Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Googleadservices.com pop-ups


  • This topic is locked This topic is locked
8 replies to this topic

#1 techlec2000

techlec2000

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 17 April 2015 - 12:34 PM

Hi there, This is a fairly new win7 desktop, and just lately (since around the 10th April) I've seen Googleadservices.com pop-ups, I've also SalePlus ads and a box that popped up with boxbestwebscan.in. The latter 2 seem less prevalent following countless scans. The thing that most makes me think something is wrong is the hard drive is constantly chirping away and the pc is much slower to start. I've tried the usual free malware scanners ie comodo, adw-cleaner, spybot, ad-aware, trend micro house call, malwarebytes, hitman pro, you get the picture. I even bought Spyhunter to try to solve this issue, all fail to sort the problem. Below are the Farbar logs. Thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by dell (administrator) on DELL-PC on 17-04-2015 18:13:02
Running from C:\Users\dell\Downloads
Loaded Profiles: dell & Nathan and Hannah (Available profiles: dell & Nathan and Hannah)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Spotify Ltd) C:\Users\dell\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-808113960-3803862915-48894236-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-808113960-3803862915-48894236-1000\...\MountPoints2: {02374ed7-ae2a-11e4-ab28-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-21-808113960-3803862915-48894236-1003\...\Run: [GoogleChromeAutoLaunch_E68447E7A85BC43DCDD849D6B88580D0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/?fr=hp-avast&type=agc511
HKU\S-1-5-21-808113960-3803862915-48894236-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com/?fr=hp-avast&type=agc511
HKU\S-1-5-21-808113960-3803862915-48894236-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-808113960-3803862915-48894236-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
URLSearchHook: [S-1-5-21-808113960-3803862915-48894236-1003_classes] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-808113960-3803862915-48894236-1003 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
SearchScopes: HKU\S-1-5-21-808113960-3803862915-48894236-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-20] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-22] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-22] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-808113960-3803862915-48894236-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-02-10]
FF HKU\S-1-5-21-808113960-3803862915-48894236-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2015-02-12] (IBM Corp.)
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-04-15] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-04-15] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-15] ()
S3 GKUPRO2D; C:\Windows\System32\DRIVERS\GKUPRO2D.sys [120320 2012-11-05] (Gemalto)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-04-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [844440 2015-02-26] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2015-02-12] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2015-02-12] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2015-02-12] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-17 18:13 - 2015-04-17 18:13 - 00016385 _____ () C:\Users\dell\Downloads\FRST.txt
2015-04-17 18:12 - 2015-04-17 18:13 - 00000000 ____D () C:\FRST
2015-04-17 18:11 - 2015-04-17 18:11 - 02097664 _____ (Farbar) C:\Users\dell\Downloads\FRST64.exe
2015-04-17 17:31 - 2015-04-17 17:31 - 00000000 ____D () C:\Users\dell\AppData\Roaming\SUPERAntiSpyware.com
2015-04-17 17:30 - 2015-04-17 17:56 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-17 17:30 - 2015-04-17 17:30 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-17 17:30 - 2015-04-17 17:30 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-17 17:30 - 2015-04-17 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-16 22:09 - 2015-04-16 22:09 - 00007605 _____ () C:\Users\dell\AppData\Local\Resmon.ResmonCfg
2015-04-16 07:33 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 07:33 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 07:33 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 07:33 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 07:33 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 07:33 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 07:33 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 07:33 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 07:33 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 07:33 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 07:33 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 07:33 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-16 07:33 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-16 