Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant popups make browsing the internet impossible


  • This topic is locked This topic is locked
18 replies to this topic

#1 Corner Cutter

Corner Cutter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 27 March 2015 - 08:25 PM

I seem to have got some spyware/malware that makes my browser come to a screeching halt.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jodie (administrator) on JODIE-PC on 27-03-2015 20:11:39
Running from C:\Users\Jodie\Desktop
Loaded Profiles: Jodie (Available profiles: Jodie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\nsy17CD.tmpfs
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Lrunaboracium\Lrunaboracium.exe
() C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\jnsi4835.tmp
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Jodie\AppData\Local\Temp\nsbE9E4.tmp
() C:\Users\Jodie\AppData\Local\Temp\nsm8052.tmp
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\MountPoints2: {7acdefe5-95ed-11e2-9fb3-6cf04909b3f3} - G:\TL_Bootstrap.exe
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3119044640-1024220412-4187171245-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3119044640-1024220412-4187171245-1001] => http=127.0.0.1:9880
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3119044640-1024220412-4187171245-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 15 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Jodie\AppData\Roaming\Mozilla\Firefox\Profiles\5dyuz9ke.default-1427499251391
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [2010-03-22] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-03-17] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-03-22] (Veetle Inc)
FF Plugin-x32: Adobe Acrobat -> D:\Downloads\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-07-14] (Macrovision Europe Ltd.) [File not signed]
S4 Hamachi2Svc; E:\Hamachi\hamachi-2.exe [2490216 2015-02-17] (LogMeIn Inc.)
R2 Lrunaboracium; C:\Program Files (x86)\Lrunaboracium\Lrunaboracium.exe [256512 2015-03-25] () [File not signed] <==== ATTENTION
S3 Microsoft SharePoint Workspace Audit Service; D:\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 rijedubu; C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\jnsi4835.tmp [204800 2015-03-27] () [File not signed]
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 ShieldSoft; C:\Users\Jodie\AppData\Roaming\ShieldSoft\UI\bin\ShieldsoftService.exe [74024 2014-09-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 39bfb656; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TerminusMaker\TerminusMaker.dll",serv
R2 cofewobo; C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\nsy17CD.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 cpuz134; \??\C:\Users\Jodie\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 SASKUTIL; \??\D:\Anti Spyware\SASKUTIL.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-27 20:11 - 2015-03-27 20:11 - 00013892 _____ () C:\Users\Jodie\Desktop\FRST.txt
2015-03-27 20:10 - 2015-03-27 20:10 - 02095616 _____ (Farbar) C:\Users\Jodie\Desktop\FRST64.exe
2015-03-27 20:07 - 2015-03-27 20:07 - 02095616 _____ (Farbar) C:\Users\Jodie\Downloads\FRST64(1).exe
2015-03-27 20:06 - 2015-03-27 20:06 - 00017224 _____ () C:\Users\Jodie\Desktop\R9wG564F.htm
2015-03-27 20:04 - 2015-03-27 20:04 - 00037598 _____ () C:\Users\Jodie\Downloads\Addition.txt
2015-03-27 20:03 - 2015-03-27 20:04 - 00053951 _____ () C:\Users\Jodie\Downloads\FRST.txt
2015-03-27 20:03 - 2015-03-27 20:03 - 02095616 _____ (Farbar) C:\Users\Jodie\Downloads\FRST64.exe
2015-03-27 20:02 - 2015-03-27 20:02 - 01135104 _____ (Farbar) C:\Users\Jodie\Downloads\FRST.exe
2015-03-27 19:40 - 2015-03-27 19:41 - 00008600 _____ () C:\Windows\SysWOW64\VCLOff.ini
2015-03-27 19:40 - 2015-03-27 19:41 - 00008600 _____ () C:\Windows\system32\VCLOff.ini
2015-03-27 19:39 - 2015-03-27 19:48 - 00000000 ___DC () C:\Program Files (x86)\IGS
2015-03-27 19:39 - 2015-03-20 08:54 - 00335064 _____ (VC Corporation) C:\Windows\SysWOW64\VCL.dll
2015-03-27 19:18 - 2015-03-27 19:18 - 00003218 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-03-27 19:17 - 2015-03-27 19:17 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-03-27 19:16 - 2015-03-27 19:16 - 03026176 _____ (GridinSoft) C:\Users\Jodie\Downloads\TrojanKillerInstallerST.exe
2015-03-27 19:14 - 2015-03-27 19:14 - 09306112 _____ () C:\Users\Jodie\Downloads\HitmanPro.exe
2015-03-27 19:13 - 2015-03-27 19:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-27 19:12 - 2015-03-27 19:13 - 10109856 _____ (SurfRight B.V.) C:\Users\Jodie\Downloads\HitmanPro(1).exe
2015-03-27 19:11 - 2015-03-27 19:11 - 07471104 _____ (SurfRight B.V.) C:\Users\Jodie\Downloads\HitmanPro_x64.exe
2015-03-27 18:39 - 2015-03-27 18:44 - 00000000 ___DC () C:\AdwCleaner
2015-03-27 18:38 - 2015-03-27 18:38 - 02168320 _____ () C:\Users\Jodie\Downloads\adwcleaner_4.113.exe
2015-03-27 18:14 - 2015-03-27 18:14 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-03-27 18:13 - 2015-03-27 18:13 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\Opera Software
2015-03-27 18:13 - 2015-03-27 18:13 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Opera Software
2015-03-27 18:12 - 2015-03-27 18:12 - 00003820 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1427497950
2015-03-27 18:12 - 2015-03-27 18:12 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-27 18:04 - 2015-03-27 18:04 - 00000613 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\Users\Jodie\AppData\Local\VS Revo Group
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-03-27 18:04 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-03-27 07:53 - 2015-03-27 07:53 - 00003558 _____ () C:\Windows\System32\Tasks\CSFRIS
2015-03-27 07:53 - 2015-03-27 07:53 - 00000000 ____D () C:\ProgramData\8723ad0b891c4364adb7f186eda76ca7
2015-03-27 07:53 - 2015-03-27 07:53 - 00000000 ____D () C:\ProgramData\16b7eaa419374a66a1f93a9165a5afba
2015-03-27 07:33 - 2015-03-27 07:33 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-27 07:19 - 2015-03-27 19:07 - 00001334 _____ () C:\Windows\Tasks\JYSS.job
2015-03-27 07:19 - 2015-03-27 19:07 - 00001332 _____ () C:\Windows\Tasks\XOU.job
2015-03-27 07:19 - 2015-03-27 07:19 - 00004360 _____ () C:\Windows\System32\Tasks\JYSS
2015-03-27 07:19 - 2015-03-27 07:19 - 00004358 _____ () C:\Windows\System32\Tasks\XOU
2015-03-27 07:10 - 2015-03-27 07:27 - 00000000 ____D () C:\Users\Jodie\AppData\Local\30464336-1427440200-3930-4233-4633FFFFFFFF
2015-03-27 07:06 - 2015-03-27 07:06 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF
2015-03-27 06:58 - 2015-03-27 06:58 - 00000000 _SHDC () C:\Program Files (x86)\Lrunaboracium
2015-03-27 06:53 - 2015-03-27 06:53 - 00561544 _____ () C:\Users\Jodie\Downloads\Setup.exe
2015-03-26 14:14 - 2015-03-26 14:14 - 00005542 _____ () C:\Users\Jodie\AppData\Roaming\JYSS
2015-03-26 14:14 - 2015-03-26 14:14 - 00004185 _____ () C:\Users\Jodie\AppData\Roaming\XOU
2015-03-26 06:57 - 2015-03-26 06:57 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-25 07:01 - 2015-03-10 23:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 07:01 - 2015-03-10 23:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 16:16 - 2015-03-23 16:33 - 00039899 _____ () C:\Users\Jodie\Documents\1956 Auction.xlsx
2015-03-18 11:03 - 2015-03-18 11:03 - 00000000 ____D () C:\Windows\pss
2015-03-18 10:56 - 2015-03-18 11:35 - 00000000 ____D () C:\Users\Jodie\AppData\Local\LogMeIn Rescue Applet
2015-03-18 10:55 - 2015-03-18 10:55 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Jodie\Downloads\Support-LogMeInRescue(1).exe
2015-03-17 22:19 - 2015-03-17 22:27 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-17 22:19 - 2015-03-17 22:19 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-17 22:19 - 2015-03-17 22:19 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-17 22:19 - 2015-03-17 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-17 22:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-03-16 19:38 - 2015-03-16 19:38 - 00000000 ____D () C:\ProgramData\{85136baf-115a-05de-8513-36baf115aebc}
2015-03-16 19:37 - 2015-03-17 20:48 - 00000000 ___DC () C:\Program Files (x86)\TerminusMaker
2015-03-16 19:37 - 2015-03-17 20:47 - 00000000 ___DC () C:\Program Files (x86)\Online music radio
2015-03-16 19:36 - 2015-03-16 19:36 - 00000000 ____D () C:\ProgramData\15831777148096363316
2015-03-16 19:35 - 2015-03-17 20:47 - 00000000 ____D () C:\ProgramData\{660f0b48-6ea1-9128-660f-f0b486ea2d21}
2015-03-12 09:15 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 09:15 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 09:15 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 09:15 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:40 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:40 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 08:40 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:40 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 08:40 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:40 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:40 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:40 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:40 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 08:40 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:40 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:40 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 08:40 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 08:39 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:39 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:39 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:39 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:39 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:39 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:39 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:39 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:39 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:39 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:39 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:39 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:39 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:39 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:39 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:39 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:39 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:39 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:39 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:39 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 08:39 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 08:39 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 08:39 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 08:39 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 08:39 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 08:39 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:39 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:39 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 08:39 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 08:39 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 08:38 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:38 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:38 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:38 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:38 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:38 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:38 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:38 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:38 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:38 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:38 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:38 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 08:38 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:38 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:38 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 08:38 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:38 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:38 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:38 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:38 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 08:38 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 08:38 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 08:38 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:38 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:38 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:38 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:38 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:38 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:38 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:38 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:38 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:38 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:38 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:38 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:38 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 08:38 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 08:38 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 08:38 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:38 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:38 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 08:38 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:38 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:38 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:38 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:38 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:38 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:38 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:38 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:38 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:38 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:38 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:38 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:38 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:38 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 08:38 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:38 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:38 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:38 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:38 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:38 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 17:23 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 20:26 - 2015-03-02 20:26 - 00001582 _____ () C:\Windows\System32\Tasks\Amazon Music Helper
2015-03-02 20:26 - 2015-03-02 20:26 - 00001190 _____ () C:\Users\Jodie\Desktop\Amazon Music.lnk
2015-03-02 20:15 - 2015-03-02 20:15 - 40117016 _____ (Amazon) C:\Users\Jodie\Desktop\AmazonMusicInstaller.exe
2015-03-02 16:18 - 2015-03-02 16:18 - 01004016 _____ () C:\Windows\Minidump\030215-19687-01.dmp
2015-02-26 04:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 04:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 16:25 - 2015-02-25 16:25 - 00000613 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 16:25 - 2015-02-25 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 16:24 - 2015-02-25 16:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jodie\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-25 16:24 - 2014-11-21 07:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 16:23 - 2015-02-25 16:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jodie\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-25 16:22 - 2015-02-25 16:22 - 00190152 _____ (ESET) C:\Users\Jodie\Desktop\ESETPoweliksCleaner.exe
2015-02-25 16:22 - 2015-02-25 16:22 - 00008522 _____ () C:\Users\Jodie\Desktop\ESETPoweliksCleaner.exe_20150225.152241.1580.log
2015-02-25 16:21 - 2015-02-25 16:21 - 00190152 _____ (ESET) C:\Users\Jodie\Downloads\ESETPoweliksCleaner.exe
2015-02-25 14:27 - 2015-02-03 22:56 - 31515280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 24198856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 22993224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 13916280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 13828032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 12894024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-25 14:27 - 2015-02-03 22:56 - 11272240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 04244680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 03987600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434144.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434144.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 00944328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 00907464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 00902344 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-25 14:27 - 2015-02-03 22:56 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-27 20:11 - 2015-01-19 14:25 - 00000000 ___DC () C:\FRST
2015-03-27 20:11 - 2012-04-11 08:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-27 20:11 - 2010-01-18 21:36 - 01262028 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 19:27 - 2012-09-04 06:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-27 19:14 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 19:14 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 19:07 - 2012-09-04 06:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-27 19:06 - 2014-12-12 00:31 - 00010898 _____ () C:\Windows\setupact.log
2015-03-27 19:06 - 2010-01-18 22:06 - 00363822 _____ () C:\Windows\PFRO.log
2015-03-27 19:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 19:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2015-03-27 18:51 - 2015-01-19 14:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 17:46 - 2011-02-23 21:41 - 00057718 _____ () C:\Users\Jodie\Documents\bills 2011.xlsx
2015-03-27 16:59 - 2010-01-18 21:37 - 00001417 _____ () C:\Users\Jodie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-27 16:59 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-27 16:59 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-27 07:05 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 06:58 - 2014-08-24 13:53 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Adobe
2015-03-26 06:57 - 2012-04-11 08:37 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-26 06:57 - 2012-04-11 08:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-26 06:57 - 2011-08-26 08:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-26 03:17 - 2015-01-08 16:39 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-26 03:16 - 2014-12-09 21:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 03:16 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-18 06:45 - 2014-03-21 18:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-17 22:23 - 2014-03-01 22:40 - 00000000 ____D () C:\Users\Jodie\AppData\Local\LogMeIn Hamachi
2015-03-17 21:30 - 2010-01-18 21:54 - 00318047 ____C () C:\service.log
2015-03-17 21:20 - 2011-02-23 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-17 21:20 - 2011-02-23 18:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 20:59 - 2010-01-18 21:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-17 20:49 - 2010-01-18 22:07 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-03-17 20:48 - 2011-05-09 15:29 - 00000000 ____D () C:\Windows\en
2015-03-13 08:36 - 2014-12-12 07:45 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:18 - 2009-07-13 23:45 - 00412928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 09:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 09:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 09:20 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-12 09:04 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 08:57 - 2010-01-18 21:42 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-05 09:08 - 2010-01-18 22:47 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Google
2015-03-04 04:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 12:58 - 2015-01-06 17:20 - 00021467 _____ () C:\Users\Jodie\Documents\AHS Treasurer2.xlsx
2015-03-03 08:17 - 2010-01-18 21:42 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:18 - 2010-05-02 07:57 - 00000000 ____D () C:\Windows\Minidump
2015-02-25 16:24 - 2010-02-01 18:19 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-02-25 14:36 - 2010-01-18 21:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-25 14:27 - 2014-02-22 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-25 14:25 - 2009-07-14 00:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-03-26 14:14 - 2015-03-26 14:14 - 0005542 _____ () C:\Users\Jodie\AppData\Roaming\JYSS
2015-03-26 14:14 - 2015-03-26 14:14 - 0004185 _____ () C:\Users\Jodie\AppData\Roaming\XOU
2013-05-06 18:04 - 2013-05-06 18:05 - 0000084 ___RC () C:\Users\Jodie\AppData\Local\DVDPATH.TXT

