusb3hcs.sys C8A3C909F0EFF13CAE0C17503B1F5DB2
C:\Windows\System32\DRIVERS\iusb3hub.sys BB47E889BA2ADB7D1A438F9824F5899B
C:\Windows\System32\DRIVERS\iusb3xhc.sys 7971B368F36042A0EC31FEA15945187B
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys C60C6B9A2E50B0404F6789C62B428C03
C:\Windows\System32\Drivers\ksecpkg.sys 78D152A9FD5747FF6AA89C79F0346F62
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 320F16CA30BC0B8FF59F6C9E1ACD8516
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\windows\system32\drivers\mbam.sys CF12E148C6FC151335B7D7FE03F1C7A2
C:\windows\system32\drivers\MBAMSwissArmy.sys E9CD058C79EA15B4AA93E259FA713B07
C:\windows\system32\drivers\mwac.sys 0CE2F3E26C770CBAEB50787A2C1FD09E
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150326.032\ENG64.SYS 54F4B358F41C664CBDE4507D67EED1CD
C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150326.032\EX64.SYS A74D67EEEB3938FD2FA3B65B24C32C44
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys F017F8BAC7BFE686932A214764F5ABB1
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 7E4355930B28C2798D9F09AB9F81151F
C:\Windows\System32\DRIVERS\nvlddmkm.sys 3B99271224C43ADAB5A7F8D4B574AE3F
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys D92F4ED189C8207D0274B8B6BB494892
C:\Windows\System32\drivers\nvvad64v.sys DBFE7B2DF103F74AE51840B3C5F25FE9
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 07D57B890DD5693A6AB660CBAE8F91B4
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Sahdad64.sys CC8BE8C0D2B549193E1B0E430F4C1717
C:\Windows\System32\Drivers\Saibad64.sys 8DF9EE8B6DEE33A77CCF03047B1B002C
C:\Windows\System32\Drivers\SaibVdAd64.sys E193BA11DF7D9383A1B2848088DDEE35
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS E163E10191958FF6A2B0B48353F9E9FD
C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS 68E7B6708B9EEE021301C483825D05EA
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys 5709F6AEECC9C43AD9D550FB1D882209
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C
C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS 9F31630D7FC2DD9D5DA1CE359AAD1F46
C:\windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539
C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS 2C95265BE19F338E1C1090E4E91055BB
C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS 5570A74FF9B1EFBC5154DD1E2F05C517
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: jDVaultSvc -> C:\windows\System32\jDVaultSvc.dll ()
NETSVC: jlaSvc -> C:\windows\System32\jlaSvc.dll ()
NETSVC: vontCache -> C:\windows\System32\vontCache.dll ()
NETSVC: wetman -> C:\windows\System32\wetman.dll ()
NETSVC: lPBusEnum -> C:\windows\System32\lPBusEnum.dll ()
NETSVC: xbioSrvc -> C:\windows\System32\xbioSrvc.dll ()
NETSVC: reLookupSvc -> C:\windows\System32\reLookupSvc.dll ()
NETSVC: ncpipreg -> C:\windows\System32\ncpipreg.dll ()
NETSVC: vENS -> C:\windows\System32\vENS.dll ()
NETSVC: yontCache -> C:\windows\System32\yontCache.dll ()
NETSVC: xdfs -> C:\windows\System32\xdfs.dll ()
NETSVC: hasSstp -> C:\windows\System32\hasSstp.dll ()
NETSVC: sertPropSvc -> C:\windows\System32\sertPropSvc.dll ()
NETSVC: dpcEptMapper -> C:\windows\System32\dpcEptMapper.dll ()
NETSVC: wolmgrx -> C:\windows\System32\wolmgrx.dll ()
NETSVC: a360 -> C:\windows\System32\a360.dll ()
NETSVC: mlaSvc -> C:\windows\System32\mlaSvc.dll ()
NETSVC: xDSVia64 -> C:\windows\System32\xDSVia64.dll ()
NETSVC: cartmgr -> C:\windows\System32\cartmgr.dll ()
NETSVC: qupdate -> C:\windows\System32\qupdate.dll ()
NETSVC: sontCache3.0.0.0 -> C:\windows\System32\sontCache3.0.0.0.dll ()