07:33 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-16 07:33 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-16 07:33 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-16 07:33 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 07:33 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 07:33 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 07:33 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 07:33 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 07:33 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-16 07:33 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 07:33 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 07:33 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 07:33 - 2015-03-17 06:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 07:33 - 2015-03-17 06:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 07:33 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 07:33 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 07:33 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 07:33 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 07:33 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 07:33 - 2015-03-17 06:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 07:33 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 07:33 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-16 07:33 - 2015-03-17 06:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 07:33 - 2015-03-17 06:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 07:33 - 2015-03-17 06:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 07:33 - 2015-03-17 06:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 07:33 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 07:33 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 07:33 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-16 07:33 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-16 07:33 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-16 07:33 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-16 07:33 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-16 07:33 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-16 07:33 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-16 07:33 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-16 07:33 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 07:33 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-16 07:33 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-16 07:33 - 2015-03-17 05:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-16 07:33 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-16 07:33 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 07:33 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-16 07:33 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 07:33 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-16 07:33 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 07:33 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 07:33 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 07:33 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 07:33 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 07:33 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-16 07:33 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 07:33 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-16 07:33 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 07:33 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 07:32 - 2015-04-02 01:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 07:32 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-16 07:32 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 07:32 - 2015-03-13 05:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 07:32 - 2015-03-13 05:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-16 07:32 - 2015-03-13 05:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 07:32 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 07:32 - 2015-03-13 05:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 07:32 - 2015-03-13 05:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-16 07:32 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 07:32 - 2015-03-13 05:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-16 07:32 - 2015-03-13 05:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 07:32 - 2015-03-13 04:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 07:32 - 2015-03-13 04:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 07:32 - 2015-03-13 04:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-16 07:32 - 2015-03-13 04:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-16 07:32 - 2015-03-13 04:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-16 07:32 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 07:32 - 2015-03-13 04:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-16 07:32 