Some content of TEMP:
====================
C:\Users\Jodie\AppData\Local\Temp\eFixProPackage.exe
C:\Users\Jodie\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Jodie\AppData\Local\Temp\Quarantine.exe
C:\Users\Jodie\AppData\Local\Temp\SpOrder.dll
C:\Users\Jodie\AppData\Local\Temp\sqlite3.dll
C:\Users\Jodie\AppData\Local\Temp\Uninstall.exe
C:\Users\Jodie\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-25 06:49

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:26 AM

Posted 28 March 2015 - 04:25 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
The Addition.txt is missing. Please re-run FRST.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Corner Cutter

Corner Cutter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 28 March 2015 - 08:14 AM

Thank you for the help:

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jodie (administrator) on JODIE-PC on 28-03-2015 08:05:46
Running from C:\Users\Jodie\Desktop
Loaded Profiles: Jodie (Available profiles: Jodie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\nsy17CD.tmpfs
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Lrunaboracium\Lrunaboracium.exe
() C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\jnsi4835.tmp
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\MountPoints2: {7acdefe5-95ed-11e2-9fb3-6cf04909b3f3} - G:\TL_Bootstrap.exe
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3119044640-1024220412-4187171245-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3119044640-1024220412-4187171245-1001] => http=127.0.0.1:9880
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3119044640-1024220412-4187171245-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 15 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jodie\AppData\Roaming\Mozilla\Firefox\Profiles\5dyuz9ke.default-1427499251391
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [2010-03-22] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-03-17] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-03-22] (Veetle Inc)
FF Plugin-x32: Adobe Acrobat -> D:\Downloads\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-07-14] (Macrovision Europe Ltd.) [File not signed]
S4 Hamachi2Svc; E:\Hamachi\hamachi-2.exe [2490216 2015-02-17] (LogMeIn Inc.)
R2 Lrunaboracium; C:\Program Files (x86)\Lrunaboracium\Lrunaboracium.exe [256512 2015-03-25] () [File not signed] <==== ATTENTION
S3 Microsoft SharePoint Workspace Audit Service; D:\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 rijedubu; C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\jnsi4835.tmp [204800 2015-03-27] () [File not signed]
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 ShieldSoft; C:\Users\Jodie\AppData\Roaming\ShieldSoft\UI\bin\ShieldsoftService.exe [74024 2014-09-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 39bfb656; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TerminusMaker\TerminusMaker.dll",serv
R2 cofewobo; C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\nsy17CD.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 cpuz134; \??\C:\Users\Jodie\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 SASKUTIL; \??\D:\Anti Spyware\SASKUTIL.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-27 20:10 - 2015-03-27 20:10 - 02095616 _____ (Farbar) C:\Users\Jodie\Desktop\FRST64.exe
2015-03-27 20:07 - 2015-03-27 20:07 - 02095616 _____ (Farbar) C:\Users\Jodie\Downloads\FRST64(1).exe
2015-03-27 20:04 - 2015-03-27 20:04 - 00037598 _____ () C:\Users\Jodie\Downloads\Addition.txt
2015-03-27 20:03 - 2015-03-27 20:04 - 00053951 _____ () C:\Users\Jodie\Downloads\FRST.txt
2015-03-27 20:03 - 2015-03-27 20:03 - 02095616 _____ (Farbar) C:\Users\Jodie\Downloads\FRST64.exe
2015-03-27 20:02 - 2015-03-27 20:02 - 01135104 _____ (Farbar) C:\Users\Jodie\Downloads\FRST.exe
2015-03-27 19:40 - 2015-03-27 19:41 - 00008600 _____ () C:\Windows\SysWOW64\VCLOff.ini
2015-03-27 19:40 - 2015-03-27 19:41 - 00008600 _____ () C:\Windows\system32\VCLOff.ini
2015-03-27 19:39 - 2015-03-20 08:54 - 00335064 _____ (VC Corporation) C:\Windows\SysWOW64\VCL.dll
2015-03-27 19:18 - 2015-03-27 19:18 - 00003218 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-03-27 19:17 - 2015-03-27 19:17 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-03-27 19:16 - 2015-03-27 19:16 - 03026176 _____ (GridinSoft) C:\Users\Jodie\Downloads\TrojanKillerInstallerST.exe
2015-03-27 19:14 - 2015-03-27 19:14 - 09306112 _____ () C:\Users\Jodie\Downloads\HitmanPro.exe
2015-03-27 19:13 - 2015-03-27 19:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-27 19:12 - 2015-03-27 19:13 - 10109856 _____ (SurfRight B.V.) C:\Users\Jodie\Downloads\HitmanPro(1).exe
2015-03-27 19:11 - 2015-03-27 19:11 - 07471104 _____ (SurfRight B.V.) C:\Users\Jodie\Downloads\HitmanPro_x64.exe
2015-03-27 18:39 - 2015-03-27 18:44 - 00000000 ___DC () C:\AdwCleaner
2015-03-27 18:38 - 2015-03-27 18:38 - 02168320 _____ () C:\Users\Jodie\Downloads\adwcleaner_4.113.exe
2015-03-27 18:14 - 2015-03-27 18:14 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-03-27 18:13 - 2015-03-27 18:13 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\Opera Software
2015-03-27 18:13 - 2015-03-27 18:13 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Opera Software
2015-03-27 18:12 - 2015-03-27 18:12 - 00003820 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1427497950
2015-03-27 18:12 - 2015-03-27 18:12 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-27 18:04 - 2015-03-27 18:04 - 00000613 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\Users\Jodie\AppData\Local\VS Revo Group
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-03-27 18:04 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-03-27 07:53 - 2015-03-27 07:53 - 00003558 _____ () C:\Windows\System32\Tasks\CSFRIS
2015-03-27 07:53 - 2015-03-27 07:53 - 00000000 ____D () C:\ProgramData\8723ad0b891c4364adb7f186eda76ca7
2015-03-27 07:53 - 2015-03-27 07:53 - 00000000 ____D () C:\ProgramData\16b7eaa419374a66a1f93a9165a5afba
2015-03-27 07:33 - 2015-03-27 07:33 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-27 07:19 - 2015-03-28 08:02 - 00001334 _____ () C:\Windows\Tasks\JYSS.job
2015-03-27 07:19 - 2015-03-28 08:02 - 00001332 _____ () C:\Windows\Tasks\XOU.job
2015-03-27 07:19 - 2015-03-27 07:19 - 00004360 _____ () C:\Windows\System32\Tasks\JYSS
2015-03-27 07:19 - 2015-03-27 07:19 - 00004358 _____ () C:\Windows\System32\Tasks\XOU
2015-03-27 07:10 - 2015-03-27 07:27 - 00000000 ____D () C:\Users\Jodie\AppData\Local\30464336-1427440200-3930-4233-4633FFFFFFFF
2015-03-27 07:06 - 2015-03-27 07:06 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF
2015-03-27 06:58 - 2015-03-27 06:58 - 00000000 _SHDC () C:\Program Files (x86)\Lrunaboracium
2015-03-27 06:53 - 2015-03-27 06:53 - 00561544 _____ () C:\Users\Jodie\Downloads\Setup.exe
2015-03-26 14:14 - 2015-03-26 14:14 - 00005542 _____ () C:\Users\Jodie\AppData\Roaming\JYSS
2015-03-26 14:14 - 2015-03-26 14:14 - 00004185 _____ () C:\Users\Jodie\AppData\Roaming\XOU
2015-03-26 06:57 - 2015-03-26 06:57 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-25 07:01 - 2015-03-10 23:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 07:01 - 2015-03-10 23:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 16:16 - 2015-03-23 16:33 - 00039899 _____ () C:\Users\Jodie\Documents\1956 Auction.xlsx
2015-03-18 11:03 - 2015-03-18 11:03 - 00000000 ____D () C:\Windows\pss
2015-03-18 10:56 - 2015-03-18 11:35 - 00000000 ____D () C:\Users\Jodie\AppData\Local\LogMeIn Rescue Applet
2015-03-18 10:55 - 2015-03-18 10:55 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Jodie\Downloads\Support-LogMeInRescue(1).exe
2015-03-17 22:19 - 2015-03-17 22:27 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-17 22:19 - 2015-03-17 22:19 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-17 22:19 - 2015-03-17 22:19 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-17 22:19 - 2015-03-17 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-17 22:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-03-16 19:38 - 2015-03-16 19:38 - 00000000 ____D () C:\ProgramData\{85136baf-115a-05de-8513-36baf115aebc}
2015-03-16 19:37 - 2015-03-17 20:48 - 00000000 ___DC () C:\Program Files (x86)\TerminusMaker
2015-03-16 19:37 - 2015-03-17 20:47 - 00000000 ___DC () C:\Program Files (x86)\Online music radio
2015-03-16 19:36 - 2015-03-16 19:36 - 00000000 ____D () C:\ProgramData\15831777148096363316
2015-03-16 19:35 - 2015-03-17 20:47 - 00000000 ____D () C:\ProgramData\{660f0b48-6ea1-9128-660f-f0b486ea2d21}
2015-03-12 09:15 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 09:15 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 09:15 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 09:15 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:40 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:40 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 08:40 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:40 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 08:40 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:40 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:40 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:40 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:40 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 08:40 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:40 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:40 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 08:40 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 08:39 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:39 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:39 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:39 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:39 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:39 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:39 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:39 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:39 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:39 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:39 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:39 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:39 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:39 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:39 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:39 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:39 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:39 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:39 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:39 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 08:39 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 08:39 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 08:39 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 08:39 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 08:39 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 08:39 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:39 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:39 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 08:39 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 08:39 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 08:38 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:38 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:38 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:38 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:38 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:38 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:38 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:38 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:38 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:38 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:38 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:38 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 08:38 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:38 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:38 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 08:38 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:38 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:38 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:38 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:38 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 08:38 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 08:38 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 08:38 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:38 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:38 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:38 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:38 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:38 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:38 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:38 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:38 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:38 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:38 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:38 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:38 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 08:38 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 08:38 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 08:38 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:38 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:38 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 08:38 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:38 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:38 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:38 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:38 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:38 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:38 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:38 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:38 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:38 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:38 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:38 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:38 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:38 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 08:38 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:38 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:38 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:38 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:38 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:38 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 17:23 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 20:26 - 2015-03-02 20:26 - 00001582 _____ () C:\Windows\System32\Tasks\Amazon Music Helper
2015-03-02 20:26 - 2015-03-02 20:26 - 00001190 _____ () C:\Users\Jodie\Desktop\Amazon Music.lnk
2015-03-02 20:15 - 2015-03-02 20:15 - 40117016 _____ (Amazon) C:\Users\Jodie\Desktop\AmazonMusicInstaller.exe
2015-03-02 16:18 - 2015-03-02 16:18 - 01004016 _____ () C:\Windows\Minidump\030215-19687-01.dmp
2015-02-26 04:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 04:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 08:05 - 2015-01-19 14:25 - 00000000 ___DC () C:\FRST
2015-03-28 08:02 - 2012-09-04 06:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 08:02 - 2012-09-04 06:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 08:02 - 2012-04-11 08:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 08:02 - 2010-01-18 21:36 - 01276574 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 20:35 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 20:35 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 20:28 - 2014-12-12 00:31 - 00010954 _____ () C:\Windows\setupact.log
2015-03-27 20:28 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 20:27 - 2010-01-18 22:06 - 00365292 _____ () C:\Windows\PFRO.log
2015-03-27 19:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2015-03-27 18:51 - 2015-01-19 14:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 17:46 - 2011-02-23 21:41 - 00057718 _____ () C:\Users\Jodie\Documents\bills 2011.xlsx
2015-03-27 16:59 - 2010-01-18 21:37 - 00001417 _____ () C:\Users\Jodie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-27 16:59 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-27 16:59 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-27 07:05 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 06:58 - 2014-08-24 13:53 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Adobe
2015-03-26 06:57 - 2012-04-11 08:37 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-26 06:57 - 2012-04-11 08:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-26 06:57 - 2011-08-26 08:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-26 03:17 - 2015-01-08 16:39 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-26 03:16 - 2014-12-09 21:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 03:16 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-18 06:45 - 2014-03-21 18:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-17 22:23 - 2014-03-01 22:40 - 00000000 ____D () C:\Users\Jodie\AppData\Local\LogMeIn Hamachi
2015-03-17 21:30 - 2010-01-18 21:54 - 00318047 ____C () C:\service.log
2015-03-17 21:20 - 2011-02-23 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-17 21:20 - 2011-02-23 18:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 20:59 - 2010-01-18 21:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-17 20:49 - 2010-01-18 22:07 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-03-17 20:48 - 2011-05-09 15:29 - 00000000 ____D () C:\Windows\en
2015-03-13 08:36 - 2014-12-12 07:45 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:18 - 2009-07-13 23:45 - 00412928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 09:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 09:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 09:20 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-12 09:04 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 08:57 - 2010-01-18 21:42 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-05 09:08 - 2010-01-18 22:47 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Google
2015-03-04 04:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 12:58 - 2015-01-06 17:20 - 00021467 _____ () C:\Users\Jodie\Documents\AHS Treasurer2.xlsx
2015-03-03 08:17 - 2010-01-18 21:42 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:18 - 2010-05-02 07:57 - 00000000 ____D () C:\Windows\Minidump

==================== Files in the root of some directories =======

2015-03-26 14:14 - 2015-03-26 14:14 - 0005542 _____ () C:\Users\Jodie\AppData\Roaming\JYSS
2015-03-26 14:14 - 2015-03-26 14:14 - 0004185 _____ () C:\Users\Jodie\AppData\Roaming\XOU
2013-05-06 18:04 - 2013-05-06 18:05 - 0000084 ___RC () C:\Users\Jodie\AppData\Local\DVDPATH.TXT