==================== Three Months Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-27 18:41 - 2015-03-27 18:41 - 00001255 _____ () C:\Users\Maria\Desktop\JRT.txt
2015-03-27 17:38 - 2015-03-27 17:38 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\xyniaf.sys
2015-03-27 17:21 - 2015-03-27 17:21 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Maria\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-27 10:20 - 2015-03-27 10:20 - 00000165 ____H () C:\Users\Maria\Desktop\~$Book1.xlsx
2015-03-26 23:07 - 2015-03-26 23:07 - 00000017 _____ () C:\windows\SysWOW64\shortcut_ex.dat
2015-03-26 22:59 - 2015-03-26 23:02 - 00000000 ____D () C:\AdwCleaner
2015-03-26 20:27 - 2015-03-26 22:52 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_3128
2015-03-26 20:27 - 2015-03-26 20:28 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_3949
2015-03-25 19:11 - 2015-03-27 18:55 - 00000000 ____D () C:\FRST
2015-03-22 14:05 - 2015-02-21 02:40 - 00096639 _____ () C:\Users\Maria\Downloads\2014 - The Hunger Games - Mockingjay Part 1.srt
2015-03-22 13:59 - 2013-04-18 18:00 - 313208753 _____ () C:\Users\Maria\Downloads\The Art of Candle Making - 2008.mp4
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Users\Maria\Downloads\Rachel and the Stranger (1948)
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Users\Maria\Downloads\Phantom of Chinatown (1940)
2015-03-22 11:43 - 2015-03-22 11:46 - 00000000 ____D () C:\Users\Maria\Downloads\d.2013.u316520.Rapidmoviez.com
2015-03-22 11:43 - 2015-03-22 11:43 - 00000000 ____D () C:\Users\Maria\Downloads\c.2015.u399303.Rapidmoviez.com
2015-03-20 18:13 - 2015-03-20 18:14 - 00000000 ____D () C:\Users\Maria\Desktop\DKbyML
2015-03-20 18:05 - 2015-03-20 18:05 - 01742928 _____ (BitTorrent Inc.) C:\Users\Maria\Downloads\uTorrent.exe
2015-03-19 23:24 - 2014-12-02 14:13 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-03-19 19:49 - 2015-03-19 19:50 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_2191
2015-03-16 18:32 - 2015-03-25 08:52 - 00000000 ____D () C:\Users\Maria\Desktop\Tug
2015-03-16 17:59 - 2015-03-16 19:30 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_421
2015-03-15 16:59 - 2015-03-15 16:59 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\FarmMystery
2015-03-15 16:54 - 2015-03-15 16:54 - 00003292 _____ () C:\windows\System32\Tasks\{38FBC635-B187-466F-8535-89E9B2D68493}
2015-03-15 12:33 - 2015-03-15 12:33 - 00000000 ____D () C:\Users\Maria\Desktop\KA HB I - 1975.zip
2015-03-15 12:19 - 2015-03-15 12:19 - 00000000 ____D () C:\Users\Maria\Desktop\KA-HBbylon2
2015-03-15 12:18 - 2015-03-15 12:24 - 131072000 _____ () C:\Users\Maria\Desktop\KA HB I - 1975.zip.001
2015-03-15 12:18 - 2015-03-15 12:24 - 117874764 _____ () C:\Users\Maria\Desktop\KA HB I - 1975.zip.002
2015-03-15 10:29 - 2015-03-15 10:30 - 00000000 ____D () C:\Users\Maria\Desktop\TGRI11DA
2015-03-14 21:23 - 2015-03-14 21:23 - 00000000 ____D () C:\Users\Maria\Downloads\YIFY.info_-_Interstellar.2014.DVDScr.XVID.AC3.HQ
2015-03-14 21:21 - 2015-02-21 03:30 - 553103535 _____ () C:\Users\Maria\Downloads\2014 - The Hunger Games - Mockingjay Part 1.mkv
2015-03-13 18:43 - 2015-03-13 18:43 - 00000000 ____D () C:\Users\Maria\Desktop\MyScrapChickBellyBox
2015-03-13 09:39 - 2015-03-13 09:40 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_942
2015-03-11 19:52 - 2015-03-11 19:52 - 01464320 _____ () C:\windows\system32\lPBusEnum.dll
2015-03-11 19:52 - 2015-03-11 19:52 - 00000657 _____ () C:\windows\system32\lPBusEnum.ocx
2015-03-11 17:51 - 2015-03-11 17:51 - 00000000 ____D () C:\Users\Maria\Documents\aap
2015-03-10 22:41 - 2015-03-10 22:41 - 00000000 ____D () C:\Users\Maria\Desktop\TeGer
2015-03-09 22:24 - 2015-03-09 22:24 - 00000823 _____ () C:\Users\Maria\Documents\describe.txt
2015-03-08 17:37 - 2015-03-26 19:25 - 00000000 ____D () C:\Users\Maria\Documents\Jobs Applied
2015-03-08 17:15 - 2015-03-08 17:15 - 04718744 _____ () C:\ProgramData\SPL83A6.tmp
2015-03-08 16:51 - 2015-03-08 16:51 - 00183808 _____ () C:\Users\Maria\Desktop\hr-application.wiz.ux8fzcp.partial
2015-03-08 14:57 - 2015-03-26 19:41 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\SanDisk
2015-03-08 14:57 - 2015-03-08 14:57 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
2015-03-07 13:55 - 2015-03-07 13:57 - 303654387 ____R () C:\Users\Maria\Downloads\India's Daughter   Indian rapist BBC documentary Delhi Nirbhaya full HD.webm
2015-03-05 09:43 - 2015-03-27 18:55 - 00000000 ____D () C:\Users\Maria\Desktop\New folder (2)
2015-03-05 09:27 - 2014-05-17 18:54 - 00000000 ____D () C:\Users\Maria\Desktop\Diane Leyne - [Satisfaction, Texas 04] - Playing for Satisfaction [Siren Menage Everlasting] (html)
2015-03-04 19:01 - 2015-03-04 21:49 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_3F52
2015-03-03 23:29 - 2015-03-03 23:29 - 00000000 _____ () C:\windows\SysWOW64\shoCC1E.tmp
2015-03-01 13:41 - 2015-03-16 12:52 - 00000000 ____D () C:\Users\Maria\Desktop\Draft Order Ref N58958001
2015-03-01 13:41 - 2015-03-01 13:41 - 00038119 _____ () C:\Users\Maria\Desktop\Draft Order Ref N58958001.zip
2015-03-01 13:40 - 2015-03-01 13:40 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_21CB
2015-02-28 11:58 - 2015-02-28 11:58 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_CFB
2015-02-27 23:30 - 2015-02-27 23:30 - 00000000 _____ () C:\windows\SysWOW64\sho893.tmp
2015-02-27 23:28 - 2015-02-27 23:28 - 00000076 _____ () C:\Users\Maria\Desktop\cat.txt
2015-02-27 19:17 - 2015-02-27 19:17 - 01464320 _____ () C:\windows\system32\yontCache.dll
2015-02-27 19:17 - 2015-02-27 19:17 - 00000657 _____ () C:\windows\system32\yontCache.ocx
2015-02-24 22:04 - 2015-03-26 19:25 - 00032213 _____ () C:\Users\Maria\Desktop\Book1.xlsx
2015-02-23 13:05 - 2015-02-23 13:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-02-23 12:57 - 2015-01-15 04:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-23 12:57 - 2015-01-15 04:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-23 12:57 - 2015-01-15 04:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-23 12:57 - 2015-01-15 04:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-23 12:57 - 2015-01-15 04:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-23 12:57 - 2015-01-15 04:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-23 12:57 - 2015-01-15 04:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-23 12:57 - 2015-01-15 04:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-23 12:57 - 2015-01-15 04:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-23 12:57 - 2015-01-15 04:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-23 12:57 - 2015-01-15 04:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-23 12:57 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-23 12:57 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-23 12:57 - 2015-01-15 03:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-23 12:57 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-23 12:57 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-23 12:57 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-23 12:57 - 2015-01-15 00:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-23 12:57 - 2015-01-14 01:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-23 12:57 - 2015-01-14 01:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-23 12:57 - 2015-01-12 23:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-23 12:57 - 2015-01-12 22:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-23 12:57 - 2015-01-11 23:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-23 12:57 - 2015-01-11 23:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-23 12:57 - 2015-01-11 23:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-23 12:57 - 2015-01-11 22:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-23 12:57 - 2015-01-11 22:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-23 12:57 - 2015-01-11 22:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-23 12:57 - 2015-01-11 22:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-23 12:57 - 2015-01-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-23 12:57 - 2015-01-11 22:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-23 12:57 - 2015-01-11 22:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-23 12:57 - 2015-01-11 22:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-23 12:57 - 2015-01-11 22:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-23 12:57 - 2015-01-11 22:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-23 12:57 - 2015-01-11 22:33 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-23 12:57 - 2015-01-11 22:32 - 06041088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-23 12:57 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-23 12:57 - 2015-01-11 22:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-23 12:57 - 2015-01-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-23 12:57 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-23 12:57 - 2015-01-11 22:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-23 12:57 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-23 12:57 - 2015-01-11 22:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-23 12:57 - 2015-01-11 22:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-23 12:57 - 2015-01-11 22:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-23 12:57 - 2015-01-11 22:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-23 12:57 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-23 12:57 - 2015-01-11 22:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-23 12:57 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-23 12:57 - 2015-01-11 22:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-23 12:57 - 2015-01-11 21:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-23 12:57 - 2015-01-11 21:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-23 12:57 - 2015-01-11 21:55 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-23 12:57 - 2015-01-11 21:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-23 12:57 - 2015-01-11 21:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-23 12:57 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-23 12:57 - 2015-01-11 21:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-23 12:57 - 2015-01-11 21:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-23 12:57 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-23 12:57 - 2015-01-11 21:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-23 12:57 - 2015-01-11 21:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-23 12:57 - 2015-01-11 21:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-23 12:57 - 2015-01-11 21:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-23 12:57 - 2015-01-11 21:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-23 12:57 - 2015-01-11 21:29 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-23 12:57 - 2015-01-11 21:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-23 12:57 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-23 12:57 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-23 12:57 - 2015-01-11 21:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-23 12:57 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-23 12:57 - 2015-01-11 21:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-23 12:57 - 2015-01-11 21:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-23 12:57 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-23 12:57 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-23 12:57 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-23 12:57 - 2014-12-12 01:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-23 12:57 - 2014-12-12 01:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-23 12:57 - 2014-10-03 22:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-23 12:57 - 2014-10-03 21:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-23 12:57 - 2014-10-03 21:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-23 12:57 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-23 12:57 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-23 12:57 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-23 12:57 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-23 12:56 - 2015-01-14 02:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-23 12:56 - 2015-01-14 02:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-23 12:56 - 2015-01-14 02:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-23 12:56 - 2015-01-14 02:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-23 12:56 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-23 12:56 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-23 12:56 - 2015-01-14 01:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-23 12:56 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-23 12:56 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-23 12:56 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-23 12:56 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-23 12:55 - 2015-02-03 23:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-23 12:55 - 2015-02-03 23:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-23 12:55 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-23 12:55 - 2015-01-10 02:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-23 12:55 - 2015-01-10 02:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-23 12:55 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-23 12:54 - 2015-01-08 22:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-22 23:39 - 2015-01-30 13:37 - 00156980 _____ () C:\Users\Maria\Downloads\2014 - Nightcrawler.srt
2015-02-22 23:38 - 2015-02-11 07:10 - 862004796 _____ () C:\Users\Maria\Downloads\2014 - Nightcrawler.mp4
2015-02-21 13:19 - 2015-02-21 13:19 - 01464320 _____ () C:\windows\system32\xdfs.dll
2015-02-21 13:19 - 2015-02-21 13:19 - 00000657 _____ () C:\windows\system32\xdfs.ocx
2015-02-21 12:56 - 2015-01-21 00:47 - 00061732 _____ () C:\Users\Maria\Downloads\2014 - Fasandraeberne.srt
2015-02-21 12:48 - 2014-12-30 12:58 - 00104366 _____ () C:\Users\Maria\Downloads\2014 - The Drop.srt
2015-02-18 20:00 - 2015-02-18 20:00 - 00000000 ____D () C:\ProgramData\Meridian93
2015-02-18 19:59 - 2015-02-18 19:59 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Meridian93
2015-02-18 19:59 - 2015-02-18 19:59 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\art2
2015-02-18 19:51 - 2015-02-18 19:51 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\EleFun Games
2015-02-18 19:36 - 2015-02-01 06:50 - 00087853 _____ () C:\Users\Maria\Downloads\2013 - Felony.srt
2015-02-15 17:55 - 2015-02-05 17:01 - 32106640 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 25460880 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 24768144 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 20466496 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 13294528 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 13208200 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 10773704 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 10713256 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 10284872 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2015-02-15 17:55 - 2015-02-05 17:01 - 03610768 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 03247248 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 01895240 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6434752.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 01557648 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6434752.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00995248 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00969872 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00943760 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00929936 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00908104 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00877816 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00496272 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00399504 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00390472 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00353224 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00345744 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00305136 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00177624 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2015-02-15 17:55 - 2015-02-05 17:01 - 00164752 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2015-02-15 17:29 - 2015-02-15 17:29 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Media Player Classic
2015-02-13 17:20 - 2015-02-13 17:20 - 00000845 _____ () C:\Users\Public\Desktop\Open Freely.lnk
2015-02-13 17:20 - 2015-02-13 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely
2015-02-13 17:20 - 2015-02-13 17:20 - 00000000 ____D () C:\Program Files\Open Freely
2015-02-13 17:20 - 2015-02-13 17:20 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-02-13 17:20 - 2010-03-15 06:31 - 00165376 _____ () C:\windows\SysWOW64\unrar.dll
2015-02-13 17:12 - 2015-02-13 17:13 - 00012735 _____ () C:\Users\Maria\Documents\Brief - 05-04-06.wpd
2015-02-13 14:23 - 2015-02-13 14:23 - 26678841 _____ () C:\Users\Maria\Downloads\Start_Scrapbooking.epub
2015-02-12 16:58 - 2015-02-12 16:58 - 00001205 _____ () C:\Users\Maria\Desktop\Xilisoft MKV Converter.lnk
2015-02-12 16:17 - 2015-02-12 16:17 - 01464320 _____ () C:\windows\system32\jDVaultSvc.dll
2015-02-12 16:17 - 2015-02-12 16:17 - 00000657 _____ () C:\windows\system32\jDVaultSvc.ocx
2015-02-12 15:27 - 2015-02-12 15:27 - 04886150 _____ () C:\Users\Maria\Desktop\(200) Funny Pictures Of The Day - 73 Pics  Cat  Pinterest.mht
2015-02-09 00:18 - 2015-02-09 00:18 - 00000000 _____ () C:\windows\SysWOW64\shoB9CD.tmp
2015-02-08 12:10 - 2015-02-08 12:10 - 00000000 ____D () C:\ProgramData\Ralink
2015-02-02 15:07 - 2015-02-02 15:07 - 01278112 _____ () C:\ProgramData\SPLCD40.tmp
2015-02-01 17:43 - 2015-02-12 16:55 - 00002081 _____ () C:\Users\Public\Desktop\Xilisoft MKV Converter.lnk
2015-02-01 17:09 - 2015-02-01 17:09 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Sonic
2015-01-31 15:08 - 2015-01-31 15:08 - 00000000 ____D () C:\Users\Maria\Downloads\The Disappearance of Eleanor Rigby Her 2013 BRRip XviD -FWOLF
2015-01-30 18:08 - 2014-12-11 09:12 - 00179200 _____ () C:\Users\Maria\Downloads\2014 - Gone Girl.srt
2015-01-30 17:33 - 2015-01-30 17:33 - 00000000 ____D () C:\Users\Maria\Documents\Scrapbook Studio
2015-01-30 17:31 - 2015-01-30 17:34 - 00000000 ____D () C:\ProgramData\WSS
2015-01-30 17:31 - 2015-01-30 17:31 - 00001186 _____ () C:\Users\Maria\Desktop\Wondershare Scrapbook Studio.lnk
2015-01-30 17:31 - 2015-01-30 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-01-30 17:24 - 2015-01-30 17:24 - 00001575 _____ () C:\Users\Maria\Downloads\Outlander Series ( _ 1 - 7) By Diana Gabaldon ABEE.lnk
2015-01-30 17:06 - 2015-01-30 17:06 - 01464320 _____ () C:\windows\system32\wetman.dll
2015-01-30 17:06 - 2015-01-30 17:06 - 00000657 _____ () C:\windows\system32\wetman.ocx
2015-01-30 14:49 - 2015-01-20 14:38 - 546437552 _____ () C:\Users\Maria\Downloads\2014 - Fasandraeberne.mkv
2015-01-28 11:34 - 2015-01-28 11:34 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Roxio Burn
2015-01-27 01:19 - 2015-03-08 20:31 - 00000455 _____ () C:\Users\Maria\Documents\Contacts.txt
2015-01-26 12:53 - 2015-01-26 12:53 - 00000000 ____D () C:\ProgramData\Roxio Log Files
2015-01-25 15:21 - 2015-02-01 17:09 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Roxio
2015-01-25 15:20 - 2015-01-25 15:20 - 00000000 ____D () C:\Users\Maria\AppData\Local\Corel_Corporation
2015-01-25 15:18 - 2015-01-25 15:18 - 00000000 ____D () C:\ProgramData\Uninstall
2015-01-25 15:18 - 2015-01-25 15:18 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-25 15:18 - 2015-01-25 15:18 - 00000000 ____D () C:\Program Files (x86)\Roxio
2015-01-25 15:18 - 2013-08-19 02:00 - 00028304 ____N (Corel Corporation) C:\windows\system32\Drivers\Sahdad64.sys
2015-01-25 15:18 - 2013-08-19 02:00 - 00027792 ____N (Corel Corporation) C:\windows\system32\Drivers\SaibVdAd64.sys
2015-01-25 15:18 - 2013-08-19 02:00 - 00020112 ____N (Corel Corporation) C:\windows\system32\Drivers\Saibad64.sys
2015-01-25 15:14 - 2015-01-28 15:41 - 00000000 ____D () C:\ProgramData\Roxio
2015-01-25 15:14 - 2015-01-25 15:14 - 00000000 ____D () C:\Program Files\Roxio
2015-01-25 15:13 - 2015-01-25 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2015-01-25 15:13 - 2015-01-25 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator NXT 2
2015-01-25 15:13 - 2015-01-25 15:13 - 00002162 _____ () C:\Users\Public\Desktop\Roxio Creator NXT 2.lnk
2015-01-25 15:13 - 2015-01-25 15:13 - 00000000 ____D () C:\ProgramData\Macrovision
2015-01-25 15:12 - 2015-01-25 15:17 - 00000000 ____D () C:\Program Files (x86)\Roxio Creator NXT 2
2015-01-25 15:12 - 2015-01-25 15:12 - 00000000 ____D () C:\Program Files\Roxio Creator NXT 2
2015-01-25 15:12 - 2010-02-04 11:01 - 00530776 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_6.dll
2015-01-25 15:12 - 2010-02-04 11:01 - 00528216 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_6.dll
2015-01-25 15:12 - 2010-02-04 11:01 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_6.dll
2015-01-25 15:12 - 2010-02-04 11:01 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_6.dll
2015-01-25 15:12 - 2010-02-04 11:01 - 00078680 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_4.dll
2015-01-25 15:12 - 2010-02-04 11:01 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_4.dll
2015-01-25 15:12 - 2010-02-04 11:01 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2015-01-25 15:12 - 2010-02-04 11:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2015-01-25 15:12 - 2009-09-04 18:44 - 00517960 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_5.dll
2015-01-25 15:12 - 2009-09-04 18:44 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_5.dll
2015-01-25 15:12 - 2009-09-04 18:44 - 00176968 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_5.dll
2015-01-25 15:12 - 2009-09-04 18:44 - 00073544 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_3.dll
2015-01-25 15:12 - 2009-09-04 18:29 - 05554512 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_42.dll
2015-01-25 15:12 - 2009-09-04 18:29 - 05501792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_42.dll
2015-01-25 15:12 - 2009-09-04 18:29 - 02582888 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_42.dll
2015-01-25 15:12 - 2009-09-04 18:29 - 02475352 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll
2015-01-25 15:12 - 2009-09-04 18:29 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2015-01-25 15:12 - 2009-09-04 18:29 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2015-01-25 15:12 - 2009-09-04 18:29 - 00285024 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_42.dll
2015-01-25 15:12 - 2009-09-04 18:29 - 00235344 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_42.dll
2015-01-25 15:12 - 2009-03-16 15:18 - 00521560 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_4.dll
2015-01-25 15:12 - 2009-03-16 15:18 - 00517448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_4.dll
2015-01-25 15:12 - 2009-03-16 15:18 - 00235352 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_4.dll
2015-01-25 15:12 - 2009-03-16 15:18 - 00174936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_4.dll
2015-01-25 15:12 - 2009-03-16 15:18 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_6.dll
2015-01-25 15:12 - 2009-03-16 15:18 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_6.dll
2015-01-25 15:12 - 2009-03-09 16:27 - 02430312 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_41.dll
2015-01-25 15:12 - 2009-03-09 16:27 - 00520544 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_41.dll
2015-01-25 15:12 - 2008-10-27 11:04 - 00518480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_3.dll
2015-01-25 15:12 - 2008-10-27 11:04 - 00514384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_3.dll
2015-01-25 15:12 - 2008-10-27 11:04 - 00235856 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_3.dll
2015-01-25 15:12 - 2008-10-27 11:04 - 00175440 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_3.dll
2015-01-25 15:12 - 2008-10-27 11:04 - 00074576 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_2.dll
2015-01-25 15:12 - 2008-10-27 11:04 - 00070992 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_2.dll
2015-01-25 15:12 - 2008-10-27 11:04 - 00025936 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_5.dll
2015-01-25 15:12 - 2008-10-27 11:04 - 00023376 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_5.dll
2015-01-25 15:12 - 2008-10-15 07:22 - 05631312 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_40.dll
2015-01-25 15:12 - 2008-10-15 07:22 - 04379984 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_40.dll
2015-01-25 15:12 - 2008-10-15 07:22 - 02605920 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_40.dll
2015-01-25 15:12 - 2008-10-15 07:22 - 02036576 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_40.dll
2015-01-25 15:12 - 2008-10-15 07:22 - 00519000 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_40.dll
2015-01-25 15:12 - 2008-10-15 07:22 - 00452440 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_40.dll
2015-01-25 15:12 - 2008-07-31 11:41 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_2.dll
2015-01-25 15:12 - 2008-07-31 11:41 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_2.dll
2015-01-25 15:12 - 2008-07-31 11:41 - 00072200 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_1.dll
2015-01-25 15:12 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll
2015-01-25 15:12 - 2008-07-31 11:40 - 00513544 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_2.dll
2015-01-25 15:12 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll
2015-01-25 15:12 - 2008-07-10 12:01 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2015-01-25 15:12 - 2008-07-10 12:00 - 04992520 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll
2015-01-25 15:12 - 2008-07-10 12:00 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2015-01-25 15:12 - 2008-07-10 12:00 - 01942552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll
2015-01-25 15:12 - 2008-07-10 12:00 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2015-01-25 15:12 - 2008-07-10 12:00 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll
2015-01-25 15:12 - 2008-05-30 15:19 - 00511496 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_1.dll
2015-01-25 15:12 - 2008-05-30 15:19 - 00507400 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_1.dll
2015-01-25 15:12 - 2008-05-30 15:18 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_1.dll
2015-01-25 15:12 - 2008-05-30 15:18 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_1.dll
2015-01-25 15:12 - 2008-05-30 15:17 - 00068104 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_0.dll
2015-01-25 15:12 - 2008-05-30 15:17 - 00065032 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_0.dll
2015-01-25 15:12 - 2008-05-30 15:17 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_4.dll
2015-01-25 15:12 - 2008-05-30 15:16 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_4.dll
2015-01-25 15:12 - 2008-05-30 15:11 - 04991496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_38.dll
2015-01-25 15:12 - 2008-05-30 15:11 - 03850760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_38.dll
2015-01-25 15:12 - 2008-05-30 15:11 - 01941528 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_38.dll
2015-01-25 15:12 - 2008-05-30 15:11 - 01491992 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_38.dll
2015-01-25 15:12 - 2008-05-30 15:11 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_38.dll
2015-01-25 15:12 - 2008-05-30 15:11 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_38.dll
2015-01-25 15:12 - 2008-03-05 17:04 - 00489480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_0.dll
2015-01-25 15:12 - 2008-03-05 17:03 - 00479752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_0.dll
2015-01-25 15:12 - 2008-03-05 17:03 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_0.dll
2015-01-25 15:12 - 2008-03-05 17:03 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_0.dll
2015-01-25 15:12 - 2008-03-05 17:00 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_3.dll
2015-01-25 15:12 - 2008-03-05 17:00 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_3.dll
2015-01-25 15:12 - 2008-03-05 16:56 - 04910088 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_37.dll
2015-01-25 15:12 - 2008-03-05 16:56 - 03786760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_37.dll
2015-01-25 15:12 - 2008-03-05 16:56 - 01860120 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_37.dll
2015-01-25 15:12 - 2008-03-05 16:56 - 01420824 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_37.dll
2015-01-25 15:12 - 2008-02-06 00:07 - 00529424 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_37.dll
2015-01-25 15:12 - 2008-02-06 00:07 - 00462864 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_37.dll
2015-01-25 15:12 - 2007-10-22 04:40 - 00411656 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_10.dll
2015-01-25 15:12 - 2007-10-22 04:39 - 00267272 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_10.dll
2015-01-25 15:12 - 2007-10-22 04:37 - 00021000 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_2.dll
2015-01-25 15:12 - 2007-10-22 04:37 - 00017928 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_2.dll
2015-01-25 15:12 - 2007-10-12 16:14 - 05081608 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_36.dll
2015-01-25 15:12 - 2007-10-12 16:14 - 03734536 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_36.dll
2015-01-25 15:12 - 2007-10-12 16:14 - 02006552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_36.dll
2015-01-25 15:12 - 2007-10-12 16:14 - 01374232 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_36.dll
2015-01-25 15:12 - 2007-10-02 10:56 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_36.dll
2015-01-25 15:12 - 2007-10-02 10:56 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_36.dll
2015-01-25 15:12 - 2007-07-20 01:57 - 00411496 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_9.dll
2015-01-25 15:12 - 2007-07-20 01:57 - 00267112 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_9.dll
2015-01-25 15:12 - 2007-07-19 19:14 - 05073256 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll
2015-01-25 15:12 - 2007-07-19 19:14 - 03727720 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_35.dll
2015-01-25 15:12 - 2007-07-19 19:14 - 01985904 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_35.dll
2015-01-25 15:12 - 2007-07-19 19:14 - 01358192 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_35.dll
2015-01-25 15:12 - 2007-07-19 19:14 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_35.dll
2015-01-25 15:12 - 2007-07-19 19:14 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_35.dll
2015-01-25 15:12 - 2007-06-20 21:49 - 00409960 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_8.dll
2015-01-25 15:12 - 2007-06-20 21:46 - 00266088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_8.dll
2015-01-25 15:12 - 2007-05-16 17:45 - 04496232 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_34.dll
2015-01-25 15:12 - 2007-05-16 17:45 - 03497832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_34.dll
2015-01-25 15:12 - 2007-05-16 17:45 - 01401200 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_34.dll
2015-01-25 15:12 - 2007-05-16 17:45 - 01124720 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_34.dll
2015-01-25 15:12 - 2007-05-16 17:45 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_34.dll
2015-01-25 15:12 - 2007-05-16 17:45 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_34.dll
2015-01-25 15:12 - 2007-04-04 19:55 - 00403304 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_7.dll
2015-01-25 15:12 - 2007-04-04 19:55 - 00261480 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_7.dll
2015-01-25 15:12 - 2007-04-04 19:54 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2015-01-25 15:12 - 2007-04-04 19:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2015-01-25 15:12 - 2007-03-15 17:57 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_33.dll
2015-01-25 15:12 - 2007-03-15 17:57 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_33.dll
2015-01-25 15:12 - 2007-03-12 17:42 - 04494184 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_33.dll
2015-01-25 15:12 - 2007-03-12 17:42 - 03495784 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_33.dll
2015-01-25 15:12 - 2007-03-12 17:42 - 01400176 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_33.dll
2015-01-25 15:12 - 2007-03-12 17:42 - 01123696 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_33.dll
2015-01-25 15:12 - 2007-01-24 16:27 - 00393576 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_6.dll
2015-01-25 15:12 - 2007-01-24 16:27 - 00255848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_6.dll
2015-01-25 15:12 - 2006-12-08 13:02 - 00251672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_5.dll
2015-01-25 15:12 - 2006-12-08 13:00 - 00390424 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_5.dll
2015-01-25 15:12 - 2006-11-29 14:06 - 00469264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10.dll
2015-01-25 15:12 - 2006-11-29 14:06 - 00440080 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10.dll
2015-01-25 15:11 - 2007-03-05 13:42 - 00017688 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_1.dll
2015-01-25 15:11 - 2007-03-05 13:42 - 00015128 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_1.dll
2015-01-25 15:11 - 2006-09-28 17:05 - 03977496 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_31.dll
2015-01-25 15:11 - 2006-09-28 17:05 - 02414360 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_31.dll
2015-01-25 15:11 - 2006-09-28 17:05 - 00237848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_4.dll
2015-01-25 15:11 - 2006-09-28 17:04 - 00364824 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_4.dll
2015-01-25 15:11 - 2006-07-28 10:31 - 00083736 _____ (Microsoft Corporation) C:\windows\system32\xinput1_2.dll
2015-01-25 15:11 - 2006-07-28 10:30 - 00363288 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_3.dll
2015-01-25 15:11 - 2006-07-28 10:30 - 00236824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_3.dll
2015-01-25 15:11 - 2006-07-28 10:30 - 00062744 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_2.dll
2015-01-25 15:11 - 2006-05-31 08:24 - 00230168 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_2.dll
2015-01-25 15:11 - 2006-05-31 08:22 - 00354072 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_2.dll
2015-01-25 15:11 - 2006-03-31 13:41 - 03927248 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll
2015-01-25 15:11 - 2006-03-31 13:40 - 02388176 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_30.dll
2015-01-25 15:11 - 2006-03-31 13:40 - 00352464 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_1.dll
2015-01-25 15:11 - 2006-03-31 13:39 - 00229584 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_1.dll
2015-01-25 15:11 - 2006-03-31 13:39 - 00083664 _____ (Microsoft Corporation) C:\windows\system32\xinput1_1.dll
2015-01-25 15:11 - 2006-03-31 13:39 - 00062672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_1.dll
2015-01-25 15:11 - 2006-02-03 09:43 - 03830992 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_29.dll
2015-01-25 15:11 - 2006-02-03 09:43 - 02332368 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_29.dll
2015-01-25 15:11 - 2006-02-03 09:42 - 00355536 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_0.dll
2015-01-25 15:11 - 2006-02-03 09:42 - 00230096 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_0.dll
2015-01-25 15:11 - 2006-02-03 09:41 - 00016592 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_0.dll
2015-01-25 15:11 - 2006-02-03 09:41 - 00014032 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_0.dll
2015-01-25 15:11 - 2005-12-05 19:09 - 03815120 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_28.dll
2015-01-25 15:11 - 2005-12-05 19:09 - 02323664 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_28.dll
2015-01-25 15:11 - 2005-07-22 20:59 - 03807440 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_27.dll
2015-01-25 15:11 - 2005-07-22 20:59 - 02319568 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_27.dll
2015-01-25 15:11 - 2005-05-26 16:34 - 03767504 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_26.dll
2015-01-25 15:11 - 2005-05-26 16:34 - 02297552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_26.dll
2015-01-25 15:11 - 2005-03-18 18:19 - 03823312 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_25.dll
2015-01-25 15:11 - 2005-03-18 18:19 - 02337488 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_25.dll
2015-01-25 15:11 - 2005-02-05 20:45 - 03544272 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_24.dll
2015-01-25 15:11 - 2005-02-05 20:45 - 02222800 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_24.dll
2015-01-25 14:07 - 2015-01-25 14:07 - 00003712 _____ () C:\windows\System32\Tasks\{FD8AF0F4-64EC-4068-84CB-0858547685F6}
2015-01-25 14:07 - 2015-01-25 14:07 - 00003712 _____ () C:\windows\System32\Tasks\{BAB78B95-8DF2-4DC2-9CD2-CF37C240405D}
2015-01-25 12:50 - 2015-01-25 12:50 - 01464320 _____ () C:\windows\system32\a360.dll
2015-01-25 12:50 - 2015-01-25 12:50 - 00000657 _____ () C:\windows\system32\a360.ocx
2015-01-23 06:16 - 2015-01-23 06:16 - 00000000 _____ () C:\windows\SysWOW64\sho44DB.tmp
2015-01-22 19:59 - 2015-01-13 00:15 - 00195728 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvhda64v.sys
2015-01-22 19:59 - 2015-01-13 00:15 - 00030536 _____ (NVIDIA Corporation) C:\windows\system32\nvhdap64.dll
2015-01-22 19:59 - 2015-01-10 04:07 - 01895240 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6434725.dll
2015-01-22 19:59 - 2015-01-10 04:07 - 01556808 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6434725.dll
2015-01-22 17:07 - 2014-11-22 06:46 - 00038032 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2015-01-22 17:07 - 2014-11-22 06:46 - 00032400 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2015-01-21 14:02 - 2015-01-21 19:10 - 459276288 _____ () C:\Users\Maria\Downloads\Ab-CL-Paper_Crafting_Skills_and_Technique_with_Robert_Mahar.Avaxhome..part04.rar
2015-01-21 04:22 - 2015-01-21 08:32 - 459276288 _____ () C:\Users\Maria\Downloads\Ab-CL-Paper_Crafting_Skills_and_Technique_with_Robert_Mahar.Avaxhome..part03.rar
2015-01-20 23:33 - 2015-01-21 02:03 - 459276288 _____ () C:\Users\Maria\Downloads\Ab-CL-Paper_Crafting_Skills_and_Technique_with_Robert_Mahar.Avaxhome..part02.rar
2015-01-20 19:44 - 2015-01-20 22:14 - 459276288 _____ () C:\Users\Maria\Downloads\Ab-CL-Paper_Crafting_Skills_and_Technique_with_Robert_Mahar.Avaxhome..part01.rar
2015-01-20 18:56 - 2015-01-20 19:25 - 87326153 _____ () C:\Users\Maria\Downloads\1592536441MCHW.epub
2015-01-19 12:09 - 2015-01-19 12:09 - 00091859 _____ () C:\ProgramData\SPL859.tmp
2015-01-19 11:53 - 2015-01-19 11:53 - 00087811 _____ () C:\ProgramData\SPL5456.tmp
2015-01-19 09:44 - 2015-01-19 09:44 - 01597306 _____ () C:\ProgramData\SPL7BB4.tmp
2015-01-18 20:54 - 2015-01-18 20:54 - 00000861 _____ () C:\Users\Maria\Documents\Maron Marvel Bradley & Anderson LLC.txt
2015-01-16 23:05 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-16 23:05 - 2014-12-11 13:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-16 23:00 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-16 23:00 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-16 23:00 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-16 23:00 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-16 12:56 - 2015-01-16 12:56 - 00725089 _____ () C:\ProgramData\SPLC226.tmp
2015-01-16 12:13 - 2015-01-16 12:13 - 00724473 _____ () C:\ProgramData\SPL6665.tmp
2015-01-15 21:02 - 2015-01-15 21:02 - 07982137 _____ () C:\Users\Maria\Downloads\Rapid.Resizer.3.5.rar
2015-01-15 20:13 - 2015-01-15 20:13 - 50509306 _____ () C:\Users\Maria\Downloads\1440314993.epub
2015-01-15 16:07 - 2015-01-15 16:07 - 00000000 _____ () C:\windows\SysWOW64\sho4878.tmp
2015-01-14 17:26 - 2015-01-14 17:26 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_1AD7
2015-01-14 15:07 - 2015-01-14 15:07 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-01-14 15:07 - 2015-01-14 15:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-01-12 17:30 - 2015-01-12 17:30 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\SanDisk SecureAccess
2015-01-11 15:51 - 2015-01-11 15:51 - 00089081 _____ () C:\Users\Maria\Desktop\Fwd Pella Window Quote.zip
2015-01-10 12:32 - 2015-01-10 09:36 - 527687073 _____ () C:\Users\Maria\Downloads\2013 - Felony.mkv
2015-01-08 17:52 - 2015-01-08 17:52 - 00000000 _____ () C:\windows\SysWOW64\shoCF66.tmp
2015-01-06 15:28 - 2015-01-05 20:00 - 584980400 _____ () C:\Users\Maria\Downloads\2011 - The Rabbis Cat.mkv
2015-01-06 13:20 - 2015-02-23 18:51 - 00000000 ____D () C:\windows\system32\appraiser
2015-01-06 11:16 - 2014-10-17 22:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-01-06 11:16 - 2014-10-17 21:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-01-06 11:16 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-01-06 11:16 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-01-06 11:16 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-01-06 11:16 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-01-06 11:16 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-01-06 11:16 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-01-06 11:16 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-01-06 11:16 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-01-06 11:10 - 2014-11-10 23:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2015-01-06 11:10 - 2014-11-10 22:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2015-01-06 11:10 - 2014-11-10 21:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-01-06 11:10 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2015-01-06 11:10 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2015-01-06 11:10 - 2014-10-13 22:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2015-01-06 11:10 - 2014-10-02 22:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-01-06 11:10 - 2014-10-02 22:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-06 11:10 - 2014-10-02 22:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-01-06 11:10 - 2014-10-02 22:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-01-06 11:10 - 2014-10-02 22:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-01-06 11:10 - 2014-10-02 22:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-06 11:10 - 2014-10-02 22:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-06 11:10 - 2014-10-02 22:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-06 11:10 - 2014-10-02 22:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-06 11:10 - 2014-10-02 22:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-01-06 11:10 - 2014-10-02 21:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2015-01-06 11:10 - 2014-10-02 21:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-06 11:10 - 2014-10-02 21:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2015-01-06 11:10 - 2014-10-02 21:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2015-01-06 11:10 - 2014-10-02 21:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-06 11:10 - 2014-10-02 21:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-06 11:10 - 2014-10-02 21:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2015-01-06 11:10 - 2014-10-02 21:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-06 11:10 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2015-01-06 11:10 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2015-01-06 11:10 - 2014-08-21 02:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-01-06 11:10 - 2014-08-21 02:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-01-06 11:10 - 2014-08-21 02:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-01-06 11:10 - 2014-08-11 22:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2015-01-06 11:10 - 2014-08-11 21:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2015-01-06 11:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2015-01-06 11:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2015-01-06 11:10 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2015-01-06 11:10 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2015-01-06 11:10 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2015-01-06 11:10 - 2014-07-08 18:38 - 00419992 _____ () C:\windows\system32\locale.nls
2015-01-06 11:10 - 2014-07-08 18:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2015-01-06 11:10 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2015-01-06 11:10 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2015-01-06 11:10 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2015-01-06 11:10 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2015-01-06 11:10 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2015-01-06 11:10 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2015-01-06 11:05 - 2014-11-07 23:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-01-06 11:05 - 2014-11-07 22:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-01-05 22:53 - 2015-01-05 22:53 - 00000000 _____ () C:\windows\SysWOW64\shoC58D.tmp
2015-01-05 13:27 - 2015-01-05 13:27 - 01464320 _____ () C:\windows\system32\hasSstp.dll
2015-01-05 13:27 - 2015-01-05 13:27 - 00000657 _____ () C:\windows\system32\hasSstp.ocx
2015-01-05 10:57 - 2015-01-05 10:57 - 00000000 ____D () C:\Users\Maria\Downloads\The People Against O'Hara (TVRip) (1951)
2015-01-04 21:58 - 2015-01-04 21:58 - 00000000 _____ () C:\windows\SysWOW64\shoA677.tmp
2015-01-04 11:16 - 2015-03-26 16:18 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMaria
2015-01-04 11:16 - 2015-03-26 16:18 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForMaria.job
2015-01-03 21:17 - 2015-01-03 21:17 - 00000000 _____ () C:\windows\SysWOW64\shoE414.tmp
2015-01-02 20:05 - 2015-01-02 20:05 - 00000000 _____ () C:\windows\SysWOW64\sho93C2.tmp
2014-12-31 14:20 - 2014-12-31 06:59 - 536853042 _____ () C:\Users\Maria\Downloads\2014 - The Drop.mkv
2014-12-29 19:17 - 2014-12-29 19:17 - 01464320 _____ () C:\windows\system32\vontCache.dll
2014-12-29 19:17 - 2014-12-29 19:17 - 00000657 _____ () C:\windows\system32\vontCache.ocx
2014-12-29 15:39 - 2014-12-29 15:39 - 00067681 _____ () C:\ProgramData\SPL258B.tmp
2014-12-29 14:06 - 2014-12-29 14:06 - 01253090 _____ () C:\ProgramData\SPL94A2.tmp
2014-12-28 21:07 - 2015-03-15 07:36 - 00000000 ____D () C:\Users\Maria\Downloads\Agatha.Raisin.The.Quiche.Of.Death
2014-12-28 11:28 - 2014-12-29 14:38 - 00000000 ____D () C:\Users\Maria\Desktop\New folder
2014-12-28 11:06 - 2014-12-28 11:06 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-27 12:07 - 2014-12-27 12:07 - 00000000 ___HD () C:\windows\AxInstSV