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 07:32 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-16 07:32 - 2015-03-13 04:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 07:32 - 2015-03-13 04:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-16 07:32 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 07:32 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-16 07:32 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-16 07:32 - 2015-03-13 04:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 07:32 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-16 07:32 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 07:32 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-16 07:32 - 2015-03-13 04:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 07:32 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 07:32 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-16 07:32 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-16 07:32 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-16 07:32 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-16 07:32 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-16 07:32 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 07:32 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 07:32 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-16 07:32 - 2015-03-13 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 07:32 - 2015-03-13 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-16 07:32 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-16 07:32 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 07:32 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-16 07:32 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-16 07:32 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-16 07:32 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 07:32 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 07:32 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 07:32 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-16 07:32 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-16 07:32 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 07:32 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 07:32 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 07:32 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 07:32 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 07:32 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-16 07:32 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 07:31 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 07:31 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 07:31 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 22:39 - 2015-04-15 22:39 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\dell\Downloads\SpyHunter-Installer (1).exe
2015-04-15 20:08 - 2015-04-17 18:03 - 00003322 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-04-15 20:08 - 2015-04-15 20:08 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Enigma Software Group
2015-04-15 20:07 - 2015-04-15 20:08 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-04-15 20:07 - 2015-04-15 20:07 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-04-15 20:07 - 2015-04-15 20:07 - 00001087 _____ () C:\Users\dell\Desktop\SpyHunter.lnk
2015-04-15 20:07 - 2015-04-15 20:07 - 00000000 ____D () C:\sh4ldr
2015-04-15 20:07 - 2015-04-15 20:07 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-15 20:06 - 2015-04-15 20:06 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\dell\Downloads\SpyHunter-Installer.exe
2015-04-15 16:37 - 2015-04-15 16:37 - 00000000 ____D () C:\Users\dell\AppData\Local\openvr
2015-04-15 07:59 - 2015-04-15 07:59 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Origin
2015-04-15 07:58 - 2015-04-15 07:59 - 00000000 ____D () C:\Users\dell\AppData\Local\Origin
2015-04-14 18:26 - 2015-04-14 18:26 - 00007747 _____ () C:\Users\dell\Downloads\Statements09013446686786 (15).qif
2015-04-14 18:24 - 2015-04-14 18:24 - 00007747 _____ () C:\Users\dell\Downloads\Statements09013446686786 (14).qif
2015-04-14 18:24 - 2015-04-14 18:24 - 00007747 _____ () C:\Users\dell\Downloads\Statements09013446686786 (13).qif
2015-04-14 14:38 - 2015-04-14 14:38 - 03594900 _____ () C:\Users\dell\Documents\SagePay.Stageworks Studio.0115.001
2015-04-14 11:14 - 2015-04-14 11:14 - 03601784 _____ () C:\Users\dell\Documents\SagePay.Stageworks Studio.5314.001
2015-04-13 19:31 - 2015-04-16 22:01 - 00000000 ____D () C:\Users\dell\Documents\Cathy's
2015-04-12 17:49 - 2015-04-17 18:04 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-12 09:21 - 2015-04-12 09:21 - 00000000 _____ () C:\autoexec.bat
2015-04-12 08:58 - 2015-04-12 08:58 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-04-12 08:55 - 2015-04-12 08:55 - 00001260 _____ () C:\Windows\system32\.crusader