Some content of TEMP:
====================
C:\Users\Jodie\AppData\Local\Temp\eFixProPackage.exe
C:\Users\Jodie\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Jodie\AppData\Local\Temp\Quarantine.exe
C:\Users\Jodie\AppData\Local\Temp\SpOrder.dll
C:\Users\Jodie\AppData\Local\Temp\sqlite3.dll
C:\Users\Jodie\AppData\Local\Temp\Uninstall.exe
C:\Users\Jodie\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

ADDITION.TXT:

Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C5D8EEB2-EDBC-4375-829D-BE50547C8890}) (Version: 1.3 - Eyeo GmbH)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FileZilla Client 3.5.3 (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heroes of Might and Magic® III Complete (HKLM-x32\...\Heroes of Might and Magic® III) (Version:  - )
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech GamePanel Software 2.00 (HKLM\...\{7598C430-8B00-4447-A710-0DDA0770370A}) (Version: 2.00.171 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
ShieldSoft (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\ShieldSoft) (Version: 1.0 - ShieldSoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Veetle TV 0.9.17 (HKLM-x32\...\Veetle TV) (Version: 0.9.17 - Veetle, Inc)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 2.3.0.5 - Flagship Industries, Inc.)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.5.0 - Flagship Industries, Inc.)
Warcraft II BNE (HKLM-x32\...\Warcraft II BNE) (Version:  - )
Warlords Battlecry III (HKLM-x32\...\{93DA8968-092B-4E6F-B568-AB8471952143}) (Version: W4PCA0.8 - )
WinDirStat 1.1.2 (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-03-2015 08:02:14 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02584DEB-473E-48AE-90AC-C7EFD6390081} - System32\Tasks\JYSS => C:\Users\Jodie\AppData\Roaming\JYSS.exe <==== ATTENTION
Task: {0EF524CF-BE51-4FA9-93ED-E3D1930C551E} - System32\Tasks\Amazon Music Helper => C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-10-15] ()
Task: {39CA462B-B08E-4764-ABC0-6A8114205B82} - System32\Tasks\Trojan Killer => D:\GridinSoft Trojan Killer\trojankiller.exe
Task: {3E938DDF-1BE6-4D2A-8060-EF912D2808D2} - System32\Tasks\XOU => C:\Users\Jodie\AppData\Roaming\XOU.exe <==== ATTENTION
Task: {56841B19-CBF5-4A5A-BF60-29DA877832A5} - System32\Tasks\{CC13F725-40C7-4116-9B8B-12CE7981305F} => E:\Warlords Battlecry 3\Battlecry_104 (1).exe
Task: {6A4A6698-748A-4A5D-93DE-6E535F8DD925} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {708EF0AF-9AEA-4EFB-956F-BB5C73F2F6E2} - System32\Tasks\{8A03FBC9-BB56-4AB6-B135-2823596F8FA4} => E:\Program Files (x86)\iTunes\iTunes.exe
Task: {83E42A5B-F4E4-407C-B83A-A9357ACA168F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {8B3E8844-0A5C-49A7-A604-C4233D5C2A35} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {94714537-DCF3-48D5-9AFC-112075C957FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {9ED571BD-91BD-4966-A3A3-BE40AF27E11E} - System32\Tasks\{8B261524-AEFC-444E-8172-6E20BB2F8507} => pcalua.exe -a D:\Downloads\windirstat1_1_2_setup.exe -d D:\Downloads
Task: {A17FF63C-A07A-43D5-AECE-B50BD15411DD} - System32\Tasks\Opera scheduled Autoupdate 1427497950 => C:\Program Files (x86)\Opera\launcher.exe
Task: {AE640F77-42D7-4D2A-8654-D9A06EC6FB17} - System32\Tasks\{E35E1831-9087-4804-9B15-82A6531BB2DF} => E:\Warlords Battlecry 3\Battlecry_104 (1).exe
Task: {B3F76D5D-71D1-4A5A-A60D-88381C1FC3EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B907A212-4980-4953-8722-867B6442D25B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {C0C78B02-79F2-46A1-9409-F12AB3D1D616} - System32\Tasks\CSFRIS => C:\ProgramData\16b7eaa419374a66a1f93a9165a5afba\16b7eaa419374a66a1f93a9165a5afba.exe [2015-03-27] ()
Task: {D3E61F2A-FFF2-4858-A07B-CB138F06028E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D49550B8-C60A-4C35-9BA1-EA7714C1EB52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E1CB7AAC-A7E9-4030-9782-C86A462E1DB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-26] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JYSS.job => C:\Users\Jodie\AppData\Roaming\JYSS.exe <==== ATTENTION
Task: C:\Windows\Tasks\XOU.job => C:\Users\Jodie\AppData\Roaming\XOU.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-03-27 07:06 - 2015-03-27 07:06 - 00116224 _____ () C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\nsy17CD.tmpfs
2015-03-27 06:58 - 2015-03-25 09:05 - 00256512 __SHC () C:\Program Files (x86)\Lrunaboracium\Lrunaboracium.exe
2015-03-27 07:06 - 2015-03-27 07:06 - 00204800 _____ () C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\jnsi4835.tmp
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () e:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-03-02 20:26 - 2014-10-15 00:35 - 06281024 _____ () C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-03-26 06:57 - 2015-03-26 06:57 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jodie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: ShieldSoft => 2
MSCONFIG\startupfolder: C:^Users^Jodie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jimmy Harnen   Where Are You Now 89.lnk => C:\Windows\pss\Jimmy Harnen   Where Are You Now 89.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jodie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "D:\Downloads\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "D:\Downloads\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "D:\Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launch LCDMon => "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
MSCONFIG\startupreg: Launch LGDCore => "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "E:\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: pcreg => C:\Program Files\pcreg\service.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SUPERAntiSpyware => D:\Anti Spyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-3119044640-1024220412-4187171245-500 - Administrator - Disabled)
Guest (S-1-5-21-3119044640-1024220412-4187171245-501 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3119044640-1024220412-4187171245-1002 - Administrator - Enabled)
Jodie (S-1-5-21-3119044640-1024220412-4187171245-1001 - Administrator - Enabled) => C:\Users\Jodie

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2015 08:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17689, time stamp: 0x54e68526
Faulting module name: Flash32_16_0_0_305.ocx, version: 16.0.0.305, time stamp: 0x54cff11b
Exception code: 0xc0000005
Fault offset: 0x00053aaf
Faulting process id: 0x12a0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/27/2015 06:27:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:27:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:24:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:21:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:18:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:16:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:12:48 PM) (Source: IDVault) (EventID: 0) (User: )
Description: StarServiceAndWait: TimeoutException waiting for service status check - Service=FontCache3.0.0.0, Status=Stopped, Message=Time out has expired and the operation has not been completed., Stack=   at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
   at GuardId.IdVaultCore.Utils.ServiceHelper.StarServiceAndWait(String serviceName, Int32 timeoutSec)

Error: (03/27/2015 06:12:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:12:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883
Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0x8440
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (03/28/2015 08:02:12 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :20" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/28/2015 08:02:12 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/28/2015 08:02:09 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F218D0F1-AB9F-483E-8A18-89A73CDE27DE} because another computer on the network has the same name.  The server could not start.

Error: (03/27/2015 08:28:45 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :20" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/27/2015 08:28:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error: (03/27/2015 08:28:45 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F218D0F1-AB9F-483E-8A18-89A73CDE27DE} because another computer on the network has the same name.  The server could not start.

Error: (03/27/2015 08:28:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TerminusMaker service to connect.

Error: (03/27/2015 08:28:14 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/27/2015 08:07:22 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/27/2015 07:51:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (03/27/2015 08:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1768954e68526Flash32_16_0_0_305.ocx16.0.0.30554cff11bc000000500053aaf12a001d068f3a8d267b7C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_16_0_0_305.ocx8d283896-d4e7-11e4-86f5-6cf04909b3f3

Error: (03/27/2015 06:27:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:27:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:24:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:21:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:18:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:16:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:12:48 PM) (Source: IDVault) (EventID: 0) (User: )
Description: StarServiceAndWait: TimeoutException waiting for service status check - Service=FontCache3.0.0.0, Status=Stopped, Message=Time out has expired and the operation has not been completed., Stack=   at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
   at GuardId.IdVaultCore.Utils.ServiceHelper.StarServiceAndWait(String serviceName, Int32 timeoutSec)

Error: (03/27/2015 06:12:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:12:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e02844001d068e27335aa59D:\Firefox\plugin-container.exeD:\Firefox\mozalloc.dllb9ed0ac7-d4d6-11e4-b37e-6cf04909b3f3


CodeIntegrity Errors:
===================================
  Date: 2015-02-12 07:39:17.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 07:39:17.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 07:37:53.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 07:37:53.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 16:35:55.129
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Config.Msi\a46a8cc.rbf because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 16:35:54.939
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Config.Msi\a46a8cc.rbf because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.959
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.809
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.579
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.409
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom™ II X3 720 Processor
Percentage of memory in use: 21%
Total physical RAM: 8190.49 MB
Available physical RAM: 6466.43 MB
Total Pagefile: 16379.17 MB
Available Pagefile: 14242.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:7.92 GB) NTFS
Drive d: () (Fixed) (Total:249.02 GB) (Free:243.42 GB) NTFS
Drive e: () (Fixed) (Total:249.49 GB) (Free:218.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 60A80FE0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=249 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=249.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 



#4 Corner Cutter

Corner Cutter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 28 March 2015 - 08:14 AM

Thank you for the help:

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jodie (administrator) on JODIE-PC on 28-03-2015 08:05:46
Running from C:\Users\Jodie\Desktop
Loaded Profiles: Jodie (Available profiles: Jodie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\nsy17CD.tmpfs
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Lrunaboracium\Lrunaboracium.exe
() C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\jnsi4835.tmp
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Mozilla Corporation) D:\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\MountPoints2: {7acdefe5-95ed-11e2-9fb3-6cf04909b3f3} - G:\TL_Bootstrap.exe
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3119044640-1024220412-4187171245-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3119044640-1024220412-4187171245-1001] => http=127.0.0.1:9880
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3119044640-1024220412-4187171245-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 15 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jodie\AppData\Roaming\Mozilla\Firefox\Profiles\5dyuz9ke.default-1427499251391
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [2010-03-22] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-03-17] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-03-22] (Veetle Inc)
FF Plugin-x32: Adobe Acrobat -> D:\Downloads\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-07-14] (Macrovision Europe Ltd.) [File not signed]
S4 Hamachi2Svc; E:\Hamachi\hamachi-2.exe [2490216 2015-02-17] (LogMeIn Inc.)
R2 Lrunaboracium; C:\Program Files (x86)\Lrunaboracium\Lrunaboracium.exe [256512 2015-03-25] () [File not signed] <==== ATTENTION
S3 Microsoft SharePoint Workspace Audit Service; D:\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 rijedubu; C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\jnsi4835.tmp [204800 2015-03-27] () [File not signed]
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 ShieldSoft; C:\Users\Jodie\AppData\Roaming\ShieldSoft\UI\bin\ShieldsoftService.exe [74024 2014-09-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 39bfb656; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TerminusMaker\TerminusMaker.dll",serv
R2 cofewobo; C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\nsy17CD.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 cpuz134; \??\C:\Users\Jodie\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 SASKUTIL; \??\D:\Anti Spyware\SASKUTIL.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-27 20:10 - 2015-03-27 20:10 - 02095616 _____ (Farbar) C:\Users\Jodie\Desktop\FRST64.exe
2015-03-27 20:07 - 2015-03-27 20:07 - 02095616 _____ (Farbar) C:\Users\Jodie\Downloads\FRST64(1).exe
2015-03-27 20:04 - 2015-03-27 20:04 - 00037598 _____ () C:\Users\Jodie\Downloads\Addition.txt
2015-03-27 20:03 - 2015-03-27 20:04 - 00053951 _____ () C:\Users\Jodie\Downloads\FRST.txt
2015-03-27 20:03 - 2015-03-27 20:03 - 02095616 _____ (Farbar) C:\Users\Jodie\Downloads\FRST64.exe
2015-03-27 20:02 - 2015-03-27 20:02 - 01135104 _____ (Farbar) C:\Users\Jodie\Downloads\FRST.exe
2015-03-27 19:40 - 2015-03-27 19:41 - 00008600 _____ () C:\Windows\SysWOW64\VCLOff.ini
2015-03-27 19:40 - 2015-03-27 19:41 - 00008600 _____ () C:\Windows\system32\VCLOff.ini
2015-03-27 19:39 - 2015-03-20 08:54 - 00335064 _____ (VC Corporation) C:\Windows\SysWOW64\VCL.dll
2015-03-27 19:18 - 2015-03-27 19:18 - 00003218 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-03-27 19:17 - 2015-03-27 19:17 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-03-27 19:16 - 2015-03-27 19:16 - 03026176 _____ (GridinSoft) C:\Users\Jodie\Downloads\TrojanKillerInstallerST.exe
2015-03-27 19:14 - 2015-03-27 19:14 - 09306112 _____ () C:\Users\Jodie\Downloads\HitmanPro.exe
2015-03-27 19:13 - 2015-03-27 19:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-27 19:12 - 2015-03-27 19:13 - 10109856 _____ (SurfRight B.V.) C:\Users\Jodie\Downloads\HitmanPro(1).exe
2015-03-27 19:11 - 2015-03-27 19:11 - 07471104 _____ (SurfRight B.V.) C:\Users\Jodie\Downloads\HitmanPro_x64.exe
2015-03-27 18:39 - 2015-03-27 18:44 - 00000000 ___DC () C:\AdwCleaner
2015-03-27 18:38 - 2015-03-27 18:38 - 02168320 _____ () C:\Users\Jodie\Downloads\adwcleaner_4.113.exe
2015-03-27 18:14 - 2015-03-27 18:14 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-03-27 18:13 - 2015-03-27 18:13 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\Opera Software
2015-03-27 18:13 - 2015-03-27 18:13 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Opera Software
2015-03-27 18:12 - 2015-03-27 18:12 - 00003820 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1427497950
2015-03-27 18:12 - 2015-03-27 18:12 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-27 18:04 - 2015-03-27 18:04 - 00000613 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\Users\Jodie\AppData\Local\VS Revo Group
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-03-27 18:04 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-03-27 07:53 - 2015-03-27 07:53 - 00003558 _____ () C:\Windows\System32\Tasks\CSFRIS
2015-03-27 07:53 - 2015-03-27 07:53 - 00000000 ____D () C:\ProgramData\8723ad0b891c4364adb7f186eda76ca7
2015-03-27 07:53 - 2015-03-27 07:53 - 00000000 ____D () C:\ProgramData\16b7eaa419374a66a1f93a9165a5afba
2015-03-27 07:33 - 2015-03-27 07:33 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-27 07:19 - 2015-03-28 08:02 - 00001334 _____ () C:\Windows\Tasks\JYSS.job
2015-03-27 07:19 - 2015-03-28 08:02 - 00001332 _____ () C:\Windows\Tasks\XOU.job
2015-03-27 07:19 - 2015-03-27 07:19 - 00004360 _____ () C:\Windows\System32\Tasks\JYSS
2015-03-27 07:19 - 2015-03-27 07:19 - 00004358 _____ () C:\Windows\System32\Tasks\XOU
2015-03-27 07:10 - 2015-03-27 07:27 - 00000000 ____D () C:\Users\Jodie\AppData\Local\30464336-1427440200-3930-4233-4633FFFFFFFF
2015-03-27 07:06 - 2015-03-27 07:06 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF
2015-03-27 06:58 - 2015-03-27 06:58 - 00000000 _SHDC () C:\Program Files (x86)\Lrunaboracium
2015-03-27 06:53 - 2015-03-27 06:53 - 00561544 _____ () C:\Users\Jodie\Downloads\Setup.exe
2015-03-26 14:14 - 2015-03-26 14:14 - 00005542 _____ () C:\Users\Jodie\AppData\Roaming\JYSS
2015-03-26 14:14 - 2015-03-26 14:14 - 00004185 _____ () C:\Users\Jodie\AppData\Roaming\XOU
2015-03-26 06:57 - 2015-03-26 06:57 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-25 07:01 - 2015-03-10 23:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 07:01 - 2015-03-10 23:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 16:16 - 2015-03-23 16:33 - 00039899 _____ () C:\Users\Jodie\Documents\1956 Auction.xlsx
2015-03-18 11:03 - 2015-03-18 11:03 - 00000000 ____D () C:\Windows\pss
2015-03-18 10:56 - 2015-03-18 11:35 - 00000000 ____D () C:\Users\Jodie\AppData\Local\LogMeIn Rescue Applet
2015-03-18 10:55 - 2015-03-18 10:55 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Jodie\Downloads\Support-LogMeInRescue(1).exe
2015-03-17 22:19 - 2015-03-17 22:27 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-17 22:19 - 2015-03-17 22:19 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-17 22:19 - 2015-03-17 22:19 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-17 22:19 - 2015-03-17 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-17 22:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-03-16 19:38 - 2015-03-16 19:38 - 00000000 ____D () C:\ProgramData\{85136baf-115a-05de-8513-36baf115aebc}
2015-03-16 19:37 - 2015-03-17 20:48 - 00000000 ___DC () C:\Program Files (x86)\TerminusMaker
2015-03-16 19:37 - 2015-03-17 20:47 - 00000000 ___DC () C:\Program Files (x86)\Online music radio
2015-03-16 19:36 - 2015-03-16 19:36 - 00000000 ____D () C:\ProgramData\15831777148096363316
2015-03-16 19:35 - 2015-03-17 20:47 - 00000000 ____D () C:\ProgramData\{660f0b48-6ea1-9128-660f-f0b486ea2d21}
2015-03-12 09:15 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 09:15 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 09:15 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 09:15 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:40 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:40 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 08:40 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:40 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 08:40 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:40 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:40 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:40 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:40 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 08:40 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:40 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:40 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 08:40 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 08:39 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:39 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:39 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:39 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:39 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:39 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:39 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:39 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:39 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:39 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:39 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:39 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:39 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:39 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:39 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:39 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:39 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:39 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:39 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:39 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 08:39 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 08:39 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 08:39 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 08:39 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 08:39 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 08:39 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:39 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:39 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 08:39 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 08:39 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 08:38 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:38 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:38 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:38 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:38 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:38 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:38 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:38 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:38 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:38 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:38 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:38 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 08:38 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:38 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:38 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 08:38 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:38 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:38 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:38 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:38 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 08:38 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 08:38 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 08:38 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:38 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:38 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:38 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:38 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:38 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:38 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:38 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:38 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:38 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:38 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:38 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:38 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 08:38 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 08:38 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 08:38 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:38 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:38 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 08:38 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:38 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:38 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:38 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:38 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:38 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:38 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:38 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:38 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:38 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:38 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:38 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:38 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:38 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 08:38 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:38 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:38 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:38 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:38 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:38 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 17:23 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 20:26 - 2015-03-02 20:26 - 00001582 _____ () C:\Windows\System32\Tasks\Amazon Music Helper
2015-03-02 20:26 - 2015-03-02 20:26 - 00001190 _____ () C:\Users\Jodie\Desktop\Amazon Music.lnk
2015-03-02 20:15 - 2015-03-02 20:15 - 40117016 _____ (Amazon) C:\Users\Jodie\Desktop\AmazonMusicInstaller.exe
2015-03-02 16:18 - 2015-03-02 16:18 - 01004016 _____ () C:\Windows\Minidump\030215-19687-01.dmp
2015-02-26 04:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 04:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 08:05 - 2015-01-19 14:25 - 00000000 ___DC () C:\FRST
2015-03-28 08:02 - 2012-09-04 06:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 08:02 - 2012-09-04 06:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 08:02 - 2012-04-11 08:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 08:02 - 2010-01-18 21:36 - 01276574 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 20:35 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 20:35 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 20:28 - 2014-12-12 00:31 - 00010954 _____ () C:\Windows\setupact.log
2015-03-27 20:28 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 20:27 - 2010-01-18 22:06 - 00365292 _____ () C:\Windows\PFRO.log
2015-03-27 19:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2015-03-27 18:51 - 2015-01-19 14:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 17:46 - 2011-02-23 21:41 - 00057718 _____ () C:\Users\Jodie\Documents\bills 2011.xlsx
2015-03-27 16:59 - 2010-01-18 21:37 - 00001417 _____ () C:\Users\Jodie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-27 16:59 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-27 16:59 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-27 07:05 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 06:58 - 2014-08-24 13:53 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Adobe
2015-03-26 06:57 - 2012-04-11 08:37 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-26 06:57 - 2012-04-11 08:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-26 06:57 - 2011-08-26 08:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-26 03:17 - 2015-01-08 16:39 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-26 03:16 - 2014-12-09 21:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 03:16 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-18 06:45 - 2014-03-21 18:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-17 22:23 - 2014-03-01 22:40 - 00000000 ____D () C:\Users\Jodie\AppData\Local\LogMeIn Hamachi
2015-03-17 21:30 - 2010-01-18 21:54 - 00318047 ____C () C:\service.log
2015-03-17 21:20 - 2011-02-23 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-17 21:20 - 2011-02-23 18:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 20:59 - 2010-01-18 21:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-17 20:49 - 2010-01-18 22:07 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-03-17 20:48 - 2011-05-09 15:29 - 00000000 ____D () C:\Windows\en
2015-03-13 08:36 - 2014-12-12 07:45 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:18 - 2009-07-13 23:45 - 00412928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 09:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 09:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 09:20 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-12 09:04 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 08:57 - 2010-01-18 21:42 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-05 09:08 - 2010-01-18 22:47 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Google
2015-03-04 04:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 12:58 - 2015-01-06 17:20 - 00021467 _____ () C:\Users\Jodie\Documents\AHS Treasurer2.xlsx
2015-03-03 08:17 - 2010-01-18 21:42 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:18 - 2010-05-02 07:57 - 00000000 ____D () C:\Windows\Minidump

==================== Files in the root of some directories =======

2015-03-26 14:14 - 2015-03-26 14:14 - 0005542 _____ () C:\Users\Jodie\AppData\Roaming\JYSS
2015-03-26 14:14 - 2015-03-26 14:14 - 0004185 _____ () C:\Users\Jodie\AppData\Roaming\XOU
2013-05-06 18:04 - 2013-05-06 18:05 - 0000084 ___RC () C:\Users\Jodie\AppData\Local\DVDPATH.TXT

Some content of TEMP:
====================
C:\Users\Jodie\AppData\Local\Temp\eFixProPackage.exe
C:\Users\Jodie\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Jodie\AppData\Local\Temp\Quarantine.exe
C:\Users\Jodie\AppData\Local\Temp\SpOrder.dll
C:\Users\Jodie\AppData\Local\Temp\sqlite3.dll
C:\Users\Jodie\AppData\Local\Temp\Uninstall.exe
C:\Users\Jodie\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

ADDITION.TXT:

Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C5D8EEB2-EDBC-4375-829D-BE50547C8890}) (Version: 1.3 - Eyeo GmbH)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FileZilla Client 3.5.3 (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heroes of Might and Magic® III Complete (HKLM-x32\...\Heroes of Might and Magic® III) (Version:  - )
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech GamePanel Software 2.00 (HKLM\...\{7598C430-8B00-4447-A710-0DDA0770370A}) (Version: 2.00.171 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
ShieldSoft (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\ShieldSoft) (Version: 1.0 - ShieldSoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Veetle TV 0.9.17 (HKLM-x32\...\Veetle TV) (Version: 0.9.17 - Veetle, Inc)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 2.3.0.5 - Flagship Industries, Inc.)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.5.0 - Flagship Industries, Inc.)
Warcraft II BNE (HKLM-x32\...\Warcraft II BNE) (Version:  - )
Warlords Battlecry III (HKLM-x32\...\{93DA8968-092B-4E6F-B568-AB8471952143}) (Version: W4PCA0.8 - )
WinDirStat 1.1.2 (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-03-2015 08:02:14 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02584DEB-473E-48AE-90AC-C7EFD6390081} - System32\Tasks\JYSS => C:\Users\Jodie\AppData\Roaming\JYSS.exe <==== ATTENTION
Task: {0EF524CF-BE51-4FA9-93ED-E3D1930C551E} - System32\Tasks\Amazon Music Helper => C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-10-15] ()
Task: {39CA462B-B08E-4764-ABC0-6A8114205B82} - System32\Tasks\Trojan Killer => D:\GridinSoft Trojan Killer\trojankiller.exe
Task: {3E938DDF-1BE6-4D2A-8060-EF912D2808D2} - System32\Tasks\XOU => C:\Users\Jodie\AppData\Roaming\XOU.exe <==== ATTENTION
Task: {56841B19-CBF5-4A5A-BF60-29DA877832A5} - System32\Tasks\{CC13F725-40C7-4116-9B8B-12CE7981305F} => E:\Warlords Battlecry 3\Battlecry_104 (1).exe
Task: {6A4A6698-748A-4A5D-93DE-6E535F8DD925} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {708EF0AF-9AEA-4EFB-956F-BB5C73F2F6E2} - System32\Tasks\{8A03FBC9-BB56-4AB6-B135-2823596F8FA4} => E:\Program Files (x86)\iTunes\iTunes.exe
Task: {83E42A5B-F4E4-407C-B83A-A9357ACA168F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {8B3E8844-0A5C-49A7-A604-C4233D5C2A35} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {94714537-DCF3-48D5-9AFC-112075C957FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {9ED571BD-91BD-4966-A3A3-BE40AF27E11E} - System32\Tasks\{8B261524-AEFC-444E-8172-6E20BB2F8507} => pcalua.exe -a D:\Downloads\windirstat1_1_2_setup.exe -d D:\Downloads
Task: {A17FF63C-A07A-43D5-AECE-B50BD15411DD} - System32\Tasks\Opera scheduled Autoupdate 1427497950 => C:\Program Files (x86)\Opera\launcher.exe
Task: {AE640F77-42D7-4D2A-8654-D9A06EC6FB17} - System32\Tasks\{E35E1831-9087-4804-9B15-82A6531BB2DF} => E:\Warlords Battlecry 3\Battlecry_104 (1).exe
Task: {B3F76D5D-71D1-4A5A-A60D-88381C1FC3EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B907A212-4980-4953-8722-867B6442D25B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {C0C78B02-79F2-46A1-9409-F12AB3D1D616} - System32\Tasks\CSFRIS => C:\ProgramData\16b7eaa419374a66a1f93a9165a5afba\16b7eaa419374a66a1f93a9165a5afba.exe [2015-03-27] ()
Task: {D3E61F2A-FFF2-4858-A07B-CB138F06028E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D49550B8-C60A-4C35-9BA1-EA7714C1EB52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E1CB7AAC-A7E9-4030-9782-C86A462E1DB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-26] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JYSS.job => C:\Users\Jodie\AppData\Roaming\JYSS.exe <==== ATTENTION
Task: C:\Windows\Tasks\XOU.job => C:\Users\Jodie\AppData\Roaming\XOU.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-03-27 07:06 - 2015-03-27 07:06 - 00116224 _____ () C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\nsy17CD.tmpfs
2015-03-27 06:58 - 2015-03-25 09:05 - 00256512 __SHC () C:\Program Files (x86)\Lrunaboracium\Lrunaboracium.exe
2015-03-27 07:06 - 2015-03-27 07:06 - 00204800 _____ () C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\jnsi4835.tmp
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () e:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-03-02 20:26 - 2014-10-15 00:35 - 06281024 _____ () C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-03-26 06:57 - 2015-03-26 06:57 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jodie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: ShieldSoft => 2
MSCONFIG\startupfolder: C:^Users^Jodie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jimmy Harnen   Where Are You Now 89.lnk => C:\Windows\pss\Jimmy Harnen   Where Are You Now 89.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jodie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "D:\Downloads\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "D:\Downloads\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "D:\Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launch LCDMon => "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
MSCONFIG\startupreg: Launch LGDCore => "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "E:\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: pcreg => C:\Program Files\pcreg\service.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SUPERAntiSpyware => D:\Anti Spyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-3119044640-1024220412-4187171245-500 - Administrator - Disabled)
Guest (S-1-5-21-3119044640-1024220412-4187171245-501 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3119044640-1024220412-4187171245-1002 - Administrator - Enabled)
Jodie (S-1-5-21-3119044640-1024220412-4187171245-1001 - Administrator - Enabled) => C:\Users\Jodie

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2015 08:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17689, time stamp: 0x54e68526
Faulting module name: Flash32_16_0_0_305.ocx, version: 16.0.0.305, time stamp: 0x54cff11b
Exception code: 0xc0000005
Fault offset: 0x00053aaf
Faulting process id: 0x12a0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/27/2015 06:27:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:27:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:24:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:21:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:18:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:16:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:12:48 PM) (Source: IDVault) (EventID: 0) (User: )
Description: StarServiceAndWait: TimeoutException waiting for service status check - Service=FontCache3.0.0.0, Status=Stopped, Message=Time out has expired and the operation has not been completed., Stack=   at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
   at GuardId.IdVaultCore.Utils.ServiceHelper.StarServiceAndWait(String serviceName, Int32 timeoutSec)

Error: (03/27/2015 06:12:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:12:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883
Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0x8440
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (03/28/2015 08:02:12 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :20" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/28/2015 08:02:12 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/28/2015 08:02:09 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F218D0F1-AB9F-483E-8A18-89A73CDE27DE} because another computer on the network has the same name.  The server could not start.