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-27 18:45 - 2013-12-08 16:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-27 18:41 - 2013-05-25 21:05 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{C71CF554-B784-48C5-B89F-CECCF82CBFB2}
2015-03-27 18:12 - 2013-07-04 19:06 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-27 17:38 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\Globalization
2015-03-27 17:24 - 2014-08-07 08:36 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 17:23 - 2014-08-07 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-27 17:23 - 2014-08-07 08:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-27 17:23 - 2013-06-01 19:36 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-27 12:42 - 2013-05-25 21:01 - 01644831 _____ () C:\windows\WindowsUpdate.log
2015-03-27 11:50 - 2013-06-02 15:24 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2015-03-27 10:41 - 2014-12-18 15:10 - 00004972 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Maria-HP-Maria Maria-HP
2015-03-27 10:26 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 10:26 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 10:20 - 2013-06-02 15:25 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\ID Vault
2015-03-27 10:19 - 2014-09-01 09:54 - 00000000 ____D () C:\Users\Maria\AppData\Local\Adobe
2015-03-27 10:16 - 2013-05-26 17:21 - 00000000 ____D () C:\Users\Maria\AppData\Local\CrashDumps
2015-03-27 10:08 - 2013-05-26 15:43 - 00146724 _____ () C:\ProgramData\dleascan.log
2015-03-27 10:08 - 2013-05-17 14:34 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-27 10:07 - 2013-07-04 19:06 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-27 10:07 - 2009-07-14 00:51 - 00135044 _____ () C:\windows\setupact.log
2015-03-27 10:06 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-26 19:24 - 2014-12-09 21:42 - 00000000 ____D () C:\Users\Maria\Documents\Jobs
2015-03-22 20:59 - 2013-12-08 16:25 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-03-22 20:59 - 2013-05-17 14:27 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 20:59 - 2013-05-17 14:27 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 16:54 - 2013-05-26 14:21 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\vlc
2015-03-22 13:58 - 2014-07-05 17:22 - 00000000 ____D () C:\Users\Maria\Downloads\Tom
2015-03-22 09:38 - 2013-05-26 16:11 - 00000000 ____D () C:\ProgramData\Dl_cats
2015-03-22 09:37 - 2013-05-26 16:22 - 00066600 _____ () C:\ProgramData\dleaJSW.log
2015-03-21 21:22 - 2013-07-12 19:03 - 00000000 ____D () C:\Users\Maria\Downloads\Books
2015-03-21 12:14 - 2014-11-28 17:24 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-21 11:27 - 2010-11-20 23:47 - 02076806 _____ () C:\windows\PFRO.log
2015-03-20 20:36 - 2013-12-21 17:42 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\uTorrent
2015-03-20 18:07 - 2014-12-06 12:10 - 00000000 ____D () C:\ProgramData\Unchecky
2015-03-19 23:24 - 2014-02-09 19:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-19 23:24 - 2014-02-09 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-19 11:06 - 2013-06-02 15:25 - 00000000 ____D () C:\Users\Maria\AppData\Local\ID Vault
2015-03-19 11:00 - 2014-12-05 19:25 - 00002199 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Connect.lnk
2015-03-19 11:00 - 2014-12-05 19:25 - 00002187 _____ () C:\Users\Public\Desktop\Fast Connect.lnk
2015-03-17 06:15 - 2014-08-07 08:36 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-08-07 08:36 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2013-06-01 19:36 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-16 10:43 - 2009-07-14 00:45 - 00573856 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-15 16:57 - 2013-07-14 13:43 - 00000000 ____D () C:\games
2015-03-15 16:54 - 2014-05-28 18:07 - 00002476 _____ () C:\Users\Maria\Desktop\Hidden Expedition - Smithsonian Hope Diamond CE.lnk
2015-03-15 16:54 - 2014-05-28 18:07 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Expedition - Smithsonian Hope Diamond CE
2015-03-15 16:48 - 2013-07-19 10:32 - 00000000 ____D () C:\Users\Maria\Documents\Calibre Library
2015-03-15 10:22 - 2009-07-14 01:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-15 09:28 - 2013-05-28 11:40 - 00167600 _____ () C:\Users\Maria\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-15 09:15 - 2013-05-26 09:12 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-03-15 07:54 - 2013-07-30 19:55 - 00000000 ____D () C:\Users\Maria\Downloads\Games
2015-03-15 07:35 - 2013-08-04 11:02 - 00000000 ____D () C:\Users\Maria\Downloads\Applications
2015-03-14 21:19 - 2013-07-18 19:18 - 00000000 ____D () C:\Users\Maria\Downloads\Movies
2015-03-14 16:13 - 2014-12-02 15:28 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-13 09:30 - 2014-04-03 17:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-12 16:02 - 2013-05-17 14:20 - 00000000 ____D () C:\ProgramData\Temp
2015-03-11 19:51 - 2014-06-29 18:14 - 00002841 _____ () C:\Users\Public\Desktop\Xilisoft DVD Creator.lnk
2015-03-11 19:51 - 2014-06-29 14:01 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Xilisoft
2015-03-08 17:17 - 2013-05-25 21:06 - 00000000 ____D () C:\Users\Maria\AppData\Local\VirtualStore
2015-03-04 12:22 - 2013-05-28 14:49 - 00000000 ____D () C:\Users\Maria\AppData\Local\Google
2015-03-02 22:30 - 2013-12-01 14:46 - 01572864 ___SH () C:\Users\Maria\Downloads\Thumbs.db
2015-03-02 20:59 - 2014-02-02 10:34 - 00000000 ____D () C:\Users\Maria\Downloads\Magazines
2015-02-26 15:06 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache

==================== Files in the root of some directories =======

2014-03-20 07:53 - 2014-03-20 07:53 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-06-22 17:24 - 2014-06-26 19:05 - 0099384 _____ () C:\Users\Maria\AppData\Roaming\inst.exe
2014-06-22 17:24 - 2014-06-26 19:05 - 0007859 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.cat
2014-06-22 17:24 - 2014-06-26 19:05 - 0001167 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.inf
2014-06-22 17:24 - 2014-06-26 19:05 - 0000055 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.log
2014-06-22 17:24 - 2014-06-26 19:05 - 0082816 _____ (VSO Software) C:\Users\Maria\AppData\Roaming\pcouffin.sys
2014-02-28 21:25 - 2014-02-28 21:25 - 0000042 _____ () C:\Users\Maria\AppData\Roaming\WB.CFG
2013-06-09 12:02 - 2013-06-16 06:17 - 0000173 _____ () C:\Users\Maria\AppData\Local\msmathematics.qat.Maria
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2013-10-21 12:33 - 2015-02-19 13:30 - 0011108 _____ () C:\ProgramData\dlea.log
2013-09-07 18:30 - 2014-12-28 21:41 - 0000553 _____ () C:\ProgramData\dleaDiagnostics.log
2013-05-26 16:22 - 2015-03-22 09:37 - 0066600 _____ () C:\ProgramData\dleaJSW.log
2013-05-26 15:43 - 2015-03-27 10:08 - 0146724 _____ () C:\ProgramData\dleascan.log
2013-05-27 11:45 - 2014-11-23 16:46 - 0000756 _____ () C:\ProgramData\FastPics.log
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-09-13 06:56 - 2013-09-13 06:56 - 0002456 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag
2014-12-29 15:39 - 2014-12-29 15:39 - 0067681 _____ () C:\ProgramData\SPL258B.tmp
2015-01-19 11:53 - 2015-01-19 11:53 - 0087811 _____ () C:\ProgramData\SPL5456.tmp
2014-11-30 15:56 - 2014-11-30 15:56 - 0099946 _____ () C:\ProgramData\SPL63D3.tmp
2015-01-16 12:13 - 2015-01-16 12:13 - 0724473 _____ () C:\ProgramData\SPL6665.tmp
2014-03-11 11:36 - 2014-03-11 11:36 - 3190040 _____ () C:\ProgramData\SPL68C6.tmp
2014-12-24 16:50 - 2014-12-24 16:50 - 0937733 _____ () C:\ProgramData\SPL778F.tmp
2015-01-19 09:44 - 2015-01-19 09:44 - 1597306 _____ () C:\ProgramData\SPL7BB4.tmp
2015-03-08 17:15 - 2015-03-08 17:15 - 4718744 _____ () C:\ProgramData\SPL83A6.tmp
2015-01-19 12:09 - 2015-01-19 12:09 - 0091859 _____ () C:\ProgramData\SPL859.tmp
2014-12-29 14:06 - 2014-12-29 14:06 - 1253090 _____ () C:\ProgramData\SPL94A2.tmp
2014-11-23 16:12 - 2014-11-23 16:12 - 0368105 _____ () C:\ProgramData\SPLA0E.tmp
2014-02-19 13:06 - 2014-02-19 13:06 - 1915209 _____ () C:\ProgramData\SPLB9F0.tmp
2015-01-16 12:56 - 2015-01-16 12:56 - 0725089 _____ () C:\ProgramData\SPLC226.tmp
2015-02-02 15:07 - 2015-02-02 15:07 - 1278112 _____ () C:\ProgramData\SPLCD40.tmp
2013-07-17 20:15 - 2013-07-17 20:15 - 0147153 _____ () C:\ProgramData\SPLD89F.tmp
2013-07-18 13:47 - 2013-07-18 13:47 - 0147153 _____ () C:\ProgramData\SPLEA.tmp
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some content of TEMP:
====================
C:\Users\Maria\AppData\Local\Temp\Extract.exe
C:\Users\Maria\AppData\Local\Temp\install_flashplayer17x32ax_gtbd_awe_aih.exe
C:\Users\Maria\AppData\Local\Temp\Quarantine.exe
C:\Users\Maria\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {5a8eaf98-bf1d-11e2-8e9c-7054d2e40262}
                        {5a8eaf99-bf1d-11e2-8e9c-7054d2e40262}
                        {5a8eaf9b-bf1d-11e2-8e9c-7054d2e40262}
                        {5a8eaf9c-bf1d-11e2-8e9c-7054d2e40262}
                        {5a8eaf9d-bf1d-11e2-8e9c-7054d2e40262}
                        {5a8eaf9e-bf1d-11e2-8e9c-7054d2e40262}
                        {5a8eaf9f-bf1d-11e2-8e9c-7054d2e40262}
timeout                 2

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {5a8eafa0-bf1d-11e2-8e9c-7054d2e40262}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {b4591b15-c5a7-11e2-9a24-7054d2e40262}

Firmware Application (101fffff)
-------------------------------
identifier              {5a8eaf98-bf1d-11e2-8e9c-7054d2e40262}
description             USB Floppy/CD

Firmware Application (101fffff)
-------------------------------
identifier              {5a8eaf99-bf1d-11e2-8e9c-7054d2e40262}
description             USB Hard Drive

Firmware Application (101fffff)
-------------------------------
identifier              {5a8eaf9b-bf1d-11e2-8e9c-7054d2e40262}
description             ATAPI CD-ROM Drive

Firmware Application (101fffff)
-------------------------------
identifier              {5a8eaf9c-bf1d-11e2-8e9c-7054d2e40262}
description             CD/DVD Drive

Firmware Application (101fffff)
-------------------------------
identifier              {5a8eaf9d-bf1d-11e2-8e9c-7054d2e40262}
description             USB Floppy/CD

Firmware Application (101fffff)
-------------------------------
identifier              {5a8eaf9e-bf1d-11e2-8e9c-7054d2e40262}
description             Hard Drive