2015-04-12 08:43 - 2015-04-12 08:57 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-12 08:32 - 2015-04-12 11:31 - 00008796 _____ () C:\Windows\PFRO.log
2015-04-12 08:27 - 2015-04-12 08:27 - 00000085 _____ () C:\Windows\wininit.ini
2015-04-12 08:25 - 2015-04-12 11:36 - 00003292 _____ () C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2015-04-12 07:39 - 2015-04-12 07:39 - 00308732 _____ () C:\Users\dell\AppData\Local\census.cache
2015-04-12 07:38 - 2015-04-12 07:38 - 00122770 _____ () C:\Users\dell\AppData\Local\ars.cache
2015-04-12 06:58 - 2015-04-12 06:58 - 00000036 _____ () C:\Users\dell\AppData\Local\housecall.guid.cache
2015-04-12 05:56 - 2015-04-17 17:57 - 01704142 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 05:53 - 2015-04-17 17:55 - 00001848 _____ () C:\Windows\setupact.log
2015-04-12 05:53 - 2015-04-12 05:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-12 05:51 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150412-055143.backup
2015-04-11 23:34 - 2015-04-11 23:34 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-11 23:33 - 2015-04-12 08:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-11 23:28 - 2015-04-12 08:30 - 00000000 ____D () C:\Users\dell\AppData\Roaming\LavasoftStatistics
2015-04-11 22:38 - 2015-04-11 22:38 - 41840320 _____ (Microsoft Corporation) C:\Users\dell\Downloads\Windows-KB890830-x64-V5.22.exe
2015-04-11 22:07 - 2015-04-11 22:09 - 167661336 _____ (Microsoft Corporation) C:\Users\dell\Downloads\msert (1).exe
2015-04-11 22:06 - 2015-04-11 22:06 - 12582912 _____ () C:\Users\dell\Downloads\msert.exe
2015-04-11 22:06 - 2015-04-11 22:06 - 00000000 _____ () C:\Users\dell\Downloads\B3B4.tmp
2015-04-11 16:38 - 2015-04-11 16:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-11 14:49 - 2015-04-11 14:49 - 00000000 ____D () C:\Users\dell\AppData\Local\Comodo
2015-04-11 14:34 - 2015-04-12 08:37 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-11 14:32 - 2015-04-11 14:33 - 214041880 _____ (COMODO) C:\Users\dell\Downloads\cav_installer_5951_60.exe
2015-04-11 13:33 - 2015-04-17 17:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 13:33 - 2015-04-11 13:33 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-11 13:33 - 2015-04-11 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-11 13:32 - 2015-04-11 13:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 13:32 - 2015-04-11 13:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-11 13:32 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 13:32 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 13:32 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 13:31 - 2015-04-11 13:31 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\dell\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-11 13:03 - 2015-04-11 13:06 - 784885528 _____ () C:\Users\Nathan and Hannah\Downloads\Super_Mario_Sunshine_USA_NGC-SAVEPOINT.rar
2015-04-10 22:12 - 2015-04-10 22:13 - 317972203 _____ () C:\Users\Nathan and Hannah\Downloads\mkdd-sc.7z
2015-04-10 22:12 - 2015-04-10 22:12 - 00000000 ____D () C:\Users\Nathan and Hannah\AppData\Roaming\WinRAR
2015-04-10 22:11 - 2015-04-10 22:12 - 01941744 _____ () C:\Users\Nathan and Hannah\Downloads\winrar-x64-521 (2).exe
2015-04-10 22:11 - 2015-04-10 22:11 - 00000000 ____D () C:\Users\Nathan and Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-10 22:11 - 2015-04-10 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-10 22:11 - 2015-04-10 22:11 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-10 22:10 - 2015-04-10 22:10 - 01941744 _____ () C:\Users\Nathan and Hannah\Downloads\winrar-x64-521 (1).exe
2015-04-10 22:06 - 2015-04-10 22:07 - 134089941 _____ () C:\Users\Nathan and Hannah\Downloads\The Sims 1 - (Www.ApunKaGames.Net).rar
2015-04-10 21:50 - 2015-04-10 21:50 - 00005381 _____ () C:\Users\Nathan and Hannah\Downloads\s3-makdd.nfo
2015-04-10 21:35 - 2015-04-10 21:57 - 00000000 ____D () C:\Users\Nathan and Hannah\Desktop\GameCube
2015-04-10 13:56 - 2014-11-29 22:59 - 1367671492 _____ () C:\Users\Nathan and Hannah\Documents\Mario Kart - Double Dash!!.exe
2015-04-10 13:46 - 2015-04-11 14:02 - 00000000 ____D () C:\Program Files (x86)\SystemPatch
2015-04-10 13:45 - 2015-04-11 14:01 - 00000000 ____D () C:\Program Files (x86)\TabInfoCopy
2015-04-10 13:44 - 2015-04-10 13:44 - 00000000 ____D () C:\ProgramData\9444290396432377151
2015-04-10 13:41 - 2015-04-11 14:01 - 00000000 ____D () C:\ProgramData\{48265dac-618d-55df-4826-65dac61876b1}
2015-04-10 13:29 - 2015-04-10 13:29 - 00000000 ____D () C:\Users\Nathan and Hannah\Documents\Sys
2015-04-10 13:29 - 2015-04-10 13:29 - 00000000 ____D () C:\Users\Nathan and Hannah\Documents\Languages
2015-04-10 13:29 - 2013-09-23 19:20 - 00806912 _____ () C:\Users\Nathan and Hannah\Documents\DSPTool.exe
2015-04-10 13:29 - 2013-09-22 19:28 - 00057168 _____ (Microsoft Corporation) C:\Users\Nathan and Hannah\Documents\vcomp100.dll
2015-04-10 13:29 - 2013-09-20 00:01 - 00417320 _____ () C:\Users\Nathan and Hannah\Documents\OpenAL32.dll