Error: (03/27/2015 08:28:45 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :20" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/27/2015 08:28:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error: (03/27/2015 08:28:45 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F218D0F1-AB9F-483E-8A18-89A73CDE27DE} because another computer on the network has the same name.  The server could not start.

Error: (03/27/2015 08:28:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TerminusMaker service to connect.

Error: (03/27/2015 08:28:14 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/27/2015 08:07:22 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/27/2015 07:51:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (03/27/2015 08:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1768954e68526Flash32_16_0_0_305.ocx16.0.0.30554cff11bc000000500053aaf12a001d068f3a8d267b7C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_16_0_0_305.ocx8d283896-d4e7-11e4-86f5-6cf04909b3f3

Error: (03/27/2015 06:27:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:27:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:24:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:21:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:18:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:16:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:12:48 PM) (Source: IDVault) (EventID: 0) (User: )
Description: StarServiceAndWait: TimeoutException waiting for service status check - Service=FontCache3.0.0.0, Status=Stopped, Message=Time out has expired and the operation has not been completed., Stack=   at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
   at GuardId.IdVaultCore.Utils.ServiceHelper.StarServiceAndWait(String serviceName, Int32 timeoutSec)

Error: (03/27/2015 06:12:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:12:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e02844001d068e27335aa59D:\Firefox\plugin-container.exeD:\Firefox\mozalloc.dllb9ed0ac7-d4d6-11e4-b37e-6cf04909b3f3


CodeIntegrity Errors:
===================================
  Date: 2015-02-12 07:39:17.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 07:39:17.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 07:37:53.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 07:37:53.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 16:35:55.129
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Config.Msi\a46a8cc.rbf because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 16:35:54.939
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Config.Msi\a46a8cc.rbf because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.959
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.809
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.579
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.409
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom™ II X3 720 Processor
Percentage of memory in use: 21%
Total physical RAM: 8190.49 MB
Available physical RAM: 6466.43 MB
Total Pagefile: 16379.17 MB
Available Pagefile: 14242.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:7.92 GB) NTFS
Drive d: () (Fixed) (Total:249.02 GB) (Free:243.42 GB) NTFS
Drive e: () (Fixed) (Total:249.49 GB) (Free:218.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 60A80FE0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=249 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=249.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:26 AM

Posted 28 March 2015 - 10:32 AM

Hello :)

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
    ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
    ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ProxyEnable: [S-1-5-21-3119044640-1024220412-4187171245-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-3119044640-1024220412-4187171245-1001] => http=127.0.0.1:9880
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    R2 Lrunaboracium; C:\Program Files (x86)\Lrunaboracium\Lrunaboracium.exe [256512 2015-03-25] () [File not signed] 
    R2 rijedubu; C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\jnsi4835.tmp [204800 2015-03-27] () [File not signed]
    S4 ShieldSoft; C:\Users\Jodie\AppData\Roaming\ShieldSoft\UI\bin\ShieldsoftService.exe [74024 2014-09-28] ()
    C:\Users\Jodie\AppData\Roaming\ShieldSoft
    S2 39bfb656; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TerminusMaker\TerminusMaker.dll",serv
    R2 cofewobo; C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\nsy17CD.tmpfs [X]
    C:\Windows\SysWOW64\VCLOff.ini
    C:\Windows\system32\VCLOff.ini
    C:\Windows\SysWOW64\VCL.dll
    C:\Users\Jodie\AppData\Roaming\JYSS
    C:\Users\Jodie\AppData\Roaming\XOU
    Task: {02584DEB-473E-48AE-90AC-C7EFD6390081} - System32\Tasks\JYSS => C:\Users\Jodie\AppData\Roaming\JYSS.exe 
    Task: {0EF524CF-BE51-4FA9-93ED-E3D1930C551E} - System32\Tasks\Amazon Music Helper => C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-10-15] ()
    Task: {3E938DDF-1BE6-4D2A-8060-EF912D2808D2} - System32\Tasks\XOU => C:\Users\Jodie\AppData\Roaming\XOU.exe 
    Task: {C0C78B02-79F2-46A1-9409-F12AB3D1D616} - System32\Tasks\CSFRIS => C:\ProgramData\16b7eaa419374a66a1f93a9165a5afba\16b7eaa419374a66a1f93a9165a5afba.exe [2015-03-27] ()
    C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\
    C:\Users\Jodie\AppData\Roaming\JYSS.exe 
    C:\Users\Jodie\AppData\Roaming\XOU.exe 
    C:\ProgramData\16b7eaa419374a66a1f93a9165a5afba
    Task: C:\Windows\Tasks\JYSS.job => C:\Users\Jodie\AppData\Roaming\JYSS.exe 
    Task: C:\Windows\Tasks\XOU.job => C:\Users\Jodie\AppData\Roaming\XOU.exe 
    C:\Program Files (x86)\TerminusMaker
    C:\Program Files (x86)\Lrunaboracium
    cmd: netsh winsock reset 
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 Corner Cutter

Corner Cutter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 28 March 2015 - 11:22 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Jodie at 2015-03-28 11:15:17 Run:2
Running from C:\Users\Jodie\Desktop
Loaded Profiles: Jodie (Available profiles: Jodie)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3119044640-1024220412-4187171245-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3119044640-1024220412-4187171245-1001] => http=127.0.0.1:9880
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 Lrunaboracium; C:\Program Files (x86)\Lrunaboracium\Lrunaboracium.exe [256512 2015-03-25] () [File not signed]
R2 rijedubu; C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\jnsi4835.tmp [204800 2015-03-27] () [File not signed]
S4 ShieldSoft; C:\Users\Jodie\AppData\Roaming\ShieldSoft\UI\bin\ShieldsoftService.exe [74024 2014-09-28] ()
C:\Users\Jodie\AppData\Roaming\ShieldSoft
S2 39bfb656; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TerminusMaker\TerminusMaker.dll",serv
R2 cofewobo; C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\nsy17CD.tmpfs [X]
C:\Windows\SysWOW64\VCLOff.ini
C:\Windows\system32\VCLOff.ini
C:\Windows\SysWOW64\VCL.dll
C:\Users\Jodie\AppData\Roaming\JYSS
C:\Users\Jodie\AppData\Roaming\XOU
Task: {02584DEB-473E-48AE-90AC-C7EFD6390081} - System32\Tasks\JYSS => C:\Users\Jodie\AppData\Roaming\JYSS.exe
Task: {0EF524CF-BE51-4FA9-93ED-E3D1930C551E} - System32\Tasks\Amazon Music Helper => C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-10-15] ()
Task: {3E938DDF-1BE6-4D2A-8060-EF912D2808D2} - System32\Tasks\XOU => C:\Users\Jodie\AppData\Roaming\XOU.exe
Task: {C0C78B02-79F2-46A1-9409-F12AB3D1D616} - System32\Tasks\CSFRIS => C:\ProgramData\16b7eaa419374a66a1f93a9165a5afba\16b7eaa419374a66a1f93a9165a5afba.exe [2015-03-27] ()
C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\
C:\Users\Jodie\AppData\Roaming\JYSS.exe
C:\Users\Jodie\AppData\Roaming\XOU.exe
C:\ProgramData\16b7eaa419374a66a1f93a9165a5afba
Task: C:\Windows\Tasks\JYSS.job => C:\Users\Jodie\AppData\Roaming\JYSS.exe
Task: C:\Windows\Tasks\XOU.job => C:\Users\Jodie\AppData\Roaming\XOU.exe
C:\Program Files (x86)\TerminusMaker
C:\Program Files (x86)\Lrunaboracium
cmd: netsh winsock reset
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KAVOverlayIcon" => Key deleted successfully.
HKCR\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KAVOverlayIcon" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Lrunaboracium => Service deleted successfully.
rijedubu => Service deleted successfully.
ShieldSoft => Service deleted successfully.
C:\Users\Jodie\AppData\Roaming\ShieldSoft => Moved successfully.
39bfb656 => Service deleted successfully.
cofewobo => Service deleted successfully.
C:\Windows\SysWOW64\VCLOff.ini => Moved successfully.
C:\Windows\system32\VCLOff.ini => Moved successfully.
C:\Windows\SysWOW64\VCL.dll => Moved successfully.
C:\Users\Jodie\AppData\Roaming\JYSS => Moved successfully.
C:\Users\Jodie\AppData\Roaming\XOU => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02584DEB-473E-48AE-90AC-C7EFD6390081}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02584DEB-473E-48AE-90AC-C7EFD6390081}" => Key Deleted successfully.
C:\Windows\System32\Tasks\JYSS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JYSS" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0EF524CF-BE51-4FA9-93ED-E3D1930C551E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EF524CF-BE51-4FA9-93ED-E3D1930C551E}" => Key Deleted successfully.
C:\Windows\System32\Tasks\Amazon Music Helper => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Amazon Music Helper" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E938DDF-1BE6-4D2A-8060-EF912D2808D2}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E938DDF-1BE6-4D2A-8060-EF912D2808D2}" => Key Deleted successfully.
C:\Windows\System32\Tasks\XOU => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\XOU" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0C78B02-79F2-46A1-9409-F12AB3D1D616}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0C78B02-79F2-46A1-9409-F12AB3D1D616}" => Key Deleted successfully.
C:\Windows\System32\Tasks\CSFRIS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CSFRIS" => Key Deleted successfully.
C:\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF => Moved successfully.
"C:\Users\Jodie\AppData\Roaming\JYSS.exe" => File/Directory not found.
"C:\Users\Jodie\AppData\Roaming\XOU.exe" => File/Directory not found.
C:\ProgramData\16b7eaa419374a66a1f93a9165a5afba => Moved successfully.
C:\Windows\Tasks\JYSS.job => Moved successfully.
C:\Windows\Tasks\XOU.job => Moved successfully.
C:\Program Files (x86)\TerminusMaker => Moved successfully.
C:\Program Files (x86)\Lrunaboracium => Moved successfully.