Firmware Application (101fffff)
-------------------------------
identifier              {5a8eaf9f-bf1d-11e2-8e9c-7054d2e40262}
description             Atheros Boot Agent

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.efi
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {b4591b15-c5a7-11e2-9a24-7054d2e40262}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {5a8eafa0-bf1d-11e2-8e9c-7054d2e40262}
nx                      OptIn
bootlog                 No

Windows Boot Loader
-------------------
identifier              {b4591b15-c5a7-11e2-9a24-7054d2e40262}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{b4591b16-c5a7-11e2-9a24-7054d2e40262}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{b4591b16-c5a7-11e2-9a24-7054d2e40262}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {5a8eafa0-bf1d-11e2-8e9c-7054d2e40262}
device                  partition=C:
path                    \windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {b4591b16-c5a7-11e2-9a24-7054d2e40262}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

 

LastRegBack: 2015-03-15 15:17

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Maria at 2015-03-27 18:57:16
Running from C:\Users\Maria\Desktop\New folder (2)
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version:  - )
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
4 Great Games GOLD (HKLM-x32\...\4 Great Games GOLD1.0) (Version: 1.0 - Gogii Games)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Around the World in 80 Days (HKLM-x32\...\BFG-Around the World in 80 Days) (Version:  - )
Babylonia (HKLM-x32\...\BFG-Babylonia) (Version:  - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Big City Adventure Deluxe Pack (HKLM-x32\...\{A4F17891-1761-46D7-BAD3-9115EB8EABAD}) (Version: 6.6.6 - LeeGT-Games)
Big City Adventure: Rio de Janeiro (HKLM-x32\...\BFG-Big City Adventure - Rio de Janeiro) (Version:  - )
Big City Adventure: Tokyo (HKLM-x32\...\BFG-Big City Adventure - Tokyo) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{7BCD1A5E-F903-48C9-9CB2-37E5A6FB2111}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
Bookworm Adventures (HKLM-x32\...\BFG-Bookworm Adventures) (Version:  - )
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
calibre 64bit (HKLM\...\{9BC77540-BA1D-44B9-AEA7-600362A08F7C}) (Version: 1.27.0 - Kovid Goyal)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Corel PaintShop Pro X7  (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)
Corel PaintShop Pro X7 (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dazzle Video Capture DVC100 X64 Driver 1.06 (x32 Version: 1.06.0000 - Pinnacle) Hidden
Dell Toolbar (HKLM-x32\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - )
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elementals - The Magic Key (HKLM-x32\...\Elementals - The Magic Key_is1) (Version:  - Playrix Entertainment)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden
Esoterica - Hollow Earth (HKLM-x32\...\Esoterica - Hollow EarthFinal) (Version: Final - AllSmartGames)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fashion Solitaire (HKLM-x32\...\Fashion Solitaire) (Version: 32.0.0.0 - Shockwave.com)
Fast Connect (HKLM-x32\...\ID Vault) (Version: 1.15.311.2 - White Sky)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom 3 (HKLM-x32\...\BFG-Fishdom 3) (Version:  - )
Glass Eye 2000 (HKLM-x32\...\Glass Eye 2000) (Version: 3.1 - Dragonfly Software)
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haunted Legends 4 - The Curse of Vox Collectors Edition (HKLM-x32\...\Haunted Legends 4 - The Curse of Vox Collectors EditionFinal) (Version: Final - AllSmartGames)
Hauntings Of Mystery Manor (HKLM-x32\...\Hauntings Of Mystery Manor_is1) (Version:  - Cindy Pondillo)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Expedition - Smithsonian Hope Diamond CE (HKLM-x32\...\Hidden Expedition - Smithsonian Hope Diamond CEFinal) (Version: Final - AllSmartGames)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 6.0.0.0 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
ICA (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
InstallConverter bundle uninstaller (HKLM-x32\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
IPM_PSP_COM (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 17.0.0.199 - Corel Corporation) Hidden
iTunes (HKLM\...\{BCF07271-A853-4D3A-B668-4B752174CAA8}) (Version: 10.3.1.55 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051F0}) (Version: 7.0.510 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jojo's Fashion Show (HKLM-x32\...\BFG-Jojo's Fashion Show) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Little Shop - City Lights (HKLM-x32\...\Little Shop - City Lights) (Version: 1.0.0.32 - LeeGT-Games)
LogMeIn (HKLM-x32\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic DVD Ripper V8.1.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Make The Cut! (HKLM-x32\...\Make The Cut!) (Version: 4.6.1.0 - Make The Cut, LLC.)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobi File Reader (HKLM-x32\...\{FFA8548C-9BC2-427F-9F81-E64F620A30CB}_is1) (Version:  - mobifilereader.com)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery Case Files &reg;: Dire Grove ™ (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version:  - )
Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - )
Nero 2014 (HKLM-x32\...\{B7D4C429-9CAB-4B97-A879-AFD1F922DD27}) (Version: 15.0.06800 - Nero AG)
Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 5.1.0.26 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NTComic CBR Reader (HKLM-x32\...\{205F179A-33F4-4D5E-BB14-B889D3003357}) (Version: 2.1.5 - NTComic)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.95 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Popup Card Studio (HKLM-x32\...\Popup Card Studio) (Version: 1.1.0.0 - Make The Cut, LLC.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
PrintFolder 1.3 (HKLM-x32\...\PrintFolder_is1) (Version:  - No Nonsense Software)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PSPPContent (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPro64 (Version: 17.0.0.199 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.53.0 - Mediatek)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.71 - Denis Kozlov)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Roxio Creator NXT 2 (HKLM-x32\...\{F6514099-C638-4F5D-878B-E1C68875B0E6}) (Version: 15.0.5.2 - Roxio)
Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Scrapbook Design Studio 2.0 (HKLM-x32\...\Scrapbook Design Studio 2.0_is1) (Version: 2.0.0.0 - Belltech Systems)
Setup (x32 Version: 17.0.0.199 - Corel Corporation) Hidden
Sharpe Investigations - Death on the Seine (HKLM-x32\...\Sharpe Investigations - Death on the Seine) (Version: 1.0.0 - LeeGT-Games)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Shrouded Tales - The Spellbound Land  (HKLM-x32\...\Your Product1.0) (Version: 1.0 - Your Company)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Unchecky v0.3.7 (HKLM-x32\...\Unchecky) (Version: 0.3.7 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wondershare Scrapbook Studio(Build 2.5.0.7) (HKLM-x32\...\Wondershare Scrapbook Studio_is1) (Version: 2.5.0.7 - WonderShare Software Co.,Ltd.)
Xilisoft Audio Converter Pro (HKLM-x32\...\Xilisoft Audio Converter Pro) (Version: 6.5.0.20130130 - Xilisoft)
Xilisoft Blu-ray Creator 2 (HKLM-x32\...\Xilisoft Blu-ray Creator 2) (Version: 2.0.4.0707 - Xilisoft)
Xilisoft Blu-ray Ripper (HKLM-x32\...\Xilisoft Blu-ray Ripper) (Version: 7.1.0.20120409 - Xilisoft)
Xilisoft DVD Copy 2 (HKLM-x32\...\Xilisoft DVD Copy 2) (Version: 2.0.2.20130128 - Xilisoft)
Xilisoft DVD Ripper Ultimate (HKLM-x32\...\Xilisoft DVD Ripper Ultimate) (Version: 7.8.0.20140401 - Xilisoft)
Xilisoft MKV Converter (HKLM-x32\...\Xilisoft MKV Converter) (Version: 7.4.0.20120710 - Xilisoft)
Xilisoft Movie Maker 6 (HKLM-x32\...\Xilisoft Movie Maker 6) (Version: 6.6.0.20120823 - Xilisoft)
Xilisoft Photo DVD Maker (HKLM-x32\...\Xilisoft Photo DVD Maker) (Version: 1.5.1.1124 - Xilisoft)
Xilisoft Photo Slideshow Maker (HKLM-x32\...\Xilisoft Photo Slideshow Maker) (Version: 1.0.2.0214 - Xilisoft)
Xilisoft Video Converter Smart (HKLM-x32\...\Xilisoft Video Converter Smart) (Version: 1.0.0.20140424 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.0.20140401 - Xilisoft)
Xilisoft Video Editor 2 (HKLM-x32\...\Xilisoft Video Editor 2) (Version: 2.2.0.20120901 - Xilisoft)
Xilisoft YouTube Video Converter (HKLM-x32\...\Xilisoft YouTube Video Converter) (Version: 5.6.0.20140331 - Xilisoft)
Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT 2\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-738952025-4262938640-2191891780-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Maria\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

19-03-2015 23:23:36 Installed Java 7 Update 51

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-03-27 10:08 - 00001204 ____A C:\windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02E1A306-80DF-4ED4-A716-F3361B11003F} - System32\Tasks\{454A1F39-8BD3-4108-8500-791666E7F1AF} => pcalua.exe -a "C:\Program Files (x86)\Plus-HD-9.3\Uninstall.exe" -c /fromcontrolpanel=1
Task: {075FA6C8-ED24-466A-9646-F7CA7F76494A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0917B649-698F-46D9-A3CD-0B33E54D79F8} - System32\Tasks\{38FBC635-B187-466F-8535-89E9B2D68493} => pcalua.exe -a "C:\Users\Maria\Downloads\Games\Leegit\Hidden Expedition - Smithsonian Hope Diamond Collector's Edition.exe" -d C:\Users\Maria\Downloads\Games\Leegit
Task: {0A728E6B-A707-4038-AC4E-51237E98776C} - System32\Tasks\{8E001C5E-699F-4705-84E9-3AED489BCF3A} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {10EAA32F-F22D-419E-BBAD-23746F29DD90} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {124785F9-D34F-41BA-B61A-21DA4FAC2D93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {14344BFE-BED1-4519-978D-2E0A2DAE77DE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-22] (Adobe Systems Incorporated)
Task: {21BD934C-AEA5-4BC7-BD5D-F4418CAB9A8D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {27AE0F96-5FCE-486C-99D2-D5768BCCD71A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Maria-HP-Maria Maria-HP => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {3CEB6076-6630-466C-93AF-EA9F52B6E019} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {402787C6-DDEB-4E05-A848-090B4651575A} - System32\Tasks\{BAB78B95-8DF2-4DC2-9CD2-CF37C240405D} => pcalua.exe -a "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X\INS9XMSI.EXE" -d "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X"
Task: {4513C47A-E822-4D9B-AC16-BB8B78365119} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {474D822B-336E-4883-81A8-7A1F38B65510} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {53E9BA54-8876-413A-9D59-001129AF9B5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {5F194F3B-CCC4-48E4-8821-6BFA188C16A9} - System32\Tasks\{205C3F10-F5F9-45E2-9920-465A7C192C0E} => pcalua.exe -a C:\Users\Maria\Downloads\InstallFashionSolitaire.exe -d C:\Users\Maria\Desktop
Task: {61D57778-AD0D-4901-801C-AE33903EC35F} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-03-19] (CyberLink)
Task: {79700BB1-CC91-4218-825D-C972459911F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7D6189A2-9793-4745-86BF-DFE772E793DB} - System32\Tasks\{C1D1001A-EE21-4D45-8FEB-1E119E60B1BD} => pcalua.exe -a "C:\Users\Maria\Downloads\Xilisoft DVD Creator 7.1.3 build 20130701\Xilisoft DVD Creator 7.1.3 build 20130701.exe" -d "C:\Users\Maria\Downloads\Xilisoft DVD Creator 7.1.3 build 20130701"
Task: {7E469713-05D4-44BA-88CE-245810F440C6} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {85832FB1-EA49-4363-92B8-63F0C8BEDCA3} - System32\Tasks\{A58CFB80-23CC-4FF8-A5EF-42410066BEF0} => pcalua.exe -a C:\Users\Maria\Desktop\JavaSetup8u25.com -d C:\Users\Maria\Desktop
Task: {87BB1811-6E12-425F-B4C8-6C0B8DC3D1D2} - System32\Tasks\AdobeAAMUpdater-1.0-Maria-HP-Maria => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {8C8F57D8-909D-4E98-88D3-254E83442D7A} - System32\Tasks\{703DB18F-3221-46F9-BAB4-F2E7737BB5F4} => pcalua.exe -a C:\Users\Maria\AppData\Local\Temp\{A8238531-2A35-44D7-B73B-6F29B4F566F3}\setup.exe -d C:\Users\Maria\Desktop
Task: {AB9803D4-6C8F-4D17-9CBE-D54A37DC9B39} - System32\Tasks\{72C29983-C726-494C-97A6-BB212BE923AB} => pcalua.exe -a "C:\Users\Maria\Downloads\Games\Hidden Expedition - Smithsonian Hope Diamond Collector's Edition.exe" -d C:\Users\Maria\Downloads\Games
Task: {BAA1E294-8B2F-4811-A26E-CD02EC6D36CA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {BDA503CD-E7D1-4506-926B-315940C01EE2} - System32\Tasks\{FD8AF0F4-64EC-4068-84CB-0858547685F6} => pcalua.exe -a "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X\INSNTMSI.EXE" -d "C:\Users\Maria\Downloads\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\Corel Roxio Creator NXT 2 v15.0 (keygen CORE) [ChingLiu]\setup\CORE\setup\BOTPRODUCT_4X"
Task: {DB0D4767-10AF-4598-9E0F-9CFBC9B5C4FA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {E4D92872-DE4F-4DD7-9E60-37AE522DD0A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {EBE30115-8792-41EE-B352-F58AC39650F0} - System32\Tasks\HPCeeScheduleForMaria => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {FA285B41-A9F5-4E1A-81D1-7BE66370EFA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FB30A81F-8BBE-45C3-8697-5064098EB31B} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForMaria.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-25 12:50 - 2015-01-25 12:50 - 01464320 _____ () c:\windows\system32\a360.dll
2013-05-17 14:14 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-26 15:44 - 2009-11-04 14:18 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2013-08-19 01:35 - 2013-08-19 01:35 - 00457960 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2014-11-23 16:40 - 2010-04-01 13:23 - 00765952 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
2014-11-23 16:40 - 2009-06-22 09:08 - 00135168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
2014-04-03 17:43 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-05-21 23:20 - 2010-05-21 23:20 - 00045224 _____ () C:\windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
2009-12-16 12:42 - 2009-12-16 12:42 - 00205824 _____ () C:\Program Files\Dell\V310-V510 Series\dleamicro.dll
2010-04-01 18:30 - 2010-04-01 18:30 - 01558528 _____ () C:\Program Files\Dell\V310-V510 Series\dleadrs64.dll
2009-11-26 09:54 - 2009-11-26 09:54 - 00075264 _____ () C:\Program Files\Dell\V310-V510 Series\dleacfg64.dll
2009-03-10 06:44 - 2009-03-10 06:44 - 00015360 _____ () C:\Program Files\Dell\V310-V510 Series\dleacaps64.dll
2009-03-05 18:55 - 2009-03-05 18:55 - 00057344 _____ () C:\Program Files\Dell\V310-V510 Series\dleacnv464.dll
2012-09-27 19:23 - 2012-09-27 19:23 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
2015-03-13 09:28 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-06 13:20 - 2013-08-23 13:36 - 00721263 _____ () C:\windows\SysWOW64\WSCM64.dll
2012-07-05 20:47 - 2012-07-05 20:47 - 00185488 _____ () C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll
2014-11-23 16:40 - 2009-11-26 04:49 - 00086180 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacfg.dll
2014-11-23 16:40 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
2014-11-23 16:40 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
2014-11-23 16:40 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaDRS.dll
2014-11-23 16:40 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
2014-11-23 16:40 - 2009-03-05 13:55 - 00059904 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
2013-05-26 15:43 - 2009-02-20 03:50 - 00381440 _____ () C:\windows\system32\dleasm.dll
2013-05-26 15:43 - 2009-02-20 03:50 - 00028672 _____ () C:\windows\system32\dleasmr.dll
2014-11-23 16:40 - 2009-06-22 09:08 - 00708608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epwizard.DLL
2014-11-23 16:40 - 2009-06-22 09:06 - 00159744 _____ () C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
2014-11-23 16:40 - 2009-06-22 09:06 - 00114688 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Eputil.DLL
2014-11-23 16:40 - 2009-06-22 09:05 - 00139264 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Imagutil.DLL
2014-11-23 16:40 - 2009-06-22 09:06 - 00061440 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epfunct.DLL
2014-11-23 16:40 - 2009-06-22 09:08 - 02203648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPWizRes.dll
2014-11-23 16:40 - 2009-06-22 09:08 - 00045056 _____ () C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
2014-11-23 16:40 - 2009-06-22 09:08 - 00196608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPOEMDll.dll
2014-11-23 16:40 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
2014-11-23 16:40 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
2012-02-14 19:05 - 2012-02-14 19:37 - 11796096 _____ () C:\Users\Maria\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
2012-09-27 19:24 - 2012-09-27 19:24 - 00146064 _____ () C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RB_ContextMenu.dll
2015-03-11 14:48 - 2015-03-11 14:48 - 00548152 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2014-09-06 13:21 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-06 13:21 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-11-22 12:47 - 2014-11-22 12:47 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:268A5068
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:35A81752
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:C8B8CEBD

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-738952025-4262938640-2191891780-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-738952025-4262938640-2191891780-500 - Administrator - Disabled)
Guest (S-1-5-21-738952025-4262938640-2191891780-501 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-738952025-4262938640-2191891780-1002 - Administrator - Enabled)
Maria (S-1-5-21-738952025-4262938640-2191891780-1000 - Administrator - Enabled) => C:\Users\Maria

==================== Faulty Device Manager Devices =============

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 44%
Total physical RAM: 10197.41 MB
Available physical RAM: 5638.73 MB
Total Pagefile: 20393.01 MB
Available Pagefile: 16228.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:2773.91 GB) (Free:451.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:20.38 GB) (Free:2.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: C9292085)

Partition: GPT Partition Type.

==================== End Of Log ============================



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:03 AM

Posted 28 March 2015 - 07:43 AM

Hey,
well done. :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM-x32\...\Run: [] => [X]
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    CHR DefaultSearchKeyword: Default -> conduit.search
    S2 AFAsdqUV; "C:\ProgramData\pIPlGT\AFAsdqUV.exe" [X]
    S2 vENS; C:\windows\System32\vENS.dll [1464320 2014-10-05] () [File not signed]
    S2 vontCache; C:\windows\System32\vontCache.dll [1464320 2014-12-29] () [File not signed]
    S2 wetman; C:\windows\System32\wetman.dll [1464320 2015-01-30] () [File not signed]
    S2 wolmgrx; C:\windows\System32\wolmgrx.dll [1464320 2014-09-20] () [File not signed]
    S2 xbioSrvc; C:\windows\System32\xbioSrvc.dll [1464320 2014-12-11] () [File not signed]
    S2 xdfs; C:\windows\System32\xdfs.dll [1464320 2015-02-21] () [File not signed]
    S2 xDSVia64; C:\windows\System32\xDSVia64.dll [1464320 2014-10-04] () [File not signed]
    S2 yontCache; C:\windows\System32\yontCache.dll [1464320 2015-02-27] () [File not signed]
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 29 March 2015 - 04:45 PM

The computer is working fine.  However, I am still losing space.  I have 451GB of space despite the fact that I started this thread with 458GB and I removed 4GB of movies yesterday.  The computer is starting faster from about 8 minutes to around 3 minutes to load the homepage.  Logs to follow in order requested.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Maria at 2015-03-29 14:46:41 Run:1
Running from C:\Users\Maria\Desktop\New folder (2)
Loaded Profiles: Maria (Available profiles: Maria)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR DefaultSearchKeyword: Default -> conduit.search
S2 AFAsdqUV; "C:\ProgramData\pIPlGT\AFAsdqUV.exe" [X]
S2 vENS; C:\windows\System32\vENS.dll [1464320 2014-10-05] () [File not signed]
S2 vontCache; C:\windows\System32\vontCache.dll [1464320 2014-12-29] () [File not signed]
S2 wetman; C:\windows\System32\wetman.dll [1464320 2015-01-30] () [File not signed]
S2 wolmgrx; C:\windows\System32\wolmgrx.dll [1464320 2014-09-20] () [File not signed]
S2 xbioSrvc; C:\windows\System32\xbioSrvc.dll [1464320 2014-12-11] () [File not signed]
S2 xdfs; C:\windows\System32\xdfs.dll [1464320 2015-02-21] () [File not signed]
S2 xDSVia64; C:\windows\System32\xDSVia64.dll [1464320 2014-10-04] () [File not signed]
S2 yontCache; C:\windows\System32\yontCache.dll [1464320 2015-02-27] () [File not signed]
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome DefaultSearchKeyword not detected.
AFAsdqUV => Service deleted successfully.
vENS => Service deleted successfully.
vontCache => Service deleted successfully.
wetman => Service deleted successfully.
wolmgrx => Service deleted successfully.
xbioSrvc => Service deleted successfully.
xdfs => Service deleted successfully.
xDSVia64 => Service deleted successfully.
yontCache => Service deleted successfully.
EmptyTemp: => Removed 1.2 GB temporary data.

The system needed a reboot.

==== End of Fixlog 14:50:04 ====

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Maria (administrator) on MARIA-HP on 29-03-2015 15:03:42
Running from C:\Users\Maria\Desktop\New folder (2)
Loaded Profiles: Maria (Available profiles: Maria)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe
( ) C:\Windows\System32\dleacoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(Gemalto N.V.) C:\Users\Maria\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_134_ActiveX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\32\Adobe QT32 Server.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [765952 2010-04-01] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe [135168 2009-06-22] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2013-06-23] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatchTray15.exe [294632 2013-08-19] (Corel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-08] (Google Inc.)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Maria\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {165A6CE7-B571-4736-9096-C3B010B98332} URL = http://search.whiteskyservices.com/?wstoken=910E370D-3E1A-4BB2-8C14-8B56A97073C0&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {6A6BFF93-2829-4B7A-A464-E9B7CE750FB7} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150105,20028,0,31,0
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Fast Connect -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.15.311.2\NativeBHO.dll [2015-03-11] (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://clkitchens.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-03-29]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-17]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo.com/?type=888596&fr=yo-yhp-ch
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=888596&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> conduit.search
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Identity Safe) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (No Name) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-03-27]
CHR Extension: (Google Wallet) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457960 2013-08-19] ()
R2 a360; C:\windows\System32\a360.dll [1464320 2015-01-25] () [File not signed]
R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22760 2013-08-19] ()
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 cartmgr; C:\windows\System32\cartmgr.dll [1464320 2014-09-27] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
R2 dlea_device; C:\windows\system32\dleacoms.exe [1047552 2009-12-09] ( )
R2 dlea_device; C:\windows\SysWOW64\dleacoms.exe [593920 2009-12-09] ( )
R2 dpcEptMapper; C:\windows\System32\dpcEptMapper.dll [1464320 2014-08-01] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 hasSstp; C:\windows\System32\hasSstp.dll [1464320 2015-01-05] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 jDVaultSvc; C:\windows\System32\jDVaultSvc.dll [1464320 2015-02-12] () [File not signed]
R2 jlaSvc; C:\windows\System32\jlaSvc.dll [1464320 2014-12-17] () [File not signed]
R2 lPBusEnum; C:\windows\System32\lPBusEnum.dll [1464320 2015-03-11] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 mlaSvc; C:\windows\System32\mlaSvc.dll [1464320 2014-12-04] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 ncpipreg; C:\windows\System32\ncpipreg.dll [1464320 2014-11-29] () [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)
R2 qupdate; C:\windows\System32\qupdate.dll [1464320 2014-10-12] () [File not signed]
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 reLookupSvc; C:\windows\System32\reLookupSvc.dll [1464320 2014-11-15] () [File not signed]
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-09-27] ()
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxMediaDB15.exe [1097448 2013-08-19] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatch15.exe [341736 2013-08-19] (Corel Corporation)
R2 sertPropSvc; C:\windows\System32\sertPropSvc.dll [1464320 2014-10-26] () [File not signed]
R2 sontCache3.0.0.0; C:\windows\System32\sontCache3.0.0.0.dll [1464320 2014-08-13] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-11-27] (Enigma Software Group USA, LLC.)
R2 tlickToRunSvc; C:\windows\System32\tlickToRunSvc.dll [1464320 2015-03-28] () [File not signed]
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [161744 2015-03-10] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DbusAudio; C:\Windows\System32\drivers\DbusAudio.sys [34040 2011-09-01] (Windows ® Codename Longhorn DDK provider)
S3 DrmRAudio; C:\Windows\System32\drivers\DrmRAudio.sys [34504 2013-12-16] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-09] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-11-27] (Enigma Software Group USA, LLC.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-04-06] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150327.001\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150328.002\ENG64.SYS [129752 2015-02-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150328.002\EX64.SYS [2137304 2015-02-14] (Symantec Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2486416 2014-12-31] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2013-08-19] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2013-08-19] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2013-08-19] (Corel Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: jDVaultSvc -> C:\windows\System32\jDVaultSvc.dll ()
NETSVC: tlickToRunSvc -> C:\windows\System32\tlickToRunSvc.dll ()
NETSVC: jlaSvc -> C:\windows\System32\jlaSvc.dll ()
NETSVC: vontCache -> No ServiceDLL Path.
NETSVC: wetman -> No ServiceDLL Path.
NETSVC: lPBusEnum -> C:\windows\System32\lPBusEnum.dll ()
NETSVC: xbioSrvc -> No ServiceDLL Path.
NETSVC: reLookupSvc -> C:\windows\System32\reLookupSvc.dll ()
NETSVC: ncpipreg -> C:\windows\System32\ncpipreg.dll ()
NETSVC: vENS -> No ServiceDLL Path.
NETSVC: yontCache -> No ServiceDLL Path.
NETSVC: xdfs -> No ServiceDLL Path.
NETSVC: hasSstp -> C:\windows\System32\hasSstp.dll ()
NETSVC: sertPropSvc -> C:\windows\System32\sertPropSvc.dll ()
NETSVC: dpcEptMapper -> C:\windows\System32\dpcEptMapper.dll ()
NETSVC: wolmgrx -> No ServiceDLL Path.
NETSVC: a360 -> C:\windows\System32\a360.dll ()
NETSVC: mlaSvc -> C:\windows\System32\mlaSvc.dll ()
NETSVC: xDSVia64 -> No ServiceDLL Path.
NETSVC: cartmgr -> C:\windows\System32\cartmgr.dll ()
NETSVC: qupdate -> C:\windows\System32\qupdate.dll ()
NETSVC: sontCache3.0.0.0 -> C:\windows\System32\sontCache3.0.0.0.dll ()

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 14:29 - 2015-03-28 14:29 - 01464320 _____ () C:\windows\system32\tlickToRunSvc.dll
2015-03-28 14:29 - 2015-03-28 14:29 - 00000657 _____ () C:\windows\system32\tlickToRunSvc.ocx
2015-03-26 23:07 - 2015-03-26 23:07 - 00000017 _____ () C:\windows\SysWOW64\shortcut_ex.dat
2015-03-26 22:59 - 2015-03-26 23:02 - 00000000 ____D () C:\AdwCleaner
2015-03-26 20:27 - 2015-03-26 22:52 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_3128
2015-03-26 20:27 - 2015-03-26 20:28 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_3949
2015-03-25 19:11 - 2015-03-29 15:03 - 00000000 ____D () C:\FRST
2015-03-22 14:05 - 2015-02-21 02:40 - 00096639 _____ () C:\Users\Maria\Downloads\2014 - The Hunger Games - Mockingjay Part 1.srt
2015-03-22 13:59 - 2013-04-18 18:00 - 313208753 _____ () C:\Users\Maria\Downloads\The Art of Candle Making - 2008.mp4
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Users\Maria\Downloads\Rachel and the Stranger (1948)
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Users\Maria\Downloads\Phantom of Chinatown (1940)
2015-03-22 11:43 - 2015-03-22 11:46 - 00000000 ____D () C:\Users\Maria\Downloads\d.2013.u316520.Rapidmoviez.com
2015-03-22 11:43 - 2015-03-22 11:43 - 00000000 ____D () C:\Users\Maria\Downloads\c.2015.u399303.Rapidmoviez.com
2015-03-20 18:13 - 2015-03-20 18:14 - 00000000 ____D () C:\Users\Maria\Desktop\DKbyML
2015-03-20 18:05 - 2015-03-20 18:05 - 01742928 _____ (BitTorrent Inc.) C:\Users\Maria\Downloads\uTorrent.exe
2015-03-19 23:24 - 2014-12-02 14:13 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-03-19 19:49 - 2015-03-19 19:50 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_2191
2015-03-16 18:32 - 2015-03-25 08:52 - 00000000 ____D () C:\Users\Maria\Desktop\Tug
2015-03-16 17:59 - 2015-03-16 19:30 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_421
2015-03-15 16:59 - 2015-03-15 16:59 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\FarmMystery
2015-03-15 16:54 - 2015-03-15 16:54 - 00003292 _____ () C:\windows\System32\Tasks\{38FBC635-B187-466F-8535-89E9B2D68493}
2015-03-15 12:33 - 2015-03-15 12:33 - 00000000 ____D () C:\Users\Maria\Desktop\KA HB I - 1975.zip
2015-03-15 12:19 - 2015-03-15 12:19 - 00000000 ____D () C:\Users\Maria\Desktop\KA-HBbylon2
2015-03-15 12:18 - 2015-03-15 12:24 - 131072000 _____ () C:\Users\Maria\Desktop\KA HB I - 1975.zip.001
2015-03-15 12:18 - 2015-03-15 12:24 - 117874764 _____ () C:\Users\Maria\Desktop\KA HB I - 1975.zip.002
2015-03-15 10:29 - 2015-03-15 10:30 - 00000000 ____D () C:\Users\Maria\Desktop\TGRI11DA
2015-03-14 21:23 - 2015-03-14 21:23 - 00000000 ____D () C:\Users\Maria\Downloads\YIFY.info_-_Interstellar.2014.DVDScr.XVID.AC3.HQ
2015-03-14 21:21 - 2015-02-21 03:30 - 553103535 _____ () C:\Users\Maria\Downloads\2014 - The Hunger Games - Mockingjay Part 1.mkv
2015-03-13 18:43 - 2015-03-13 18:43 - 00000000 ____D () C:\Users\Maria\Desktop\MyScrapChickBellyBox
2015-03-13 09:39 - 2015-03-13 09:40 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_942
2015-03-11 19:52 - 2015-03-11 19:52 - 01464320 _____ () C:\windows\system32\lPBusEnum.dll
2015-03-11 19:52 - 2015-03-11 19:52 - 00000657 _____ () C:\windows\system32\lPBusEnum.ocx
2015-03-11 17:51 - 2015-03-11 17:51 - 00000000 ____D () C:\Users\Maria\Documents\aap
2015-03-10 22:41 - 2015-03-10 22:41 - 00000000 ____D () C:\Users\Maria\Desktop\TeGer
2015-03-09 22:24 - 2015-03-09 22:24 - 00000823 _____ () C:\Users\Maria\Documents\describe.txt
2015-03-08 17:37 - 2015-03-26 19:25 - 00000000 ____D () C:\Users\Maria\Documents\Jobs Applied
2015-03-08 17:15 - 2015-03-08 17:15 - 04718744 _____ () C:\ProgramData\SPL83A6.tmp
2015-03-08 16:51 - 2015-03-08 16:51 - 00183808 _____ () C:\Users\Maria\Desktop\hr-application.wiz.ux8fzcp.partial
2015-03-08 14:57 - 2015-03-26 19:41 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\SanDisk
2015-03-08 14:57 - 2015-03-08 14:57 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
2015-03-07 13:55 - 2015-03-07 13:57 - 303654387 ____R () C:\Users\Maria\Downloads\India's Daughter   Indian rapist BBC documentary Delhi Nirbhaya full HD.webm
2015-03-05 09:43 - 2015-03-29 15:03 - 00000000 ____D () C:\Users\Maria\Desktop\New folder (2)
2015-03-05 09:27 - 2014-05-17 18:54 - 00000000 ____D () C:\Users\Maria\Desktop\Diane Leyne - [Satisfaction, Texas 04] - Playing for Satisfaction [Siren Menage Everlasting] (html)
2015-03-04 19:01 - 2015-03-04 21:49 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_3F52
2015-03-03 23:29 - 2015-03-03 23:29 - 00000000 _____ () C:\windows\SysWOW64\shoCC1E.tmp
2015-03-01 13:41 - 2015-03-16 12:52 - 00000000 ____D () C:\Users\Maria\Desktop\Draft Order Ref N58958001
2015-03-01 13:41 - 2015-03-01 13:41 - 00038119 _____ () C:\Users\Maria\Desktop\Draft Order Ref N58958001.zip
2015-03-01 13:40 - 2015-03-01 13:40 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_21CB
2015-02-28 11:58 - 2015-02-28 11:58 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_CFB
2015-02-27 23:30 - 2015-02-27 23:30 - 00000000 _____ () C:\windows\SysWOW64\sho893.tmp
2015-02-27 23:28 - 2015-02-27 23:28 - 00000076 _____ () C:\Users\Maria\Desktop\cat.txt
2015-02-27 19:17 - 2015-02-27 19:17 - 01464320 _____ () C:\windows\system32\yontCache.dll
2015-02-27 19:17 - 2015-02-27 19:17 - 00000657 _____ () C:\windows\system32\yontCache.ocx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 15:03 - 2013-05-26 17:21 - 00000000 ____D () C:\Users\Maria\AppData\Local\CrashDumps
2015-03-29 15:01 - 2013-06-02 15:25 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\ID Vault
2015-03-29 14:59 - 2014-12-18 15:10 - 00004974 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Maria-HP-Maria Maria-HP
2015-03-29 14:59 - 2013-05-25 21:05 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{C71CF554-B784-48C5-B89F-CECCF82CBFB2}
2015-03-29 14:57 - 2014-08-07 08:36 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 14:56 - 2013-05-26 15:43 - 00147384 _____ () C:\ProgramData\dleascan.log
2015-03-29 14:56 - 2013-05-17 14:34 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-29 14:55 - 2013-07-04 19:06 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-29 14:54 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-29 14:54 - 2009-07-14 00:51 - 00136342 _____ () C:\windows\setupact.log
2015-03-29 14:53 - 2010-11-20 23:47 - 02077814 _____ () C:\windows\PFRO.log
2015-03-29 14:52 - 2013-05-25 21:01 - 01712360 _____ () C:\windows\WindowsUpdate.log
2015-03-29 14:45 - 2013-12-08 16:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 14:12 - 2013-07-04 19:06 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-29 12:12 - 2013-06-02 15:24 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2015-03-29 11:57 - 2014-08-07 08:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 10:46 - 2013-05-26 09:12 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-03-29 10:39 - 2013-05-26 16:11 - 00000000 ____D () C:\ProgramData\Dl_cats
2015-03-29 10:38 - 2013-05-26 16:22 - 00067710 _____ () C:\ProgramData\dleaJSW.log
2015-03-29 10:32 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 10:32 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 10:31 - 2014-09-01 09:54 - 00000000 ____D () C:\Users\Maria\AppData\Local\Adobe
2015-03-28 22:42 - 2013-07-19 10:32 - 00000000 ____D () C:\Users\Maria\Documents\Calibre Library
2015-03-28 22:16 - 2009-07-14 01:13 - 00783424 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-28 19:53 - 2013-05-17 14:20 - 00000000 ____D () C:\ProgramData\Temp
2015-03-28 17:05 - 2013-07-18 19:18 - 00000000 ____D () C:\Users\Maria\Downloads\Movies
2015-03-28 14:29 - 2014-06-29 14:01 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Xilisoft
2015-03-28 14:28 - 2014-06-29 18:14 - 00002813 _____ () C:\Users\Public\Desktop\Xilisoft DVD Creator.lnk
2015-03-28 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\Globalization
2015-03-27 19:19 - 2015-02-24 22:04 - 00032222 _____ () C:\Users\Maria\Desktop\Book1.xlsx
2015-03-27 17:23 - 2014-08-07 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-27 17:23 - 2013-06-01 19:36 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-26 19:24 - 2014-12-09 21:42 - 00000000 ____D () C:\Users\Maria\Documents\Jobs
2015-03-26 16:18 - 2015-01-04 11:16 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMaria
2015-03-26 16:18 - 2015-01-04 11:16 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForMaria.job
2015-03-22 20:59 - 2013-12-08 16:25 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-03-22 20:59 - 2013-05-17 14:27 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 20:59 - 2013-05-17 14:27 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 16:54 - 2013-05-26 14:21 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\vlc
2015-03-22 13:58 - 2014-07-05 17:22 - 00000000 ____D () C:\Users\Maria\Downloads\Tom
2015-03-21 21:22 - 2013-07-12 19:03 - 00000000 ____D () C:\Users\Maria\Downloads\Books
2015-03-21 12:14 - 2014-11-28 17:24 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 20:36 - 2013-12-21 17:42 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\uTorrent
2015-03-20 18:07 - 2014-12-06 12:10 - 00000000 ____D () C:\ProgramData\Unchecky
2015-03-19 23:24 - 2014-02-09 19:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-19 23:24 - 2014-02-09 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-19 11:06 - 2013-06-02 15:25 - 00000000 ____D () C:\Users\Maria\AppData\Local\ID Vault
2015-03-19 11:00 - 2014-12-05 19:25 - 00002199 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Connect.lnk
2015-03-19 11:00 - 2014-12-05 19:25 - 00002187 _____ () C:\Users\Public\Desktop\Fast Connect.lnk
2015-03-17 06:15 - 2014-08-07 08:36 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-08-07 08:36 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2013-06-01 19:36 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-16 10:43 - 2009-07-14 00:45 - 00573856 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-15 16:57 - 2013-07-14 13:43 - 00000000 ____D () C:\games
2015-03-15 16:54 - 2014-05-28 18:07 - 00002476 _____ () C:\Users\Maria\Desktop\Hidden Expedition - Smithsonian Hope Diamond CE.lnk
2015-03-15 16:54 - 2014-05-28 18:07 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Expedition - Smithsonian Hope Diamond CE
2015-03-15 09:28 - 2013-05-28 11:40 - 00167600 _____ () C:\Users\Maria\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-15 07:54 - 2013-07-30 19:55 - 00000000 ____D () C:\Users\Maria\Downloads\Games
2015-03-15 07:36 - 2014-12-28 21:07 - 00000000 ____D () C:\Users\Maria\Downloads\Agatha.Raisin.The.Quiche.Of.Death
2015-03-15 07:35 - 2013-08-04 11:02 - 00000000 ____D () C:\Users\Maria\Downloads\Applications
2015-03-14 16:13 - 2014-12-02 15:28 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-13 09:30 - 2014-04-03 17:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-08 20:31 - 2015-01-27 01:19 - 00000455 _____ () C:\Users\Maria\Documents\Contacts.txt
2015-03-08 17:17 - 2013-05-25 21:06 - 00000000 ____D () C:\Users\Maria\AppData\Local\VirtualStore
2015-03-04 12:22 - 2013-05-28 14:49 - 00000000 ____D () C:\Users\Maria\AppData\Local\Google
2015-03-02 22:30 - 2013-12-01 14:46 - 01572864 ___SH () C:\Users\Maria\Downloads\Thumbs.db
2015-03-02 20:59 - 2014-02-02 10:34 - 00000000 ____D () C:\Users\Maria\Downloads\Magazines