=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 11:15:18 ====

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jodie (administrator) on JODIE-PC on 28-03-2015 11:20:44
Running from C:\Users\Jodie\Desktop
Loaded Profiles: Jodie (Available profiles: Jodie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.64\OptProSmartScan.exe
() C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.64\OptProLauncher.exe [148008 2015-03-17] (PC Utilities Software Limited)
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\MountPoints2: {7acdefe5-95ed-11e2-9fb3-6cf04909b3f3} - G:\TL_Bootstrap.exe
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-02-25] (Compete, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-02-25] (Compete, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3119044640-1024220412-4187171245-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Jodie\AppData\Roaming\Mozilla\Firefox\Profiles\5dyuz9ke.default-1427499251391
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [2010-03-22] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-03-17] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-03-22] (Veetle Inc)
FF Plugin-x32: Adobe Acrobat -> D:\Downloads\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi [2015-01-21]
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 3a37b93a; c:\Program Files (x86)\Optimizer Pro 3.64\OptProMon.dll [2292264 2015-03-28] ()
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2015-03-28] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [106296 2015-03-28] (ConsumerInput)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-07-14] (Macrovision Europe Ltd.) [File not signed]
S4 Hamachi2Svc; E:\Hamachi\hamachi-2.exe [2490216 2015-02-17] (LogMeIn Inc.)
S3 Microsoft SharePoint Workspace Audit Service; D:\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 cpuz134; \??\C:\Users\Jodie\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 SASKUTIL; \??\D:\Anti Spyware\SASKUTIL.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 11:20 - 2015-03-28 11:20 - 00012840 _____ () C:\Users\Jodie\Desktop\FRST.txt
2015-03-28 11:07 - 2015-03-28 11:07 - 00003254 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-03-28 11:07 - 2015-03-28 11:07 - 00001063 _____ () C:\Users\Jodie\Desktop\Optimizer Pro.lnk
2015-03-28 11:07 - 2015-03-28 11:07 - 00000000 ___DC () C:\Program Files (x86)\Optimizer Pro 3.64
2015-03-28 11:07 - 2015-03-28 11:07 - 00000000 ____D () C:\Users\Jodie\Documents\Optimizer Pro
2015-03-28 11:07 - 2015-03-28 11:07 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\Optimizer Pro
2015-03-28 11:07 - 2015-03-28 11:07 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\Compete
2015-03-28 11:07 - 2015-03-28 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-03-28 11:06 - 2015-03-28 11:21 - 00000360 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-3119044640-1024220412-4187171245-1001.job
2015-03-28 11:06 - 2015-03-28 11:06 - 00003396 _____ () C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-3119044640-1024220412-4187171245-1001
2015-03-28 11:06 - 2015-03-28 11:06 - 00003274 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-3119044640-1024220412-4187171245-1001
2015-03-28 11:06 - 2015-03-28 11:06 - 00000394 _____ () C:\Windows\Tasks\CIMT_daily_S-1-5-21-3119044640-1024220412-4187171245-1001.job
2015-03-28 11:05 - 2015-03-28 11:17 - 00000964 _____ () C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-03-28 11:05 - 2015-03-28 11:10 - 00000968 _____ () C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-03-28 11:05 - 2015-03-28 11:05 - 00003964 _____ () C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2015-03-28 11:05 - 2015-03-28 11:05 - 00003712 _____ () C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2015-03-28 11:05 - 2015-03-28 11:05 - 00000000 ___DC () C:\Program Files (x86)\Consumer Input
2015-03-28 11:05 - 2015-03-28 11:05 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Consumer Input
2015-03-28 08:06 - 2015-03-28 08:07 - 00036336 _____ () C:\Users\Jodie\Desktop\Addition.txt
2015-03-27 20:11 - 2015-03-28 08:06 - 00050538 _____ () C:\Users\Jodie\Desktop\FRST .txt
2015-03-27 20:10 - 2015-03-27 20:10 - 02095616 _____ (Farbar) C:\Users\Jodie\Desktop\FRST64.exe
2015-03-27 20:07 - 2015-03-27 20:07 - 02095616 _____ (Farbar) C:\Users\Jodie\Downloads\FRST64(1).exe
2015-03-27 20:04 - 2015-03-27 20:04 - 00037598 _____ () C:\Users\Jodie\Downloads\Addition.txt
2015-03-27 20:03 - 2015-03-27 20:04 - 00053951 _____ () C:\Users\Jodie\Downloads\FRST.txt
2015-03-27 20:03 - 2015-03-27 20:03 - 02095616 _____ (Farbar) C:\Users\Jodie\Downloads\FRST64.exe
2015-03-27 20:02 - 2015-03-27 20:02 - 01135104 _____ (Farbar) C:\Users\Jodie\Downloads\FRST.exe
2015-03-27 19:18 - 2015-03-27 19:18 - 00003218 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-03-27 19:17 - 2015-03-27 19:17 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-03-27 19:16 - 2015-03-27 19:16 - 03026176 _____ (GridinSoft) C:\Users\Jodie\Downloads\TrojanKillerInstallerST.exe
2015-03-27 19:14 - 2015-03-27 19:14 - 09306112 _____ () C:\Users\Jodie\Downloads\HitmanPro.exe
2015-03-27 19:13 - 2015-03-27 19:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-27 19:12 - 2015-03-27 19:13 - 10109856 _____ (SurfRight B.V.) C:\Users\Jodie\Downloads\HitmanPro(1).exe
2015-03-27 19:11 - 2015-03-27 19:11 - 07471104 _____ (SurfRight B.V.) C:\Users\Jodie\Downloads\HitmanPro_x64.exe
2015-03-27 18:39 - 2015-03-27 18:44 - 00000000 ___DC () C:\AdwCleaner
2015-03-27 18:38 - 2015-03-27 18:38 - 02168320 _____ () C:\Users\Jodie\Downloads\adwcleaner_4.113.exe
2015-03-27 18:14 - 2015-03-27 18:14 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-03-27 18:13 - 2015-03-27 18:13 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\Opera Software
2015-03-27 18:13 - 2015-03-27 18:13 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Opera Software
2015-03-27 18:12 - 2015-03-27 18:12 - 00003820 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1427497950
2015-03-27 18:12 - 2015-03-27 18:12 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-27 18:04 - 2015-03-27 18:04 - 00000613 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\Users\Jodie\AppData\Local\VS Revo Group
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-03-27 18:04 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-03-27 07:53 - 2015-03-27 07:53 - 00000000 ____D () C:\ProgramData\8723ad0b891c4364adb7f186eda76ca7
2015-03-27 07:33 - 2015-03-27 07:33 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-27 07:10 - 2015-03-27 07:27 - 00000000 ____D () C:\Users\Jodie\AppData\Local\30464336-1427440200-3930-4233-4633FFFFFFFF
2015-03-27 06:53 - 2015-03-27 06:53 - 00561544 _____ () C:\Users\Jodie\Downloads\Setup.exe
2015-03-26 06:57 - 2015-03-26 06:57 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-25 07:01 - 2015-03-10 23:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 07:01 - 2015-03-10 23:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 16:16 - 2015-03-23 16:33 - 00039899 _____ () C:\Users\Jodie\Documents\1956 Auction.xlsx
2015-03-18 11:03 - 2015-03-18 11:03 - 00000000 ____D () C:\Windows\pss
2015-03-18 10:56 - 2015-03-18 11:35 - 00000000 ____D () C:\Users\Jodie\AppData\Local\LogMeIn Rescue Applet
2015-03-18 10:55 - 2015-03-18 10:55 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Jodie\Downloads\Support-LogMeInRescue(1).exe
2015-03-17 22:19 - 2015-03-17 22:27 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-17 22:19 - 2015-03-17 22:19 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-17 22:19 - 2015-03-17 22:19 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-17 22:19 - 2015-03-17 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-17 22:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-03-16 19:38 - 2015-03-16 19:38 - 00000000 ____D () C:\ProgramData\{85136baf-115a-05de-8513-36baf115aebc}
2015-03-16 19:37 - 2015-03-17 20:47 - 00000000 ___DC () C:\Program Files (x86)\Online music radio
2015-03-16 19:36 - 2015-03-16 19:36 - 00000000 ____D () C:\ProgramData\15831777148096363316
2015-03-16 19:35 - 2015-03-17 20:47 - 00000000 ____D () C:\ProgramData\{660f0b48-6ea1-9128-660f-f0b486ea2d21}
2015-03-12 09:15 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 09:15 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 09:15 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 09:15 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:40 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:40 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 08:40 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:40 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 08:40 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:40 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:40 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:40 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:40 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 08:40 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:40 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:40 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 08:40 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 08:39 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:39 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:39 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:39 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:39 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:39 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:39 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:39 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:39 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:39 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:39 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:39 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:39 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:39 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:39 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:39 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:39 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:39 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:39 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:39 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 08:39 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 08:39 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 08:39 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 08:39 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 08:39 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 08:39 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:39 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:39 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 08:39 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 08:39 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 08:38 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:38 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:38 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:38 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:38 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:38 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:38 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:38 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:38 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:38 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:38 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:38 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 08:38 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:38 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:38 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 08:38 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:38 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:38 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:38 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:38 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 08:38 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 08:38 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 08:38 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:38 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:38 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:38 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:38 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:38 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:38 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:38 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:38 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:38 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:38 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:38 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:38 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 08:38 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 08:38 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 08:38 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:38 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:38 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 08:38 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:38 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:38 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:38 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:38 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:38 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:38 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:38 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:38 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:38 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:38 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:38 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:38 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:38 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 08:38 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:38 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:38 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:38 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:38 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:38 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 17:23 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 20:26 - 2015-03-02 20:26 - 00001190 _____ () C:\Users\Jodie\Desktop\Amazon Music.lnk
2015-03-02 20:15 - 2015-03-02 20:15 - 40117016 _____ (Amazon) C:\Users\Jodie\Desktop\AmazonMusicInstaller.exe
2015-03-02 16:18 - 2015-03-02 16:18 - 01004016 _____ () C:\Windows\Minidump\030215-19687-01.dmp
2015-02-26 04:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 04:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 11:20 - 2015-01-19 14:25 - 00000000 ___DC () C:\FRST
2015-03-28 11:17 - 2014-12-12 00:31 - 00011010 _____ () C:\Windows\setupact.log
2015-03-28 11:17 - 2012-09-04 06:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 11:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 11:16 - 2010-01-18 21:36 - 01334293 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 11:11 - 2012-04-11 08:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 11:04 - 2012-09-04 06:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-27 20:35 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 20:35 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 20:27 - 2010-01-18 22:06 - 00365292 _____ () C:\Windows\PFRO.log
2015-03-27 19:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2015-03-27 18:51 - 2015-01-19 14:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 17:46 - 2011-02-23 21:41 - 00057718 _____ () C:\Users\Jodie\Documents\bills 2011.xlsx
2015-03-27 16:59 - 2010-01-18 21:37 - 00001417 _____ () C:\Users\Jodie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-27 16:59 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-27 16:59 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-27 07:05 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 06:58 - 2014-08-24 13:53 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Adobe
2015-03-26 06:57 - 2012-04-11 08:37 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-26 06:57 - 2012-04-11 08:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-26 06:57 - 2011-08-26 08:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-26 03:17 - 2015-01-08 16:39 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-26 03:16 - 2014-12-09 21:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 03:16 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-18 06:45 - 2014-03-21 18:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-17 22:23 - 2014-03-01 22:40 - 00000000 ____D () C:\Users\Jodie\AppData\Local\LogMeIn Hamachi
2015-03-17 21:30 - 2010-01-18 21:54 - 00318047 ____C () C:\service.log
2015-03-17 21:20 - 2011-02-23 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-17 21:20 - 2011-02-23 18:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 20:59 - 2010-01-18 21:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-17 20:49 - 2010-01-18 22:07 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-03-17 20:48 - 2011-05-09 15:29 - 00000000 ____D () C:\Windows\en
2015-03-13 08:36 - 2014-12-12 07:45 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:18 - 2009-07-13 23:45 - 00412928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 09:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 09:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 09:20 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-12 09:04 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 08:57 - 2010-01-18 21:42 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-05 09:08 - 2010-01-18 22:47 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Google
2015-03-04 04:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 12:58 - 2015-01-06 17:20 - 00021467 _____ () C:\Users\Jodie\Documents\AHS Treasurer2.xlsx
2015-03-03 08:17 - 2010-01-18 21:42 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:18 - 2010-05-02 07:57 - 00000000 ____D () C:\Windows\Minidump

==================== Files in the root of some directories =======

2013-05-06 18:04 - 2013-05-06 18:05 - 0000084 ___RC () C:\Users\Jodie\AppData\Local\DVDPATH.TXT

Some content of TEMP:
====================
C:\Users\Jodie\AppData\Local\Temp\compete.exe
C:\Users\Jodie\AppData\Local\Temp\cw.exe
C:\Users\Jodie\AppData\Local\Temp\eFixProPackage.exe
C:\Users\Jodie\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Jodie\AppData\Local\Temp\optsetup.exe
C:\Users\Jodie\AppData\Local\Temp\Quarantine.exe
C:\Users\Jodie\AppData\Local\Temp\Setup_16746.exe
C:\Users\Jodie\AppData\Local\Temp\SpOrder.dll
C:\Users\Jodie\AppData\Local\Temp\sqlite3.dll
C:\Users\Jodie\AppData\Local\Temp\Uninstall.exe
C:\Users\Jodie\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 06:49

==================== End Of Log ============================



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:26 AM

Posted 28 March 2015 - 11:30 AM

2015-03-28 11:07 - 2015-03-28 11:07 - 00003254 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-03-28 11:07 - 2015-03-28 11:07 - 00001063 _____ () C:\Users\Jodie\Desktop\Optimizer Pro.lnk
2015-03-28 11:07 - 2015-03-28 11:07 - 00000000 ___DC () C:\Program Files (x86)\Optimizer Pro 3.64
2015-03-28 11:07 - 2015-03-28 11:07 - 00000000 ____D () C:\Users\Jodie\Documents\Optimizer Pro
2015-03-28 11:07 - 2015-03-28 11:07 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\Optimizer Pro
2015-03-28 11:07 - 2015-03-28 11:07 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\Compete
2015-03-28 11:07 - 2015-03-28 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2

What have you done? Optimizer Pro 3.64? :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Corner Cutter

Corner Cutter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 28 March 2015 - 11:49 AM

It just started as a popup.  I didn't download or start that Optimizer Pro 3.64?  Did that break the fix you applied?



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:26 AM

Posted 28 March 2015 - 11:56 AM

OK, please do the following:
 
Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware. (NEW VERSION)
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Corner Cutter

Corner Cutter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 28 March 2015 - 01:30 PM

# AdwCleaner v4.107 - Report created 28/03/2015 at 12:09:23
# Updated 07/01/2015 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jodie - JODIE-PC
# Running from : C:\Users\Jodie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : consumerinput_update
[#] Service Deleted : consumerinput_updatem

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\15831777148096363316
Folder Deleted : C:\ProgramData\8723ad0b891c4364adb7f186eda76ca7
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Deleted : C:\Program Files (x86)\Consumer Input
Folder Deleted : C:\Users\Jodie\AppData\Local\Consumer Input
Folder Deleted : C:\Users\Jodie\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Jodie\Documents\Optimizer Pro
File Deleted : C:\Users\Jodie\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Jodie\Desktop\Optimizer Pro.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : Optimizer Pro Schedule