==================== Files in the root of some directories =======

2014-03-20 07:53 - 2014-03-20 07:53 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-06-22 17:24 - 2014-06-26 19:05 - 0099384 _____ () C:\Users\Maria\AppData\Roaming\inst.exe
2014-06-22 17:24 - 2014-06-26 19:05 - 0007859 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.cat
2014-06-22 17:24 - 2014-06-26 19:05 - 0001167 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.inf
2014-06-22 17:24 - 2014-06-26 19:05 - 0000055 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.log
2014-06-22 17:24 - 2014-06-26 19:05 - 0082816 _____ (VSO Software) C:\Users\Maria\AppData\Roaming\pcouffin.sys
2014-02-28 21:25 - 2014-02-28 21:25 - 0000042 _____ () C:\Users\Maria\AppData\Roaming\WB.CFG
2013-06-09 12:02 - 2013-06-16 06:17 - 0000173 _____ () C:\Users\Maria\AppData\Local\msmathematics.qat.Maria
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2013-10-21 12:33 - 2015-02-19 13:30 - 0011108 _____ () C:\ProgramData\dlea.log
2013-09-07 18:30 - 2014-12-28 21:41 - 0000553 _____ () C:\ProgramData\dleaDiagnostics.log
2013-05-26 16:22 - 2015-03-29 10:38 - 0067710 _____ () C:\ProgramData\dleaJSW.log
2013-05-26 15:43 - 2015-03-29 14:56 - 0147384 _____ () C:\ProgramData\dleascan.log
2013-05-27 11:45 - 2014-11-23 16:46 - 0000756 _____ () C:\ProgramData\FastPics.log
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-09-13 06:56 - 2013-09-13 06:56 - 0002456 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag
2014-12-29 15:39 - 2014-12-29 15:39 - 0067681 _____ () C:\ProgramData\SPL258B.tmp
2015-01-19 11:53 - 2015-01-19 11:53 - 0087811 _____ () C:\ProgramData\SPL5456.tmp
2014-11-30 15:56 - 2014-11-30 15:56 - 0099946 _____ () C:\ProgramData\SPL63D3.tmp
2015-01-16 12:13 - 2015-01-16 12:13 - 0724473 _____ () C:\ProgramData\SPL6665.tmp
2014-03-11 11:36 - 2014-03-11 11:36 - 3190040 _____ () C:\ProgramData\SPL68C6.tmp
2014-12-24 16:50 - 2014-12-24 16:50 - 0937733 _____ () C:\ProgramData\SPL778F.tmp
2015-01-19 09:44 - 2015-01-19 09:44 - 1597306 _____ () C:\ProgramData\SPL7BB4.tmp
2015-03-08 17:15 - 2015-03-08 17:15 - 4718744 _____ () C:\ProgramData\SPL83A6.tmp
2015-01-19 12:09 - 2015-01-19 12:09 - 0091859 _____ () C:\ProgramData\SPL859.tmp
2014-12-29 14:06 - 2014-12-29 14:06 - 1253090 _____ () C:\ProgramData\SPL94A2.tmp
2014-11-23 16:12 - 2014-11-23 16:12 - 0368105 _____ () C:\ProgramData\SPLA0E.tmp
2014-02-19 13:06 - 2014-02-19 13:06 - 1915209 _____ () C:\ProgramData\SPLB9F0.tmp
2015-01-16 12:56 - 2015-01-16 12:56 - 0725089 _____ () C:\ProgramData\SPLC226.tmp
2015-02-02 15:07 - 2015-02-02 15:07 - 1278112 _____ () C:\ProgramData\SPLCD40.tmp
2013-07-17 20:15 - 2013-07-17 20:15 - 0147153 _____ () C:\ProgramData\SPLD89F.tmp
2013-07-18 13:47 - 2013-07-18 13:47 - 0147153 _____ () C:\ProgramData\SPLEA.tmp
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 15:17

==================== End Of Log ============================

 

 

 

C:\AdwCleaner\Quarantine\C\Users\Maria\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Helper.dll.vir a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Maria\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ProPCCleaner.exe.vir a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Maria\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Uninst000.CA.dll.vir a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application
 



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:03 AM

Posted 29 March 2015 - 06:15 PM

Hey,
well done so far. :)

First,
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    2014-12-29 15:39 - 2014-12-29 15:39 - 0067681 _____ () C:\ProgramData\SPL258B.tmp
    2015-01-19 11:53 - 2015-01-19 11:53 - 0087811 _____ () C:\ProgramData\SPL5456.tmp
    2014-11-30 15:56 - 2014-11-30 15:56 - 0099946 _____ () C:\ProgramData\SPL63D3.tmp
    2015-01-16 12:13 - 2015-01-16 12:13 - 0724473 _____ () C:\ProgramData\SPL6665.tmp
    2014-03-11 11:36 - 2014-03-11 11:36 - 3190040 _____ () C:\ProgramData\SPL68C6.tmp
    2014-12-24 16:50 - 2014-12-24 16:50 - 0937733 _____ () C:\ProgramData\SPL778F.tmp
    2015-01-19 09:44 - 2015-01-19 09:44 - 1597306 _____ () C:\ProgramData\SPL7BB4.tmp
    2015-03-08 17:15 - 2015-03-08 17:15 - 4718744 _____ () C:\ProgramData\SPL83A6.tmp
    2015-01-19 12:09 - 2015-01-19 12:09 - 0091859 _____ () C:\ProgramData\SPL859.tmp
    2014-12-29 14:06 - 2014-12-29 14:06 - 1253090 _____ () C:\ProgramData\SPL94A2.tmp
    2014-11-23 16:12 - 2014-11-23 16:12 - 0368105 _____ () C:\ProgramData\SPLA0E.tmp
    2014-02-19 13:06 - 2014-02-19 13:06 - 1915209 _____ () C:\ProgramData\SPLB9F0.tmp
    2015-01-16 12:56 - 2015-01-16 12:56 - 0725089 _____ () C:\ProgramData\SPLC226.tmp
    2015-02-02 15:07 - 2015-02-02 15:07 - 1278112 _____ () C:\ProgramData\SPLCD40.tmp
    2013-07-17 20:15 - 2013-07-17 20:15 - 0147153 _____ () C:\ProgramData\SPLD89F.tmp
    2013-07-18 13:47 - 2013-07-18 13:47 - 0147153 _____ () C:\ProgramData\SPLEA.tmp
    
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Then,
  • Download Windows Repair (All in One) from this site
  • Install the program then run it.
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.
  • Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
  • If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk. In that case make sure you restart computer.
p22004342.gif
  • Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:
p22004343.gif
  • Go to Step 4 and under "System Restore" click on Create button:
p22004346.gif
  • Go to Start Repairs tab and click Start button. Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design. Click on Start button.
 
p22004347.gif
  • Post Windows Repair log which is located in the following folder:
    • 64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    • 32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
Then,
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
  • Then,
    how is your system running now?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 01 April 2015 - 04:14 PM

The computer is much quicker than before. I have held at 454GB for a few days now. My goal is to install Windows 8 once I get more files removed.

I hope I have the correct logs below. The second log from Windows Repair (All in One) does not look like the other logs so I am unsure if I am giving you the correct log. The application is updated and the screen frames you used above are now different, but the steps are basically the same.



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Maria at 2015-04-01 15:34:15 Run:2
Running from C:\Users\Maria\Desktop\New folder (2)
Loaded Profiles: Maria (Available profiles: Maria)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
2014-12-29 15:39 - 2014-12-29 15:39 - 0067681 _____ () C:\ProgramData\SPL258B.tmp
2015-01-19 11:53 - 2015-01-19 11:53 - 0087811 _____ () C:\ProgramData\SPL5456.tmp
2014-11-30 15:56 - 2014-11-30 15:56 - 0099946 _____ () C:\ProgramData\SPL63D3.tmp
2015-01-16 12:13 - 2015-01-16 12:13 - 0724473 _____ () C:\ProgramData\SPL6665.tmp
2014-03-11 11:36 - 2014-03-11 11:36 - 3190040 _____ () C:\ProgramData\SPL68C6.tmp
2014-12-24 16:50 - 2014-12-24 16:50 - 0937733 _____ () C:\ProgramData\SPL778F.tmp
2015-01-19 09:44 - 2015-01-19 09:44 - 1597306 _____ () C:\ProgramData\SPL7BB4.tmp
2015-03-08 17:15 - 2015-03-08 17:15 - 4718744 _____ () C:\ProgramData\SPL83A6.tmp
2015-01-19 12:09 - 2015-01-19 12:09 - 0091859 _____ () C:\ProgramData\SPL859.tmp
2014-12-29 14:06 - 2014-12-29 14:06 - 1253090 _____ () C:\ProgramData\SPL94A2.tmp
2014-11-23 16:12 - 2014-11-23 16:12 - 0368105 _____ () C:\ProgramData\SPLA0E.tmp
2014-02-19 13:06 - 2014-02-19 13:06 - 1915209 _____ () C:\ProgramData\SPLB9F0.tmp
2015-01-16 12:56 - 2015-01-16 12:56 - 0725089 _____ () C:\ProgramData\SPLC226.tmp
2015-02-02 15:07 - 2015-02-02 15:07 - 1278112 _____ () C:\ProgramData\SPLCD40.tmp
2013-07-17 20:15 - 2013-07-17 20:15 - 0147153 _____ () C:\ProgramData\SPLD89F.tmp
2013-07-18 13:47 - 2013-07-18 13:47 - 0147153 _____ () C:\ProgramData\SPLEA.tmp
*****************

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\ProgramData\SPL258B.tmp => Moved successfully.
C:\ProgramData\SPL5456.tmp => Moved successfully.
C:\ProgramData\SPL63D3.tmp => Moved successfully.
C:\ProgramData\SPL6665.tmp => Moved successfully.
C:\ProgramData\SPL68C6.tmp => Moved successfully.
C:\ProgramData\SPL778F.tmp => Moved successfully.
C:\ProgramData\SPL7BB4.tmp => Moved successfully.
C:\ProgramData\SPL83A6.tmp => Moved successfully.
C:\ProgramData\SPL859.tmp => Moved successfully.
C:\ProgramData\SPL94A2.tmp => Moved successfully.
C:\ProgramData\SPLA0E.tmp => Moved successfully.
C:\ProgramData\SPLB9F0.tmp => Moved successfully.
C:\ProgramData\SPLC226.tmp => Moved successfully.
C:\ProgramData\SPLCD40.tmp => Moved successfully.
C:\ProgramData\SPLD89F.tmp => Moved successfully.
C:\ProgramData\SPLEA.tmp => Moved successfully.

==== End of Fixlog 15:34:16 ====





Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Users\Maria\Desktop\New folder (2)>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
0 percent complete. (0 of 1144832 file records processed)
0 percent complete. (11547 of 1144832 file records processed)
0 percent complete. (30476 of 1144832 file records processed)
0 percent complete. (51335 of 1144832 file records processed)
0 percent complete. (67073 of 1144832 file records processed)
0 percent complete. (99912 of 1144832 file records processed)
1 percent complete. (114484 of 1144832 file records processed)
1 percent complete. (171148 of 1144832 file records processed)
1 percent complete. (211995 of 1144832 file records processed)
2 percent complete. (228967 of 1144832 file records processed)
2 percent complete. (276642 of 1144832 file records processed)
2 percent complete. (300776 of 1144832 file records processed)
2 percent complete. (320257 of 1144832 file records processed)
3 percent complete. (343450 of 1144832 file records processed)
3 percent complete. (435713 of 1144832 file records processed)
4 percent complete. (457933 of 1144832 file records processed)
4 percent complete. (504886 of 1144832 file records processed)
5 percent complete. (572416 of 1144832 file records processed)
5 percent complete. (652289 of 1144832 file records processed)
6 percent complete. (686900 of 1144832 file records processed)
6 percent complete. (770305 of 1144832 file records processed)
7 percent complete. (801383 of 1144832 file records processed)
7 percent complete. (888600 of 1144832 file records processed)
8 percent complete. (915866 of 1144832 file records processed)
8 percent complete. (970697 of 1144832 file records processed)
9 percent complete. (1030349 of 1144832 file records processed)
1144832 file records processed.

File verification completed.
1364 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
11 percent complete. (32884 of 1320276 index entries processed)
12 percent complete. (66236 of 1320276 index entries processed)
13 percent complete. (99589 of 1320276 index entries processed)
14 percent complete. (132941 of 1320276 index entries processed)
15 percent complete. (166294 of 1320276 index entries processed)
16 percent complete. (199647 of 1320276 index entries processed)
17 percent complete. (232999 of 1320276 index entries processed)
18 percent complete. (266352 of 1320276 index entries processed)
19 percent complete. (299704 of 1320276 index entries processed)
20 percent complete. (333057 of 1320276 index entries processed)
21 percent complete. (366409 of 1320276 index entries processed)
22 percent complete. (399762 of 1320276 index entries processed)
23 percent complete. (433115 of 1320276 index entries processed)
24 percent complete. (466467 of 1320276 index entries processed)
25 percent complete. (499820 of 1320276 index entries processed)
26 percent complete. (533172 of 1320276 index entries processed)
27 percent complete. (566525 of 1320276 index entries processed)
28 percent complete. (599877 of 1320276 index entries processed)
29 percent complete. (633230 of 1320276 index entries processed)
30 percent complete. (666582 of 1320276 index entries processed)
31 percent complete. (699935 of 1320276 index entries processed)
32 percent complete. (733288 of 1320276 index entries processed)
33 percent complete. (766640 of 1320276 index entries processed)
34 percent complete. (799993 of 1320276 index entries processed)
35 percent complete. (833345 of 1320276 index entries processed)
36 percent complete. (866698 of 1320276 index entries processed)
37 percent complete. (900050 of 1320276 index entries processed)
38 percent complete. (933403 of 1320276 index entries processed)
39 percent complete. (966756 of 1320276 index entries processed)
40 percent complete. (1000108 of 1320276 index entries processed)
41 percent complete. (1033461 of 1320276 index entries processed)
42 percent complete. (1066813 of 1320276 index entries processed)
43 percent complete. (1100166 of 1320276 index entries processed)
44 percent complete. (1133518 of 1320276 index entries processed)
44 percent complete. (1144844 of 1320276 index entries processed)
Index entry 0000000000011FA3 in index $I30 of file 30 is incorrect.
44 percent complete. (1145377 of 1320276 index entries processed)
44 percent complete. (1145905 of 1320276 index entries processed)
44 percent complete. (1146174 of 1320276 index entries processed)
44 percent complete. (1146677 of 1320276 index entries processed)
44 percent complete. (1147047 of 1320276 index entries processed)
44 percent complete. (1148057 of 1320276 index entries processed)
44 percent complete. (1148623 of 1320276 index entries processed)
44 percent complete. (1149465 of 1320276 index entries processed)
44 percent complete. (1150270 of 1320276 index entries processed)
44 percent complete. (1151885 of 1320276 index entries processed)
44 percent complete. (1153849 of 1320276 index entries processed)
44 percent complete. (1155194 of 1320276 index entries processed)
44 percent complete. (1156412 of 1320276 index entries processed)
44 percent complete. (1160372 of 1320276 index entries processed)
44 percent complete. (1160604 of 1320276 index entries processed)
44 percent complete. (1160827 of 1320276 index entries processed)
44 percent complete. (1160923 of 1320276 index entries processed)
44 percent complete. (1161221 of 1320276 index entries processed)
44 percent complete. (1161308 of 1320276 index entries processed)
44 percent complete. (1161698 of 1320276 index entries processed)
44 percent complete. (1162332 of 1320276 index entries processed)
44 percent complete. (1162862 of 1320276 index entries processed)
44 percent complete. (1163046 of 1320276 index entries processed)
44 percent complete. (1163347 of 1320276 index entries processed)
44 percent complete. (1163557 of 1320276 index entries processed)
44 percent complete. (1163692 of 1320276 index entries processed)
44 percent complete. (1163831 of 1320276 index entries processed)
44 percent complete. (1163881 of 1320276 index entries processed)
44 percent complete. (1163958 of 1320276 index entries processed)
44 percent complete. (1164053 of 1320276 index entries processed)
44 percent complete. (1164090 of 1320276 index entries processed)
44 percent complete. (1164125 of 1320276 index entries processed)
44 percent complete. (1164159 of 1320276 index entries processed)
44 percent complete. (1164194 of 1320276 index entries processed)
44 percent complete. (1164326 of 1320276 index entries processed)
44 percent complete. (1164436 of 1320276 index entries processed)
44 percent complete. (1164689 of 1320276 index entries processed)
44 percent complete. (1164753 of 1320276 index entries processed)
44 percent complete. (1164927 of 1320276 index entries processed)
44 percent complete. (1165151 of 1320276 index entries processed)
44 percent complete. (1165349 of 1320276 index entries processed)
44 percent complete. (1165373 of 1320276 index entries processed)
44 percent complete. (1165435 of 1320276 index entries processed)
44 percent complete. (1165533 of 1320276 index entries processed)
44 percent complete. (1165707 of 1320276 index entries processed)
44 percent complete. (1165789 of 1320276 index entries processed)
44 percent complete. (1165978 of 1320276 index entries processed)
44 percent complete. (1166003 of 1320276 index entries processed)
44 percent complete. (1166230 of 1320276 index entries processed)
44 percent complete. (1166677 of 1320276 index entries processed)
45 percent complete. (1166871 of 1320276 index entries processed)
45 percent complete. (1167270 of 1320276 index entries processed)
45 percent complete. (1167719 of 1320276 index entries processed)
45 percent complete. (1168060 of 1320276 index entries processed)
45 percent complete. (1168369 of 1320276 index entries processed)
45 percent complete. (1168747 of 1320276 index entries processed)
45 percent complete. (1170960 of 1320276 index entries processed)
Index entry SYMEFA1.DB in index $I30 of file 142839 is incorrect.
45 percent complete. (1171225 of 1320276 index entries processed)
45 percent complete. (1171537 of 1320276 index entries processed)
45 percent complete. (1171624 of 1320276 index entries processed)
45 percent complete. (1171982 of 1320276 index entries processed)
45 percent complete. (1172280 of 1320276 index entries processed)
45 percent complete. (1172540 of 1320276 index entries processed)
45 percent complete. (1172731 of 1320276 index entries processed)
45 percent complete. (1172793 of 1320276 index entries processed)
45 percent complete. (1172993 of 1320276 index entries processed)
45 percent complete. (1173152 of 1320276 index entries processed)
45 percent complete. (1173500 of 1320276 index entries processed)
45 percent complete. (1173581 of 1320276 index entries processed)
45 percent complete. (1173778 of 1320276 index entries processed)
45 percent complete. (1174199 of 1320276 index entries processed)
45 percent complete. (1174267 of 1320276 index entries processed)
45 percent complete. (1174469 of 1320276 index entries processed)
45 percent complete. (1174647 of 1320276 index entries processed)
45 percent complete. (1174687 of 1320276 index entries processed)
45 percent complete. (1174860 of 1320276 index entries processed)
45 percent complete. (1174974 of 1320276 index entries processed)
45 percent complete. (1175053 of 1320276 index entries processed)
45 percent complete. (1175079 of 1320276 index entries processed)
45 percent complete. (1175170 of 1320276 index entries processed)
45 percent complete. (1175364 of 1320276 index entries processed)
45 percent complete. (1175640 of 1320276 index entries processed)
45 percent complete. (1175767 of 1320276 index entries processed)
45 percent complete. (1175859 of 1320276 index entries processed)
45 percent complete. (1176060 of 1320276 index entries processed)
45 percent complete. (1176220 of 1320276 index entries processed)
45 percent complete. (1176311 of 1320276 index entries processed)
45 percent complete. (1176408 of 1320276 index entries processed)
45 percent complete. (1176459 of 1320276 index entries processed)
45 percent complete. (1176490 of 1320276 index entries processed)
Index entry as2[1].png in index $I30 of file 214972 is incorrect.
Index entry AS2_1_~1.PNG in index $I30 of file 214972 is incorrect.
Index entry wstracking[1].js in index $I30 of file 215003 is incorrect.
Index entry WSTRAC~1.JS in index $I30 of file 215003 is incorrect.
45 percent complete. (1176493 of 1320276 index entries processed)
45 percent complete. (1176566 of 1320276 index entries processed)
45 percent complete. (1176880 of 1320276 index entries processed)
45 percent complete. (1177097 of 1320276 index entries processed)
45 percent complete. (1177394 of 1320276 index entries processed)
45 percent complete. (1177827 of 1320276 index entries processed)
45 percent complete. (1178104 of 1320276 index entries processed)
45 percent complete. (1178450 of 1320276 index entries processed)
45 percent complete. (1178867 of 1320276 index entries processed)
45 percent complete. (1179222 of 1320276 index entries processed)
45 percent complete. (1179429 of 1320276 index entries processed)
45 percent complete. (1179870 of 1320276 index entries processed)
45 percent complete. (1180129 of 1320276 index entries processed)
45 percent complete. (1180329 of 1320276 index entries processed)
45 percent complete. (1180608 of 1320276 index entries processed)
45 percent complete. (1180821 of 1320276 index entries processed)
45 percent complete. (1181065 of 1320276 index entries processed)
45 percent complete. (1181479 of 1320276 index entries processed)
45 percent complete. (1181741 of 1320276 index entries processed)
45 percent complete. (1181968 of 1320276 index entries processed)
45 percent complete. (1182271 of 1320276 index entries processed)
45 percent complete. (1182519 of 1320276 index entries processed)
45 percent complete. (1182629 of 1320276 index entries processed)
45 percent complete. (1182877 of 1320276 index entries processed)
45 percent complete. (1183087 of 1320276 index entries processed)
45 percent complete. (1183212 of 1320276 index entries processed)
45 percent complete. (1183266 of 1320276 index entries processed)
45 percent complete. (1183312 of 1320276 index entries processed)
45 percent complete. (1183353 of 1320276 index entries processed)
45 percent complete. (1183423 of 1320276 index entries processed)
45 percent complete. (1183475 of 1320276 index entries processed)
45 percent complete. (1183540 of 1320276 index entries processed)
45 percent complete. (1183632 of 1320276 index entries processed)
45 percent complete. (1183690 of 1320276 index entries processed)
45 percent complete. (1183912 of 1320276 index entries processed)
45 percent complete. (1184208 of 1320276 index entries processed)
45 percent complete. (1184486 of 1320276 index entries processed)
45 percent complete. (1184866 of 1320276 index entries processed)
45 percent complete. (1184994 of 1320276 index entries processed)
45 percent complete. (1185191 of 1320276 index entries processed)
45 percent complete. (1185534 of 1320276 index entries processed)
45 percent complete. (1185722 of 1320276 index entries processed)
45 percent complete. (1185850 of 1320276 index entries processed)
45 percent complete. (1185993 of 1320276 index entries processed)
45 percent complete. (1186377 of 1320276 index entries processed)
45 percent complete. (1186828 of 1320276 index entries processed)
45 percent complete. (1187594 of 1320276 index entries processed)
45 percent complete. (1188038 of 1320276 index entries processed)
45 percent complete. (1188912 of 1320276 index entries processed)
45 percent complete. (1189431 of 1320276 index entries processed)
45 percent complete. (1190063 of 1320276 index entries processed)
45 percent complete. (1190992 of 1320276 index entries processed)
45 percent complete. (1191566 of 1320276 index entries processed)
45 percent complete. (1192173 of 1320276 index entries processed)
45 percent complete. (1192668 of 1320276 index entries processed)
45 percent complete. (1193476 of 1320276 index entries processed)
45 percent complete. (1194542 of 1320276 index entries processed)
45 percent complete. (1195319 of 1320276 index entries processed)
45 percent complete. (1196141 of 1320276 index entries processed)
45 percent complete. (1196660 of 1320276 index entries processed)
45 percent complete. (1197102 of 1320276 index entries processed)
45 percent complete. (1197353 of 1320276 index entries processed)
45 percent complete. (1197630 of 1320276 index entries processed)
45 percent complete. (1197767 of 1320276 index entries processed)
45 percent complete. (1197940 of 1320276 index entries processed)
45 percent complete. (1198132 of 1320276 index entries processed)
45 percent complete. (1198334 of 1320276 index entries processed)
45 percent complete. (1198501 of 1320276 index entries processed)
45 percent complete. (1198671 of 1320276 index entries processed)
45 percent complete. (1198881 of 1320276 index entries processed)
45 percent complete. (1199027 of 1320276 index entries processed)
45 percent complete. (1199140 of 1320276 index entries processed)
45 percent complete. (1199300 of 1320276 index entries processed)
45 percent complete. (1199450 of 1320276 index entries processed)
45 percent complete. (1199707 of 1320276 index entries processed)
45 percent complete. (1199862 of 1320276 index entries processed)
45 percent complete. (1199957 of 1320276 index entries processed)
45 percent complete. (1200094 of 1320276 index entries processed)
45 percent complete. (1200217 of 1320276 index entries processed)
46 percent complete. (1200224 of 1320276 index entries processed)
46 percent complete. (1200510 of 1320276 index entries processed)
46 percent complete. (1200728 of 1320276 index entries processed)
Error detected in index $I30 for file 582412.
Error detected in index $I30 for file 582430.
Error detected in index $I30 for file 582432.
46 percent complete. (1200874 of 1320276 index entries processed)
Error detected in index $I30 for file 582433.
46 percent complete. (1201197 of 1320276 index entries processed)
46 percent complete. (1201338 of 1320276 index entries processed)
46 percent complete. (1201560 of 1320276 index entries processed)
46 percent complete. (1201719 of 1320276 index entries processed)
46 percent complete. (1201877 of 1320276 index entries processed)
46 percent complete. (1202012 of 1320276 index entries processed)
46 percent complete. (1202155 of 1320276 index entries processed)
46 percent complete. (1202316 of 1320276 index entries processed)
46 percent complete. (1202369 of 1320276 index entries processed)
46 percent complete. (1202497 of 1320276 index entries processed)
46 percent complete. (1202640 of 1320276 index entries processed)
46 percent complete. (1202779 of 1320276 index entries processed)
46 percent complete. (1202842 of 1320276 index entries processed)
46 percent complete. (1202862 of 1320276 index entries processed)
46 percent complete. (1202904 of 1320276 index entries processed)
46 percent complete. (1203009 of 1320276 index entries processed)
46 percent complete. (1203148 of 1320276 index entries processed)
46 percent complete. (1203200 of 1320276 index entries processed)
46 percent complete. (1203301 of 1320276 index entries processed)
46 percent complete. (1203463 of 1320276 index entries processed)
46 percent complete. (1203760 of 1320276 index entries processed)
46 percent complete. (1203952 of 1320276 index entries processed)
46 percent complete. (1204012 of 1320276 index entries processed)
46 percent complete. (1204209 of 1320276 index entries processed)
46 percent complete. (1204324 of 1320276 index entries processed)
46 percent complete. (1204512 of 1320276 index entries processed)
46 percent complete. (1204768 of 1320276 index entries processed)
46 percent complete. (1204920 of 1320276 index entries processed)
46 percent complete. (1205017 of 1320276 index entries processed)
46 percent complete. (1205124 of 1320276 index entries processed)
46 percent complete. (1205275 of 1320276 index entries processed)
46 percent complete. (1205443 of 1320276 index entries processed)
46 percent complete. (1205641 of 1320276 index entries processed)
46 percent complete. (1205706 of 1320276 index entries processed)
46 percent complete. (1205783 of 1320276 index entries processed)
46 percent complete. (1205886 of 1320276 index entries processed)
46 percent complete. (1205956 of 1320276 index entries processed)
46 percent complete. (1206062 of 1320276 index entries processed)
46 percent complete. (1206106 of 1320276 index entries processed)
46 percent complete. (1206113 of 1320276 index entries processed)
46 percent complete. (1206116 of 1320276 index entries processed)
46 percent complete. (1206119 of 1320276 index entries processed)
46 percent complete. (1206146 of 1320276 index entries processed)
46 percent complete. (1206191 of 1320276 index entries processed)
46 percent complete. (1206326 of 1320276 index entries processed)
46 percent complete. (1206552 of 1320276 index entries processed)
46 percent complete. (1207216 of 1320276 index entries processed)
46 percent complete. (1208065 of 1320276 index entries processed)
46 percent complete. (1209043 of 1320276 index entries processed)
46 percent complete. (1209917 of 1320276 index entries processed)
46 percent complete. (1210769 of 1320276 index entries processed)
46 percent complete. (1211840 of 1320276 index entries processed)
46 percent complete. (1212652 of 1320276 index entries processed)
46 percent complete. (1213639 of 1320276 index entries processed)
46 percent complete. (1214553 of 1320276 index entries processed)
46 percent complete. (1215094 of 1320276 index entries processed)
46 percent complete. (1215414 of 1320276 index entries processed)
46 percent complete. (1215638 of 1320276 index entries processed)
46 percent complete. (1215995 of 1320276 index entries processed)
46 percent complete. (1216292 of 1320276 index entries processed)
46 percent complete. (1216598 of 1320276 index entries processed)
46 percent complete. (1216973 of 1320276 index entries processed)
46 percent complete. (1217433 of 1320276 index entries processed)
46 percent complete. (1217923 of 1320276 index entries processed)
46 percent complete. (1218114 of 1320276 index entries processed)
46 percent complete. (1218360 of 1320276 index entries processed)
46 percent complete. (1218681 of 1320276 index entries processed)
46 percent complete. (1218972 of 1320276 index entries processed)
46 percent complete. (1219290 of 1320276 index entries processed)
46 percent complete. (1219517 of 1320276 index entries processed)
46 percent complete. (1219657 of 1320276 index entries processed)
46 percent complete. (1219822 of 1320276 index entries processed)
46 percent complete. (1219943 of 1320276 index entries processed)
46 percent complete. (1220016 of 1320276 index entries processed)
46 percent complete. (1220168 of 1320276 index entries processed)
46 percent complete. (1220383 of 1320276 index entries processed)
46 percent complete. (1220896 of 1320276 index entries processed)
46 percent complete. (1220967 of 1320276 index entries processed)
46 percent complete. (1221102 of 1320276 index entries processed)
46 percent complete. (1221361 of 1320276 index entries processed)
46 percent complete. (1221513 of 1320276 index entries processed)
46 percent complete. (1221529 of 1320276 index entries processed)
46 percent complete. (1221722 of 1320276 index entries processed)
46 percent complete. (1222420 of 1320276 index entries processed)
46 percent complete. (1224033 of 1320276 index entries processed)
46 percent complete. (1224158 of 1320276 index entries processed)
46 percent complete. (1224260 of 1320276 index entries processed)
46 percent complete. (1224356 of 1320276 index entries processed)
46 percent complete. (1224480 of 1320276 index entries processed)
46 percent complete. (1224551 of 1320276 index entries processed)
46 percent complete. (1224673 of 1320276 index entries processed)
46 percent complete. (1224785 of 1320276 index entries processed)
46 percent complete. (1224912 of 1320276 index entries processed)
46 percent complete. (1225017 of 1320276 index entries processed)
46 percent complete. (1225103 of 1320276 index entries processed)
46 percent complete. (1225268 of 1320276 index entries processed)
46 percent complete. (1225401 of 1320276 index entries processed)
46 percent complete. (1225495 of 1320276 index entries processed)
46 percent complete. (1225593 of 1320276 index entries processed)
46 percent complete. (1225700 of 1320276 index entries processed)
46 percent complete. (1225805 of 1320276 index entries processed)
46 percent complete. (1225945 of 1320276 index entries processed)
46 percent complete. (1226153 of 1320276 index entries processed)
46 percent complete. (1226313 of 1320276 index entries processed)
46 percent complete. (1226521 of 1320276 index entries processed)
46 percent complete. (1227089 of 1320276 index entries processed)
46 percent complete. (1227361 of 1320276 index entries processed)
46 percent complete. (1227523 of 1320276 index entries processed)
46 percent complete. (1227706 of 1320276 index entries processed)
46 percent complete. (1228053 of 1320276 index entries processed)
46 percent complete. (1228571 of 1320276 index entries processed)
46 percent complete. (1229060 of 1320276 index entries processed)
46 percent complete. (1229372 of 1320276 index entries processed)
46 percent complete. (1229641 of 1320276 index entries processed)
46 percent complete. (1229755 of 1320276 index entries processed)
46 percent complete. (1229916 of 1320276 index entries processed)
46 percent complete. (1230264 of 1320276 index entries processed)
46 percent complete. (1230422 of 1320276 index entries processed)
46 percent complete. (1230528 of 1320276 index entries processed)
46 percent complete. (1230576 of 1320276 index entries processed)
46 percent complete. (1230693 of 1320276 index entries processed)
46 percent complete. (1230847 of 1320276 index entries processed)
46 percent complete. (1230911 of 1320276 index entries processed)
46 percent complete. (1230970 of 1320276 index entries processed)
46 percent complete. (1231019 of 1320276 index entries processed)
46 percent complete. (1231130 of 1320276 index entries processed)
46 percent complete. (1231175 of 1320276 index entries processed)
46 percent complete. (1231329 of 1320276 index entries processed)
46 percent complete. (1231563 of 1320276 index entries processed)
46 percent complete. (1231836 of 1320276 index entries processed)
46 percent complete. (1232082 of 1320276 index entries processed)
46 percent complete. (1232194 of 1320276 index entries processed)
46 percent complete. (1232286 of 1320276 index entries processed)
46 percent complete. (1232414 of 1320276 index entries processed)
46 percent complete. (1232496 of 1320276 index entries processed)
1320276 index entries processed.

Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.

C:\>

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Maria (administrator) on MARIA-HP on 01-04-2015 17:04:50
Running from C:\Users\Maria\Desktop\New folder (2)
Loaded Profiles: Maria (Available profiles: Maria)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe
( ) C:\Windows\System32\dleacoms.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(Gemalto N.V.) C:\Users\Maria\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_134_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [dleamon.exe] => C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [765952 2010-04-01] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe [135168 2009-06-22] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2013-06-23] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatchTray15.exe [294632 2013-08-19] (Corel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-08] (Google Inc.)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Maria\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {165A6CE7-B571-4736-9096-C3B010B98332} URL = http://search.whiteskyservices.com/?wstoken=910E370D-3E1A-4BB2-8C14-8B56A97073C0&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {6A6BFF93-2829-4B7A-A464-E9B7CE750FB7} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150105,20028,0,31,0
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Fast Connect -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.15.311.2\NativeBHO.dll [2015-03-11] (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://clkitchens.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-06-07] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-17]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo.com/?type=888596&fr=yo-yhp-ch
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=888596&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> conduit.search
CHR Profile: C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Identity Safe) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (No Name) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-03-27]
CHR Extension: (Google Wallet) - C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457960 2013-08-19] ()
R2 a360; C:\windows\System32\a360.dll [1464320 2015-01-25] () [File not signed]
R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22760 2013-08-19] ()
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 cartmgr; C:\windows\System32\cartmgr.dll [1464320 2014-09-27] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
R2 dlea_device; C:\windows\system32\dleacoms.exe [1047552 2009-12-09] ( )
R2 dlea_device; C:\windows\SysWOW64\dleacoms.exe [593920 2009-12-09] ( )
R2 dpcEptMapper; C:\windows\System32\dpcEptMapper.dll [1464320 2014-08-01] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 hasSstp; C:\windows\System32\hasSstp.dll [1464320 2015-01-05] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 jDVaultSvc; C:\windows\System32\jDVaultSvc.dll [1464320 2015-02-12] () [File not signed]
R2 jlaSvc; C:\windows\System32\jlaSvc.dll [1464320 2014-12-17] () [File not signed]
R2 lPBusEnum; C:\windows\System32\lPBusEnum.dll [1464320 2015-03-11] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 mlaSvc; C:\windows\System32\mlaSvc.dll [1464320 2014-12-04] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 ncpipreg; C:\windows\System32\ncpipreg.dll [1464320 2014-11-29] () [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)
R2 qupdate; C:\windows\System32\qupdate.dll [1464320 2014-10-12] () [File not signed]
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 reLookupSvc; C:\windows\System32\reLookupSvc.dll [1464320 2014-11-15] () [File not signed]
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-09-27] ()
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxMediaDB15.exe [1097448 2013-08-19] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatch15.exe [341736 2013-08-19] (Corel Corporation)
R2 sertPropSvc; C:\windows\System32\sertPropSvc.dll [1464320 2014-10-26] () [File not signed]
R2 sontCache3.0.0.0; C:\windows\System32\sontCache3.0.0.0.dll [1464320 2014-08-13] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-11-27] (Enigma Software Group USA, LLC.)
R2 tlickToRunSvc; C:\windows\System32\tlickToRunSvc.dll [1464320 2015-03-28] () [File not signed]
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [161744 2015-03-10] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 DbusAudio; C:\Windows\System32\drivers\DbusAudio.sys [34040 2011-09-01] (Windows ® Codename Longhorn DDK provider)
S3 DrmRAudio; C:\Windows\System32\drivers\DrmRAudio.sys [34504 2013-12-16] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-14] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-09] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-11-27] (Enigma Software Group USA, LLC.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-04-06] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150331.001\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150331.034\ENG64.SYS [129752 2015-02-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150331.034\EX64.SYS [2137304 2015-02-14] (Symantec Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2486416 2014-12-31] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2013-08-19] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2013-08-19] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2013-08-19] (Corel Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: jDVaultSvc -> C:\windows\System32\jDVaultSvc.dll ()
NETSVC: tlickToRunSvc -> C:\windows\System32\tlickToRunSvc.dll ()
NETSVC: jlaSvc -> C:\windows\System32\jlaSvc.dll ()
NETSVC: vontCache -> No ServiceDLL Path.
NETSVC: wetman -> No ServiceDLL Path.
NETSVC: lPBusEnum -> C:\windows\System32\lPBusEnum.dll ()
NETSVC: xbioSrvc -> No ServiceDLL Path.
NETSVC: reLookupSvc -> C:\windows\System32\reLookupSvc.dll ()
NETSVC: ncpipreg -> C:\windows\System32\ncpipreg.dll ()
NETSVC: vENS -> No ServiceDLL Path.
NETSVC: yontCache -> No ServiceDLL Path.
NETSVC: xdfs -> No ServiceDLL Path.
NETSVC: hasSstp -> C:\windows\System32\hasSstp.dll ()
NETSVC: sertPropSvc -> C:\windows\System32\sertPropSvc.dll ()
NETSVC: dpcEptMapper -> C:\windows\System32\dpcEptMapper.dll ()
NETSVC: wolmgrx -> No ServiceDLL Path.
NETSVC: a360 -> C:\windows\System32\a360.dll ()
NETSVC: mlaSvc -> C:\windows\System32\mlaSvc.dll ()
NETSVC: xDSVia64 -> No ServiceDLL Path.
NETSVC: cartmgr -> C:\windows\System32\cartmgr.dll ()
NETSVC: qupdate -> C:\windows\System32\qupdate.dll ()
NETSVC: sontCache3.0.0.0 -> C:\windows\System32\sontCache3.0.0.0.dll ()