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [9232 octets] - [27/03/2015 18:39:58]
AdwCleaner[R1].txt - [4894 octets] - [28/03/2015 12:07:59]
AdwCleaner[S0].txt - [9038 octets] - [27/03/2015 18:44:19]
AdwCleaner[S1].txt - [4811 octets] - [28/03/2015 12:09:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4871 octets] ##########
 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/28/2015
Scan Time: 12:50:00 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.28.04
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jodie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361886
Time Elapsed: 15 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jodie (administrator) on JODIE-PC on 28-03-2015 13:28:51
Running from C:\Users\Jodie\Desktop
Loaded Profiles: Jodie (Available profiles: Jodie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) D:\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-03-17] (Malwarebytes Corporation)
HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\MountPoints2: {7acdefe5-95ed-11e2-9fb3-6cf04909b3f3} - G:\TL_Bootstrap.exe
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Jodie\AppData\Roaming\Mozilla\Firefox\Profiles\5dyuz9ke.default-1427499251391
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [2010-03-22] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2010-03-17] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.17 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2010-03-22] (Veetle Inc)
FF Plugin-x32: Adobe Acrobat -> D:\Downloads\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 3a37b93a; c:\Program Files (x86)\Optimizer Pro 3.64\OptProMon.dll [2292264 2015-03-28] ()
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-07-14] (Macrovision Europe Ltd.) [File not signed]
S4 Hamachi2Svc; E:\Hamachi\hamachi-2.exe [2490216 2015-02-17] (LogMeIn Inc.)
S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U0 gaterdce; C:\Windows\System32\drivers\knaphk.sys [79064 2015-03-28] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-03-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 cpuz134; \??\C:\Users\Jodie\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 SASKUTIL; \??\D:\Anti Spyware\SASKUTIL.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 13:27 - 2015-03-28 13:27 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\knaphk.sys
2015-03-28 13:27 - 2015-03-28 13:27 - 00013942 _____ () C:\Windows\SysWOW64\rhkbv
2015-03-28 12:48 - 2015-03-28 12:48 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Jodie\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-28 12:06 - 2015-03-28 12:06 - 02168320 _____ () C:\Users\Jodie\Downloads\adwcleaner_4.113(1).exe
2015-03-28 12:05 - 2015-03-28 12:05 - 02168320 _____ () C:\Users\Jodie\Downloads\AdwCleaner.exe
2015-03-28 11:20 - 2015-03-28 13:29 - 00012024 _____ () C:\Users\Jodie\Desktop\FRST.txt
2015-03-28 11:07 - 2015-03-28 13:27 - 00000000 ___DC () C:\Program Files (x86)\Optimizer Pro 3.64
2015-03-28 11:07 - 2015-03-28 13:27 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\Compete
2015-03-28 08:06 - 2015-03-28 08:07 - 00036336 _____ () C:\Users\Jodie\Desktop\Addition.txt
2015-03-27 20:11 - 2015-03-28 08:06 - 00050538 _____ () C:\Users\Jodie\Desktop\FRST .txt
2015-03-27 20:10 - 2015-03-27 20:10 - 02095616 _____ (Farbar) C:\Users\Jodie\Desktop\FRST64.exe
2015-03-27 20:07 - 2015-03-27 20:07 - 02095616 _____ (Farbar) C:\Users\Jodie\Downloads\FRST64(1).exe
2015-03-27 20:04 - 2015-03-27 20:04 - 00037598 _____ () C:\Users\Jodie\Downloads\Addition.txt
2015-03-27 20:03 - 2015-03-27 20:04 - 00053951 _____ () C:\Users\Jodie\Downloads\FRST.txt
2015-03-27 20:03 - 2015-03-27 20:03 - 02095616 _____ (Farbar) C:\Users\Jodie\Downloads\FRST64.exe
2015-03-27 20:02 - 2015-03-27 20:02 - 01135104 _____ (Farbar) C:\Users\Jodie\Downloads\FRST.exe
2015-03-27 19:18 - 2015-03-27 19:18 - 00003218 _____ () C:\Windows\System32\Tasks\Trojan Killer
2015-03-27 19:17 - 2015-03-27 19:17 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-03-27 19:16 - 2015-03-27 19:16 - 03026176 _____ (GridinSoft) C:\Users\Jodie\Downloads\TrojanKillerInstallerST.exe
2015-03-27 19:14 - 2015-03-27 19:14 - 09306112 _____ () C:\Users\Jodie\Downloads\HitmanPro.exe
2015-03-27 19:13 - 2015-03-27 19:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-27 19:12 - 2015-03-27 19:13 - 10109856 _____ (SurfRight B.V.) C:\Users\Jodie\Downloads\HitmanPro(1).exe
2015-03-27 19:11 - 2015-03-27 19:11 - 07471104 _____ (SurfRight B.V.) C:\Users\Jodie\Downloads\HitmanPro_x64.exe
2015-03-27 18:39 - 2015-03-28 12:09 - 00000000 ___DC () C:\AdwCleaner
2015-03-27 18:38 - 2015-03-27 18:38 - 02168320 _____ () C:\Users\Jodie\Downloads\adwcleaner_4.113.exe
2015-03-27 18:14 - 2015-03-27 18:14 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-03-27 18:13 - 2015-03-27 18:13 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\Opera Software
2015-03-27 18:13 - 2015-03-27 18:13 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Opera Software
2015-03-27 18:12 - 2015-03-27 18:12 - 00003820 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1427497950
2015-03-27 18:12 - 2015-03-27 18:12 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-27 18:04 - 2015-03-27 18:04 - 00000613 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\Users\Jodie\AppData\Local\VS Revo Group
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-03-27 18:04 - 2015-03-27 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-03-27 18:04 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-03-27 07:33 - 2015-03-27 07:33 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-26 06:57 - 2015-03-26 06:57 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-25 07:01 - 2015-03-10 23:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 07:01 - 2015-03-10 23:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 07:01 - 2015-03-10 23:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 07:01 - 2015-03-10 23:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 16:16 - 2015-03-23 16:33 - 00039899 _____ () C:\Users\Jodie\Documents\1956 Auction.xlsx
2015-03-18 11:03 - 2015-03-18 11:03 - 00000000 ____D () C:\Windows\pss
2015-03-18 10:56 - 2015-03-18 11:35 - 00000000 ____D () C:\Users\Jodie\AppData\Local\LogMeIn Rescue Applet
2015-03-18 10:55 - 2015-03-18 10:55 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Jodie\Downloads\Support-LogMeInRescue(1).exe
2015-03-17 22:19 - 2015-03-17 22:27 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-17 22:19 - 2015-03-17 22:19 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-17 22:19 - 2015-03-17 22:19 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-03-17 22:19 - 2015-03-17 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-17 22:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-03-16 19:38 - 2015-03-16 19:38 - 00000000 ____D () C:\ProgramData\{85136baf-115a-05de-8513-36baf115aebc}
2015-03-16 19:37 - 2015-03-17 20:47 - 00000000 ___DC () C:\Program Files (x86)\Online music radio
2015-03-16 19:35 - 2015-03-17 20:47 - 00000000 ____D () C:\ProgramData\{660f0b48-6ea1-9128-660f-f0b486ea2d21}
2015-03-12 09:15 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 09:15 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 09:15 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 09:15 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 09:15 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 09:15 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:40 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:40 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 08:40 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:40 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 08:40 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:40 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:40 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:40 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:40 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:40 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:40 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 08:40 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 08:40 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:40 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:40 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 08:40 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 08:39 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:39 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:39 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:39 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:39 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:39 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:39 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:39 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:39 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:39 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:39 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:39 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:39 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:39 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:39 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:39 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:39 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:39 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:39 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:39 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:39 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:39 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:39 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:39 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:39 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 08:39 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 08:39 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 08:39 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 08:39 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 08:39 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 08:39 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 08:39 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:39 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:39 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 08:39 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 08:39 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 08:38 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:38 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:38 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 08:38 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:38 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:38 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 08:38 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:38 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:38 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:38 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:38 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 08:38 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 08:38 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 08:38 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:38 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 08:38 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:38 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:38 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 08:38 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 08:38 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 08:38 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 08:38 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 08:38 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:38 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:38 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 08:38 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 08:38 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 08:38 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 08:38 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 08:38 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 08:38 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:38 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:38 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:38 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 08:38 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 08:38 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 08:38 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 08:38 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 08:38 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:38 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 08:38 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 08:38 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:38 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:38 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 08:38 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 08:38 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:38 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:38 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:38 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:38 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 08:38 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:38 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:38 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:38 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:38 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 08:38 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:38 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:38 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:38 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:38 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:38 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 17:23 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 17:23 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 20:26 - 2015-03-02 20:26 - 00001190 _____ () C:\Users\Jodie\Desktop\Amazon Music.lnk
2015-03-02 20:15 - 2015-03-02 20:15 - 40117016 _____ (Amazon) C:\Users\Jodie\Desktop\AmazonMusicInstaller.exe
2015-03-02 16:18 - 2015-03-02 16:18 - 01004016 _____ () C:\Windows\Minidump\030215-19687-01.dmp
2015-02-26 04:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 04:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 13:28 - 2015-01-19 14:25 - 00000000 ___DC () C:\FRST
2015-03-28 13:28 - 2010-01-18 21:36 - 01349565 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 13:27 - 2012-09-04 06:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 13:11 - 2012-04-11 08:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 12:50 - 2015-01-19 14:49 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-28 12:49 - 2015-02-25 16:25 - 00000613 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-28 12:49 - 2015-02-25 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 12:47 - 2012-09-04 06:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 12:17 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 12:17 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 12:10 - 2014-12-12 00:31 - 00011066 _____ () C:\Windows\setupact.log
2015-03-28 12:10 - 2010-01-18 22:06 - 00365606 _____ () C:\Windows\PFRO.log
2015-03-28 12:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 11:33 - 2011-02-23 21:41 - 00057722 _____ () C:\Users\Jodie\Documents\bills 2011.xlsx
2015-03-27 19:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2015-03-27 16:59 - 2010-01-18 21:37 - 00001417 _____ () C:\Users\Jodie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-27 16:59 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-27 16:59 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-27 07:05 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 06:58 - 2014-08-24 13:53 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Adobe
2015-03-26 06:57 - 2012-04-11 08:37 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-26 06:57 - 2012-04-11 08:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-26 06:57 - 2011-08-26 08:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-26 03:17 - 2015-01-08 16:39 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-26 03:16 - 2014-12-09 21:21 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 03:16 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-18 06:45 - 2014-03-21 18:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-17 22:23 - 2014-03-01 22:40 - 00000000 ____D () C:\Users\Jodie\AppData\Local\LogMeIn Hamachi
2015-03-17 21:30 - 2010-01-18 21:54 - 00318047 ____C () C:\service.log
2015-03-17 21:20 - 2011-02-23 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-17 21:20 - 2011-02-23 18:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-17 20:59 - 2010-01-18 21:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-17 20:49 - 2010-01-18 22:07 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-03-17 20:48 - 2011-05-09 15:29 - 00000000 ____D () C:\Windows\en
2015-03-17 06:15 - 2015-02-25 16:24 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2015-01-19 14:49 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2010-02-01 18:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-13 08:36 - 2014-12-12 07:45 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:18 - 2009-07-13 23:45 - 00412928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 09:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 09:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 09:20 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-12 09:04 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 08:57 - 2010-01-18 21:42 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-05 09:08 - 2010-01-18 22:47 - 00000000 ____D () C:\Users\Jodie\AppData\Local\Google
2015-03-04 04:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 12:58 - 2015-01-06 17:20 - 00021467 _____ () C:\Users\Jodie\Documents\AHS Treasurer2.xlsx
2015-03-03 08:17 - 2010-01-18 21:42 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:18 - 2010-05-02 07:57 - 00000000 ____D () C:\Windows\Minidump

==================== Files in the root of some directories =======

2013-05-06 18:04 - 2013-05-06 18:05 - 0000084 ___RC () C:\Users\Jodie\AppData\Local\DVDPATH.TXT

Some content of TEMP:
====================
C:\Users\Jodie\AppData\Local\Temp\compete.exe
C:\Users\Jodie\AppData\Local\Temp\cw.exe
C:\Users\Jodie\AppData\Local\Temp\eFixProPackage.exe
C:\Users\Jodie\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Jodie\AppData\Local\Temp\optsetup.exe
C:\Users\Jodie\AppData\Local\Temp\Quarantine.exe
C:\Users\Jodie\AppData\Local\Temp\Setup_16746.exe
C:\Users\Jodie\AppData\Local\Temp\SpOrder.dll
C:\Users\Jodie\AppData\Local\Temp\sqlite3.dll
C:\Users\Jodie\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 06:49

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Jodie at 2015-03-28 13:29:16
Running from C:\Users\Jodie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C5D8EEB2-EDBC-4375-829D-BE50547C8890}) (Version: 1.3 - Eyeo GmbH)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version:  - Compete Inc.) <==== ATTENTION
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FileZilla Client 3.5.3 (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heroes of Might and Magic® III Complete (HKLM-x32\...\Heroes of Might and Magic® III) (Version:  - )
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech GamePanel Software 2.00 (HKLM\...\{7598C430-8B00-4447-A710-0DDA0770370A}) (Version: 2.00.171 - Logitech)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
ShieldSoft (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\ShieldSoft) (Version: 1.0 - ShieldSoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Veetle TV 0.9.17 (HKLM-x32\...\Veetle TV) (Version: 0.9.17 - Veetle, Inc)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 2.3.0.5 - Flagship Industries, Inc.)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.5.0 - Flagship Industries, Inc.)
Warcraft II BNE (HKLM-x32\...\Warcraft II BNE) (Version:  - )
Warlords Battlecry III (HKLM-x32\...\{93DA8968-092B-4E6F-B568-AB8471952143}) (Version: W4PCA0.8 - )
WinDirStat 1.1.2 (HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-03-2015 08:02:14 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {39CA462B-B08E-4764-ABC0-6A8114205B82} - System32\Tasks\Trojan Killer => D:\GridinSoft Trojan Killer\trojankiller.exe
Task: {56841B19-CBF5-4A5A-BF60-29DA877832A5} - System32\Tasks\{CC13F725-40C7-4116-9B8B-12CE7981305F} => E:\Warlords Battlecry 3\Battlecry_104 (1).exe
Task: {6A4A6698-748A-4A5D-93DE-6E535F8DD925} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {708EF0AF-9AEA-4EFB-956F-BB5C73F2F6E2} - System32\Tasks\{8A03FBC9-BB56-4AB6-B135-2823596F8FA4} => E:\Program Files (x86)\iTunes\iTunes.exe
Task: {83E42A5B-F4E4-407C-B83A-A9357ACA168F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {8B3E8844-0A5C-49A7-A604-C4233D5C2A35} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {94714537-DCF3-48D5-9AFC-112075C957FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {9ED571BD-91BD-4966-A3A3-BE40AF27E11E} - System32\Tasks\{8B261524-AEFC-444E-8172-6E20BB2F8507} => pcalua.exe -a D:\Downloads\windirstat1_1_2_setup.exe -d D:\Downloads
Task: {A17FF63C-A07A-43D5-AECE-B50BD15411DD} - System32\Tasks\Opera scheduled Autoupdate 1427497950 => C:\Program Files (x86)\Opera\launcher.exe
Task: {AE640F77-42D7-4D2A-8654-D9A06EC6FB17} - System32\Tasks\{E35E1831-9087-4804-9B15-82A6531BB2DF} => E:\Warlords Battlecry 3\Battlecry_104 (1).exe
Task: {B3F76D5D-71D1-4A5A-A60D-88381C1FC3EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B907A212-4980-4953-8722-867B6442D25B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {D3E61F2A-FFF2-4858-A07B-CB138F06028E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D49550B8-C60A-4C35-9BA1-EA7714C1EB52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E1CB7AAC-A7E9-4030-9782-C86A462E1DB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-26] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () e:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () D:\Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3119044640-1024220412-4187171245-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jodie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: ShieldSoft => 2
MSCONFIG\startupfolder: C:^Users^Jodie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jimmy Harnen   Where Are You Now 89.lnk => C:\Windows\pss\Jimmy Harnen   Where Are You Now 89.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jodie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "D:\Downloads\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "D:\Downloads\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Jodie\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "D:\Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launch LCDMon => "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
MSCONFIG\startupreg: Launch LGDCore => "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "E:\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: pcreg => C:\Program Files\pcreg\service.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SUPERAntiSpyware => D:\Anti Spyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-3119044640-1024220412-4187171245-500 - Administrator - Disabled)
Guest (S-1-5-21-3119044640-1024220412-4187171245-501 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3119044640-1024220412-4187171245-1002 - Administrator - Enabled)
Jodie (S-1-5-21-3119044640-1024220412-4187171245-1001 - Administrator - Enabled) => C:\Users\Jodie

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2015 09:13:57 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/27/2015 08:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17689, time stamp: 0x54e68526
Faulting module name: Flash32_16_0_0_305.ocx, version: 16.0.0.305, time stamp: 0x54cff11b
Exception code: 0xc0000005
Fault offset: 0x00053aaf
Faulting process id: 0x12a0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/27/2015 06:27:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:27:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:24:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:21:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:18:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:16:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:12:48 PM) (Source: IDVault) (EventID: 0) (User: )
Description: StarServiceAndWait: TimeoutException waiting for service status check - Service=FontCache3.0.0.0, Status=Stopped, Message=Time out has expired and the operation has not been completed., Stack=   at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
   at GuardId.IdVaultCore.Utils.ServiceHelper.StarServiceAndWait(String serviceName, Int32 timeoutSec)

Error: (03/27/2015 06:12:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}


System errors:
=============
Error: (03/28/2015 01:27:19 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/28/2015 01:27:19 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :20" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/28/2015 01:27:19 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F218D0F1-AB9F-483E-8A18-89A73CDE27DE} because another computer on the network has the same name.  The server could not start.