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 15:40 - 2015-04-01 15:40 - 00003652 _____ () C:\windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-04-01 15:40 - 2015-04-01 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-01 15:40 - 2015-04-01 15:40 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-03-29 15:07 - 2015-03-29 15:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-28 14:29 - 2015-03-28 14:29 - 01464320 _____ () C:\windows\system32\tlickToRunSvc.dll
2015-03-28 14:29 - 2015-03-28 14:29 - 00000657 _____ () C:\windows\system32\tlickToRunSvc.ocx
2015-03-26 23:07 - 2015-03-26 23:07 - 00000017 _____ () C:\windows\SysWOW64\shortcut_ex.dat
2015-03-26 22:59 - 2015-03-26 23:02 - 00000000 ____D () C:\AdwCleaner
2015-03-26 20:27 - 2015-03-26 22:52 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_3128
2015-03-26 20:27 - 2015-03-26 20:28 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_3949
2015-03-25 19:11 - 2015-04-01 17:04 - 00000000 ____D () C:\FRST
2015-03-22 14:05 - 2015-02-21 02:40 - 00096639 _____ () C:\Users\Maria\Downloads\2014 - The Hunger Games - Mockingjay Part 1.srt
2015-03-22 13:59 - 2013-04-18 18:00 - 313208753 _____ () C:\Users\Maria\Downloads\The Art of Candle Making - 2008.mp4
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Users\Maria\Downloads\Rachel and the Stranger (1948)
2015-03-22 11:45 - 2015-03-22 11:45 - 00000000 ____D () C:\Users\Maria\Downloads\Phantom of Chinatown (1940)
2015-03-22 11:43 - 2015-03-22 11:46 - 00000000 ____D () C:\Users\Maria\Downloads\d.2013.u316520.Rapidmoviez.com
2015-03-22 11:43 - 2015-03-22 11:43 - 00000000 ____D () C:\Users\Maria\Downloads\c.2015.u399303.Rapidmoviez.com
2015-03-20 18:13 - 2015-03-20 18:14 - 00000000 ____D () C:\Users\Maria\Desktop\DKbyML
2015-03-20 18:05 - 2015-03-20 18:05 - 01742928 _____ (BitTorrent Inc.) C:\Users\Maria\Downloads\uTorrent.exe
2015-03-19 23:24 - 2014-12-02 14:13 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-03-19 19:49 - 2015-03-19 19:50 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_2191
2015-03-16 18:32 - 2015-03-30 10:19 - 00000000 ____D () C:\Users\Maria\Desktop\Tug
2015-03-16 17:59 - 2015-03-16 19:30 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_421
2015-03-15 16:59 - 2015-03-15 16:59 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\FarmMystery
2015-03-15 16:54 - 2015-03-15 16:54 - 00003292 _____ () C:\windows\System32\Tasks\{38FBC635-B187-466F-8535-89E9B2D68493}
2015-03-15 12:33 - 2015-03-15 12:33 - 00000000 ____D () C:\Users\Maria\Desktop\KA HB I - 1975.zip
2015-03-15 12:19 - 2015-03-15 12:19 - 00000000 ____D () C:\Users\Maria\Desktop\KA-HBbylon2
2015-03-15 12:18 - 2015-03-15 12:24 - 131072000 _____ () C:\Users\Maria\Desktop\KA HB I - 1975.zip.001
2015-03-15 12:18 - 2015-03-15 12:24 - 117874764 _____ () C:\Users\Maria\Desktop\KA HB I - 1975.zip.002
2015-03-15 10:29 - 2015-03-15 10:30 - 00000000 ____D () C:\Users\Maria\Desktop\TGRI11DA
2015-03-14 21:23 - 2015-03-14 21:23 - 00000000 ____D () C:\Users\Maria\Downloads\YIFY.info_-_Interstellar.2014.DVDScr.XVID.AC3.HQ
2015-03-14 21:21 - 2015-02-21 03:30 - 553103535 _____ () C:\Users\Maria\Downloads\2014 - The Hunger Games - Mockingjay Part 1.mkv
2015-03-13 18:43 - 2015-03-13 18:43 - 00000000 ____D () C:\Users\Maria\Desktop\MyScrapChickBellyBox
2015-03-13 09:39 - 2015-03-13 09:40 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_942
2015-03-11 19:52 - 2015-03-11 19:52 - 01464320 _____ () C:\windows\system32\lPBusEnum.dll
2015-03-11 19:52 - 2015-03-11 19:52 - 00000657 _____ () C:\windows\system32\lPBusEnum.ocx
2015-03-11 17:51 - 2015-03-11 17:51 - 00000000 ____D () C:\Users\Maria\Documents\aap
2015-03-10 22:41 - 2015-03-10 22:41 - 00000000 ____D () C:\Users\Maria\Desktop\TeGer
2015-03-09 22:24 - 2015-03-09 22:24 - 00000823 _____ () C:\Users\Maria\Documents\describe.txt
2015-03-08 17:37 - 2015-04-01 15:32 - 00000000 ____D () C:\Users\Maria\Documents\Jobs Applied
2015-03-08 16:51 - 2015-03-08 16:51 - 00183808 _____ () C:\Users\Maria\Desktop\hr-application.wiz.ux8fzcp.partial
2015-03-08 14:57 - 2015-03-26 19:41 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\SanDisk
2015-03-08 14:57 - 2015-03-08 14:57 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
2015-03-07 13:55 - 2015-03-07 13:57 - 303654387 ____R () C:\Users\Maria\Downloads\India's Daughter Indian rapist BBC documentary Delhi Nirbhaya full HD.webm
2015-03-05 09:43 - 2015-04-01 17:04 - 00000000 ____D () C:\Users\Maria\Desktop\New folder (2)
2015-03-05 09:27 - 2014-05-17 18:54 - 00000000 ____D () C:\Users\Maria\Desktop\Diane Leyne - [Satisfaction, Texas 04] - Playing for Satisfaction [Siren Menage Everlasting] (html)
2015-03-04 19:01 - 2015-03-04 21:49 - 00000000 ____D () C:\Users\Maria\AppData\OICE_15_974FA576_32C1D314_3F52
2015-03-03 23:29 - 2015-03-03 23:29 - 00000000 _____ () C:\windows\SysWOW64\shoCC1E.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 17:04 - 2013-06-02 15:25 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\ID Vault
2015-04-01 17:01 - 2014-12-18 15:10 - 00004974 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Maria-HP-Maria Maria-HP
2015-04-01 17:01 - 2013-05-25 21:05 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{C71CF554-B784-48C5-B89F-CECCF82CBFB2}
2015-04-01 17:01 - 2009-07-14 01:13 - 00772352 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-01 17:01 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 17:01 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 17:00 - 2014-08-07 08:36 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 17:00 - 2013-05-17 14:34 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-01 16:57 - 2013-05-26 15:43 - 00148594 _____ () C:\ProgramData\dleascan.log
2015-04-01 16:56 - 2013-07-04 19:06 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 16:56 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-01 16:56 - 2009-07-14 00:51 - 00137182 _____ () C:\windows\setupact.log
2015-04-01 16:56 - 2009-07-14 00:45 - 00573856 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-01 16:55 - 2010-11-20 23:47 - 02083272 _____ () C:\windows\PFRO.log
2015-04-01 16:54 - 2013-06-02 15:24 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2015-04-01 16:46 - 2009-07-13 22:34 - 00000502 _____ () C:\windows\win.ini
2015-04-01 16:45 - 2013-12-08 16:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 16:17 - 2011-02-11 13:15 - 00783424 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-01 16:16 - 2013-05-25 21:01 - 01801365 _____ () C:\windows\WindowsUpdate.log
2015-04-01 16:12 - 2013-07-04 19:06 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 15:45 - 2013-05-26 17:21 - 00000000 ____D () C:\Users\Maria\AppData\Local\CrashDumps
2015-04-01 15:34 - 2009-07-13 22:34 - 00000035 _____ () C:\windows\system32\Drivers\etc\hosts_bak_73
2015-04-01 15:33 - 2015-02-24 22:04 - 00032565 _____ () C:\Users\Maria\Desktop\Book1.xlsx
2015-04-01 15:32 - 2014-12-09 21:42 - 00000000 ____D () C:\Users\Maria\Documents\Jobs
2015-04-01 12:38 - 2014-09-01 09:54 - 00000000 ____D () C:\Users\Maria\AppData\Local\Adobe
2015-03-30 16:18 - 2015-01-04 11:16 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMaria
2015-03-30 16:18 - 2015-01-04 11:16 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForMaria.job
2015-03-30 13:47 - 2013-10-21 12:33 - 00011780 _____ () C:\ProgramData\dlea.log
2015-03-29 11:57 - 2014-08-07 08:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 10:46 - 2013-05-26 09:12 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-03-29 10:39 - 2013-05-26 16:11 - 00000000 ____D () C:\ProgramData\Dl_cats
2015-03-29 10:38 - 2013-05-26 16:22 - 00067710 _____ () C:\ProgramData\dleaJSW.log
2015-03-28 22:42 - 2013-07-19 10:32 - 00000000 ____D () C:\Users\Maria\Documents\Calibre Library
2015-03-28 19:53 - 2013-05-17 14:20 - 00000000 ____D () C:\ProgramData\Temp
2015-03-28 17:05 - 2013-07-18 19:18 - 00000000 ____D () C:\Users\Maria\Downloads\Movies
2015-03-28 14:29 - 2014-06-29 14:01 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Xilisoft
2015-03-28 14:28 - 2014-06-29 18:14 - 00002813 _____ () C:\Users\Public\Desktop\Xilisoft DVD Creator.lnk
2015-03-28 09:56 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\Globalization
2015-03-27 17:23 - 2014-08-07 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-27 17:23 - 2013-06-01 19:36 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-22 20:59 - 2013-12-08 16:25 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-03-22 20:59 - 2013-05-17 14:27 - 00778928 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 20:59 - 2013-05-17 14:27 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 16:54 - 2013-05-26 14:21 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\vlc
2015-03-22 13:58 - 2014-07-05 17:22 - 00000000 ____D () C:\Users\Maria\Downloads\Tom
2015-03-21 21:22 - 2013-07-12 19:03 - 00000000 ____D () C:\Users\Maria\Downloads\Books
2015-03-21 12:14 - 2014-11-28 17:24 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 20:36 - 2013-12-21 17:42 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\uTorrent
2015-03-20 18:07 - 2014-12-06 12:10 - 00000000 ____D () C:\ProgramData\Unchecky
2015-03-19 23:24 - 2014-02-09 19:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-19 23:24 - 2014-02-09 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-19 11:06 - 2013-06-02 15:25 - 00000000 ____D () C:\Users\Maria\AppData\Local\ID Vault
2015-03-19 11:00 - 2014-12-05 19:25 - 00002199 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Connect.lnk
2015-03-19 11:00 - 2014-12-05 19:25 - 00002187 _____ () C:\Users\Public\Desktop\Fast Connect.lnk
2015-03-17 06:15 - 2014-08-07 08:36 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-08-07 08:36 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2013-06-01 19:36 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-16 12:52 - 2015-03-01 13:41 - 00000000 ____D () C:\Users\Maria\Desktop\Draft Order Ref N58958001
2015-03-15 16:57 - 2013-07-14 13:43 - 00000000 ____D () C:\games
2015-03-15 16:54 - 2014-05-28 18:07 - 00002476 _____ () C:\Users\Maria\Desktop\Hidden Expedition - Smithsonian Hope Diamond CE.lnk
2015-03-15 16:54 - 2014-05-28 18:07 - 00000000 ____D () C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Expedition - Smithsonian Hope Diamond CE
2015-03-15 09:28 - 2013-05-28 11:40 - 00167600 _____ () C:\Users\Maria\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-15 07:54 - 2013-07-30 19:55 - 00000000 ____D () C:\Users\Maria\Downloads\Games
2015-03-15 07:36 - 2014-12-28 21:07 - 00000000 ____D () C:\Users\Maria\Downloads\Agatha.Raisin.The.Quiche.Of.Death
2015-03-15 07:35 - 2013-08-04 11:02 - 00000000 ____D () C:\Users\Maria\Downloads\Applications
2015-03-14 16:13 - 2014-12-02 15:28 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-03-14 16:13 - 2014-12-02 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-13 09:30 - 2014-04-03 17:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-08 20:31 - 2015-01-27 01:19 - 00000455 _____ () C:\Users\Maria\Documents\Contacts.txt
2015-03-08 17:17 - 2013-05-25 21:06 - 00000000 ____D () C:\Users\Maria\AppData\Local\VirtualStore
2015-03-04 12:22 - 2013-05-28 14:49 - 00000000 ____D () C:\Users\Maria\AppData\Local\Google
2015-03-02 22:30 - 2013-12-01 14:46 - 01572864 ___SH () C:\Users\Maria\Downloads\Thumbs.db
2015-03-02 20:59 - 2014-02-02 10:34 - 00000000 ____D () C:\Users\Maria\Downloads\Magazines

==================== Files in the root of some directories =======

2014-03-20 07:53 - 2014-03-20 07:53 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-06-22 17:24 - 2014-06-26 19:05 - 0099384 _____ () C:\Users\Maria\AppData\Roaming\inst.exe
2014-06-22 17:24 - 2014-06-26 19:05 - 0007859 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.cat
2014-06-22 17:24 - 2014-06-26 19:05 - 0001167 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.inf
2014-06-22 17:24 - 2014-06-26 19:05 - 0000055 _____ () C:\Users\Maria\AppData\Roaming\pcouffin.log
2014-06-22 17:24 - 2014-06-26 19:05 - 0082816 _____ (VSO Software) C:\Users\Maria\AppData\Roaming\pcouffin.sys
2014-02-28 21:25 - 2014-02-28 21:25 - 0000042 _____ () C:\Users\Maria\AppData\Roaming\WB.CFG
2013-06-09 12:02 - 2013-06-16 06:17 - 0000173 _____ () C:\Users\Maria\AppData\Local\msmathematics.qat.Maria
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2013-10-21 12:33 - 2015-03-30 13:47 - 0011780 _____ () C:\ProgramData\dlea.log
2013-09-07 18:30 - 2014-12-28 21:41 - 0000553 _____ () C:\ProgramData\dleaDiagnostics.log
2013-05-26 16:22 - 2015-03-29 10:38 - 0067710 _____ () C:\ProgramData\dleaJSW.log
2013-05-26 15:43 - 2015-04-01 16:57 - 0148594 _____ () C:\ProgramData\dleascan.log
2013-05-27 11:45 - 2014-11-23 16:46 - 0000756 _____ () C:\ProgramData\FastPics.log
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-09-13 06:56 - 2013-09-13 06:56 - 0002456 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag
2013-05-26 15:37 - 2013-05-26 15:37 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-31 12:34

==================== End Of Log ============================

#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:03 AM

Posted 02 April 2015 - 07:30 AM

Hey, so everything is OK again?
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-738952025-4262938640-2191891780-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {165A6CE7-B571-4736-9096-C3B010B98332} URL = http://search.whiteskyservices.com/?wstoken=910E370D-3E1A-4BB2-8C14-8B56A97073C0&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    CHR DefaultSearchKeyword: Default -> conduit.search
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 06 April 2015 - 06:20 PM

Sorry, I have been off for a few days job searching.  I did not run the last FRST scan yet.  I noticed today that my space is down from 454GB to 284GB.  I burned off some of my files but have not added anything except some letters to a document file.  170GB is quite large and my saved documents only total 25MB.



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:03 AM

Posted 07 April 2015 - 01:35 AM

I know, but please run FRST Fix before we can take any conclusion about your issue you have with this system.

 

Thanks


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 otisman

otisman
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 07 April 2015 - 12:50 PM

Sorry for getting a little panicked.  I allowed my Mac to fill up too much and now I cannot boot up.  Below is the log from the FRST scan.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Maria at 2015-04-07 13:30:31 Run:3
Running from C:\Users\Maria\Desktop\New folder (2)
Loaded Profiles: Maria (Available profiles: Maria)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-738952025-4262938640-2191891780-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-738952025-4262938640-2191891780-1000 -> {165A6CE7-B571-4736-9096-C3B010B98332} URL = http://search.whiteskyservices.com/?wstoken=910E370D-3E1A-4BB2-8C14-8B56A97073C0&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
CHR DefaultSearchKeyword: Default -> conduit.search
EmptyTemp:
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-738952025-4262938640-2191891780-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-738952025-4262938640-2191891780-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{165A6CE7-B571-4736-9096-C3B010B98332}" => Key deleted successfully.
HKCR\CLSID\{165A6CE7-B571-4736-9096-C3B010B98332} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
Chrome DefaultSearchKeyword not detected.
EmptyTemp: => Removed 447.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 13:32:21 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users