Error: (03/28/2015 00:47:09 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :20" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/28/2015 00:47:09 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/28/2015 00:47:09 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F218D0F1-AB9F-483E-8A18-89A73CDE27DE} because another computer on the network has the same name.  The server could not start.

Error: (03/28/2015 00:10:45 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :20" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.

Error: (03/28/2015 00:10:45 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F218D0F1-AB9F-483E-8A18-89A73CDE27DE} because another computer on the network has the same name.  The server could not start.

Error: (03/28/2015 00:10:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error: (03/28/2015 00:10:32 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JODIE-PC       :0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (03/28/2015 09:13:57 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\Designer 8.2\FormDesigner.exe

Error: (03/27/2015 08:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1768954e68526Flash32_16_0_0_305.ocx16.0.0.30554cff11bc000000500053aaf12a001d068f3a8d267b7C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_16_0_0_305.ocx8d283896-d4e7-11e4-86f5-6cf04909b3f3

Error: (03/27/2015 06:27:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:27:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:24:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:21:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:18:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:16:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}

Error: (03/27/2015 06:12:48 PM) (Source: IDVault) (EventID: 0) (User: )
Description: StarServiceAndWait: TimeoutException waiting for service status check - Service=FontCache3.0.0.0, Status=Stopped, Message=Time out has expired and the operation has not been completed., Stack=   at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
   at GuardId.IdVaultCore.Utils.ServiceHelper.StarServiceAndWait(String serviceName, Int32 timeoutSec)

Error: (03/27/2015 06:12:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ccb1e3f7-2c07-4262-b7a0-6189063f578b}


CodeIntegrity Errors:
===================================
  Date: 2015-02-12 07:39:17.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 07:39:17.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 07:37:53.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-12 07:37:53.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-14 16:35:55.129
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Config.Msi\a46a8cc.rbf because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 16:35:54.939
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Config.Msi\a46a8cc.rbf because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.959
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.809
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\sasdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.579
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 07:19:34.409
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Anti Spyware\SASKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom™ II X3 720 Processor
Percentage of memory in use: 12%
Total physical RAM: 8190.49 MB
Available physical RAM: 7138.7 MB
Total Pagefile: 16379.17 MB
Available Pagefile: 14627.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:7.54 GB) NTFS
Drive d: () (Fixed) (Total:249.02 GB) (Free:243.51 GB) NTFS
Drive e: () (Fixed) (Total:249.49 GB) (Free:218.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 60A80FE0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=249 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=249.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:26 AM

Posted 28 March 2015 - 01:41 PM

Let's do a final check up:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Corner Cutter

Corner Cutter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 28 March 2015 - 05:44 PM

This scan has been running for about 3 hours and is still only 31% complete.  Is this normal?



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:26 AM

Posted 28 March 2015 - 05:47 PM

This scan has been running for about 3 hours and is still only 31% complete.  Is this normal?

 
Yes!


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 Corner Cutter

Corner Cutter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 29 March 2015 - 05:26 PM

Finally finished the scan:


ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=23069c7fc9ea044f98ced8b0e316b355
# engine=23133
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-29 10:39:40
# local_time=2015-03-29 05:39:40 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2383817 50497974 0 0
# scanned=529202
# found=43
# cleaned=0
# scan_time=53201
sh=A30BE3DE5AB072D785716AC476DEC38E4A872AC3 ft=1 fh=43adfcfd57dcd556 vn="a variant of Win64/Toolbar.Perion.B potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3119044640-1024220412-4187171245-1001\$R3HUSFI.dll"
sh=A5531B0E9856C687FB06C416B8E4FD8AF146220E ft=1 fh=d62231fbb092ad28 vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3119044640-1024220412-4187171245-1001\$RMCFJU9.dll"
sh=A8E5C49F87AE9DD2980E8E177EC1C1A7233D621E ft=1 fh=dcc48d4722b16d47 vn="a variant of Win64/Toolbar.Perion.B potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3119044640-1024220412-4187171245-1001\$RPWR8D1.dll"
sh=DD78121F381D85B3688173C46D2A4D39CC3C4B2B ft=1 fh=928e94aaea5ed2ad vn="a variant of Win32/Toolbar.Perion.K potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3119044640-1024220412-4187171245-1001\$RZ8W5A6.dll"
sh=FCC4483DEF410D70FE44DE88B2542BAE3A31EC9A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3119044640-1024220412-4187171245-1001\$R397BME\miwn1fx9.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\91.js"
sh=FC630A32804B1E8D13C5A511EC8A7F7147BBCED9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3119044640-1024220412-4187171245-1001\$R5ARZOD.03\11e1ad45-e93e-4c4d-8423-b341c6c90578.xpi"
sh=27FAB5AA3B0B2A806B12B9D10BF72BF45A87C05D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3119044640-1024220412-4187171245-1001\$R5RCR6K\{5081D2D4-1637-404c-B74F-50526718257D}.xpi"
sh=D6BDB978FEF18D5F7583174B467A0237E9F73372 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3119044640-1024220412-4187171245-1001\$R5RCR6K\chrome\content\main.js"
sh=0DFC08029E9909AA7478883FBC4D12CCCDB76C41 ft=1 fh=a92bab62982ed354 vn="a variant of Win32/Komodia.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\VCL.dll.vir"
sh=CFA01CB5760508FCBD0AA449015EE54EBF483A70 ft=1 fh=639cba8920bb17b5 vn="Win32/Conduit.SearchProtect.X potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\pcreg\pcreg.exe.xBAD"
sh=56E7C8D7C8A8AC828D34A1AAEEB556665BD91E78 ft=1 fh=27a7ab8b5181117d vn="Win32/Conduit.SearchProtect.T potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\pcreg\service.exe.xBAD"
sh=9AAD518834350E6DB4D805F66E8B9C5403D15FEA ft=1 fh=fd717f530d81f032 vn="a variant of Win32/Adware.PicColor.AA application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\16b7eaa419374a66a1f93a9165a5afba\16b7eaa419374a66a1f93a9165a5afba.exe"
sh=147E7AEBDEBB6E9F8FF6421745782501C2C5B245 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Jodie\AppData\Roaming\JYSS.xBAD"
sh=244EA60E7D5D45DE10670B877D24A480419F30A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Jodie\AppData\Roaming\XOU.xBAD"
sh=215CF0D25148C33662A3466AAA4960261CC43011 ft=1 fh=22dcb669279b91fb vn="a variant of Win32/Adware.ConvertAd.DN application" ac=I fn="C:\FRST\Quarantine\C\Users\Jodie\AppData\Roaming\30464336-1427457973-3930-4233-4633FFFFFFFF\nsy17CD.tmpfs"
sh=0DFC08029E9909AA7478883FBC4D12CCCDB76C41 ft=1 fh=a92bab62982ed354 vn="a variant of Win32/Komodia.A potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Windows\SysWOW64\VCL.dll.xBAD"
sh=5DABF15B3F0D7B27C84B0D25DB9B9F7E8772E8BF ft=1 fh=6668989ed7821281 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.64\OptimizerPro.exe"
sh=0543204D091031A4820117587DF020CE87158006 ft=1 fh=6aedf8e4160327ee vn="a variant of Win32/SProtector.Q potentially unwanted application" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.64\OptProMon.dll"
sh=E252818597FF21298A1A31CB3648BE0F9F6C6009 ft=1 fh=b3258c7bfd052d83 vn="multiple threats" ac=I fn="C:\Program Files (x86)\runonce\user\updater.exe"
sh=B9B7D11D77AA3116BF326FBB757FAFFFB4CF8A84 ft=1 fh=4bda895b2501f8dd vn="Win32/Conduit.SearchProtect.M potentially unwanted application" ac=I fn="C:\temp\launcher.exe"
sh=C65254A28C06232E184A6AA4A30EC7F5D110CA8D ft=1 fh=b007b2a8355eae3e vn="Win32/Conduit.SearchProtect.M potentially unwanted application" ac=I fn="C:\temp\white.exe"
sh=DAC573D8A6075DAEFD91893DA9FCDB6CF030DBF8 ft=1 fh=f875e1f237fdd107 vn="a variant of Win32/ReImageRepair.E potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\eFixProPackage.exe"
sh=8413B3695D086D4AC31F9AA1946D933C079FD9E1 ft=1 fh=55e873358677f25a vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\ICReinstall_nse12FB.tmp"
sh=7C1DB1C13B929006C49CD641764AA16B2CB9039E ft=1 fh=f96c2d971cbb1684 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\ICReinstall_nsiE325.tmp"
sh=D54500FBA4AE18C6FF56C3CA837BFAA4393D6CEE ft=1 fh=b0721042e5e2391f vn="a variant of Win32/InstallCore.PO potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\ICReinstall_nsm9189.tmp"
sh=FE0008DB0AC43C030C11C11AAEB33DDA7E7FE7C2 ft=1 fh=6f9e64c1d80892d2 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\ICReinstall_nsn9C94.tmp"
sh=8413B3695D086D4AC31F9AA1946D933C079FD9E1 ft=1 fh=55e873358677f25a vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\nse12FB.tmp"
sh=7C1DB1C13B929006C49CD641764AA16B2CB9039E ft=1 fh=f96c2d971cbb1684 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\nsiE325.tmp"
sh=B2132AC0ACD1FB1FA5325D24B3AF3E91A65939C6 ft=1 fh=0addd366d67dd2d8 vn="a variant of Win32/InstallMonetizer.BC potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\nsm6C84.tmp"
sh=B2132AC0ACD1FB1FA5325D24B3AF3E91A65939C6 ft=1 fh=0addd366d67dd2d8 vn="a variant of Win32/InstallMonetizer.BC potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\nsm8052.tmp"
sh=D54500FBA4AE18C6FF56C3CA837BFAA4393D6CEE ft=1 fh=b0721042e5e2391f vn="a variant of Win32/InstallCore.PO potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\nsm9189.tmp"
sh=FE0008DB0AC43C030C11C11AAEB33DDA7E7FE7C2 ft=1 fh=6f9e64c1d80892d2 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\nsn9C94.tmp"
sh=4495024B25F21088902FBD82FC915E621187FE85 ft=1 fh=cc5f08593bdd79bc vn="MSIL/MyPCBackup.D potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\OnlineBackup.exe"
sh=57B732F7952A5432C2C6FDD3BEDE51384583A477 ft=1 fh=a49323fcb114d3f7 vn="multiple threats" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\optsetup.exe"
sh=5CBE6CF1CDE5C7A24C3349A77AFB05257E7EDCCC ft=1 fh=ba43d6afb647b910 vn="a variant of Win32/InstallMonetizer.BC potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\nsm9BB3.tmp\nsWeb_DispOffr.dll"
sh=5CBE6CF1CDE5C7A24C3349A77AFB05257E7EDCCC ft=1 fh=ba43d6afb647b910 vn="a variant of Win32/InstallMonetizer.BC potentially unwanted application" ac=I fn="C:\Users\Jodie\AppData\Local\Temp\nsxAAE0.tmp\nsWeb_DispOffr.dll"
sh=FA7A2AB287D083EA020620E4ABD539170F6E9D38 ft=1 fh=32fcbde1df471458 vn="a variant of Win32/Adware.ConvertAd.DO application" ac=I fn="D:\Temp Internet Files\Temporary Internet Files\Content.IE5\03GGKVMF\Update_Notifier[1].exe"
sh=B16AB729480DBC2074D21EA603D7AC9B8856A30C ft=1 fh=b7aa74449a396097 vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="D:\Temp Internet Files\Temporary Internet Files\Content.IE5\842731FS\setup[1].exe"
sh=2473FF856732271D98C837EFD3EC5435E4BB6F56 ft=1 fh=4ed06c5e2e307ddb vn="multiple threats" ac=I fn="D:\Temp Internet Files\Temporary Internet Files\Content.IE5\VK01717R\quickref-setup-1.10.0.9[1].exe"
sh=09737D2395AC1B238DF2C801D0EB786EC082D56D ft=1 fh=1c4a9958d65de32e vn="a variant of MSIL/Adware.Imali.A application" ac=I fn="D:\Temp Internet Files\Temporary Internet Files\Content.IE5\ZB6M61ZJ\OfferInstaller[2].exe"
sh=01B394BFD78AC1A88EF00B03878680F68FDD5291 ft=1 fh=80aefb8aa3c56326 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="D:\Temp Internet Files\Temporary Internet Files\Content.IE5\ZB6M61ZJ\OrbiterInstaller[1].exe"
sh=ED3463A7DB95D4B0A40B18FF7D4C3A198AFE9C87 ft=1 fh=b73262d5706d13f5 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="D:\Temp Internet Files\Temporary Internet Files\Content.IE5\ZB6M61ZJ\Stub[1].exe"
sh=215CF0D25148C33662A3466AAA4960261CC43011 ft=1 fh=22dcb669279b91fb vn="a variant of Win32/Adware.ConvertAd.DN application" ac=I fn="D:\Temp Internet Files\Temporary Internet Files\Content.IE5\ZB6M61ZJ\VOsrv[1].exe"

 

It seems like the computer is running much better now.  :)
 



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:26 AM

Posted 30 March 2015 - 05:58 AM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    C:\Program Files (x86)\Optimizer Pro 3.64
    C:\Program Files (x86)\runonce\
    C:\temp\launcher.exe
    C:\temp\white.exe
    D:\Temp Internet Files\
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S2 3a37b93a; c:\Program Files (x86)\Optimizer Pro 3.64\OptProMon.dll [2292264 2015-03-28] ()
    2015-03-28 11:07 - 2015-03-28 13:27 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\Compete
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
Are there any malware related issues left?

Edited by deeprybka, 30 March 2015 - 06:00 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users