2015-04-10 13:29 - 2013-01-04 14:09 - 00000451 _____ () C:\Users\Nathan and Hannah\Documents\cpack_package_description.txt
2015-04-10 13:29 - 2011-09-28 23:53 - 00397824 _____ () C:\Users\Nathan and Hannah\Documents\SDL.dll
2015-04-10 13:29 - 2011-09-28 23:53 - 00018326 _____ () C:\Users\Nathan and Hannah\Documents\license.txt
2015-04-10 13:20 - 2015-04-10 22:18 - 00000000 ____D () C:\Users\Nathan and Hannah\Documents\Dolphin Emulator
2015-04-10 13:20 - 2013-09-23 19:20 - 00806912 _____ () C:\Users\Nathan and Hannah\Downloads\DSPTool.exe
2015-04-10 13:20 - 2013-09-23 19:20 - 00000000 ____D () C:\Users\Nathan and Hannah\Downloads\Languages
2015-04-10 13:20 - 2013-09-22 19:28 - 00057168 _____ (Microsoft Corporation) C:\Users\Nathan and Hannah\Downloads\vcomp100.dll
2015-04-10 13:20 - 2013-09-20 00:01 - 00417320 _____ () C:\Users\Nathan and Hannah\Downloads\OpenAL32.dll
2015-04-10 13:20 - 2011-09-28 23:53 - 00397824 _____ () C:\Users\Nathan and Hannah\Downloads\SDL.dll
2015-04-10 13:19 - 2013-09-23 19:20 - 00000000 ____D () C:\Users\Nathan and Hannah\Downloads\Sys
2015-04-10 13:19 - 2013-01-04 14:09 - 00000451 _____ () C:\Users\Nathan and Hannah\Downloads\cpack_package_description.txt
2015-04-10 13:19 - 2011-09-28 23:53 - 00018326 _____ () C:\Users\Nathan and Hannah\Downloads\license.txt
2015-04-10 13:14 - 2015-04-10 13:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-10 13:14 - 2015-04-10 13:14 - 00292184 _____ (Microsoft Corporation) C:\Users\Nathan and Hannah\Downloads\dxwebsetup.exe
2015-04-10 13:14 - 2015-04-10 13:14 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-04-10 13:13 - 2015-04-10 13:13 - 04463952 _____ (Igor Pavlov) C:\Users\Nathan and Hannah\Downloads\dolphin-4.0-win64.exe
2015-04-10 07:28 - 2015-04-10 07:28 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2015-04-10 07:28 - 2015-04-10 07:28 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 07:28 - 2015-04-10 07:28 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2015-04-10 07:28 - 2015-04-10 07:28 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 07:27 - 2015-04-10 07:27 - 00001890 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-04-10 07:27 - 2015-04-10 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-07 21:37 - 2015-04-07 21:37 - 00000000 ____D () C:\Users\dell\AppData\Local\Sage_(UK)_Limited
2015-04-05 03:03 - 2015-04-05 03:04 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 03:03 - 2015-04-05 03:03 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-03 18:20 - 2015-04-03 18:20 - 10096977 _____ () C:\Users\dell\Downloads\premium-bonds-winning-bond-numbers-04-2015.zip
2015-03-28 16:45 - 2015-03-28 16:46 - 00000000 ____D () C:\Users\dell\AppData\Local\Garmin_Ltd._or_its_subsid
2015-03-28 16:45 - 2015-03-28 16:45 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Garmin
2015-03-28 16:45 - 2015-03-28 16:45 - 00000000 ____D () C:\ProgramData\Garmin
2015-03-28 16:45 - 2015-03-28 16:45 - 00000000 ____D () C:\Program Files\DIFX
2015-03-28 16:44 - 2015-04-10 18:55 - 00003558 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-03-28 16:44 - 2015-04-10 07:29 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-28 16:44 - 2015-04-10 07:28 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-03-28 16:43 - 2015-03-28 16:43 - 40365296 _____ (Garmin Ltd or its subsidiaries) C:\Users\dell\Downloads\GarminExpress (1).exe
2015-03-28 16:42 - 2015-03-28 16:43 - 40365296 _____ (Garmin Ltd or its subsidiaries) C:\Users\dell\Downloads\GarminExpress.exe
2015-03-27 21:03 - 2015-03-27 21:03 - 00000060 _____ () C:\Windows\Payroll.ini
2015-03-27 20:49 - 2015-04-07 20:47 - 00000000 ____D () C:\Users\dell\AppData\Local\Sage
2015-03-27 20:44 - 2015-03-27 21:03 - 00000209 _____ () C:\Windows\ODBCINST.INI
2015-03-27 20:44 - 2015-03-27 21:03 - 00000136 _____ () C:\Windows\ODBC.INI
2015-03-27 20:44 - 2015-03-27 20:44 - 00001920 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage 50 Payroll.lnk
2015-03-27 20:44 - 2015-03-27 20:44 - 00001908 _____ () C:\Users\Public\Desktop\Sage 50 Payroll.lnk
2015-03-27 20:44 - 2015-03-27 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Tools
2015-03-27 20:44 - 2015-03-27 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage 50 Payroll
2015-03-27 20:44 - 2015-03-27 20:44 - 00000000 ____D () C:\Program Files\Common Files\Sage SBD
2015-03-27 20:43 - 2015-02-19 10:32 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2015-03-27 20:43 - 2015-02-19 10:32 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSOAP1.dll
2015-03-27 20:43 - 2015-02-19 10:32 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2015-03-27 20:43 - 2015-02-19 10:32 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HLSC10.dll
2015-03-27 20:43 - 2015-02-19 10:32 - 00094208 _____ (Microsoft) C:\Windows\SysWOW64\MSSMO.dll
2015-03-27 20:43 - 2015-02-19 10:32 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTKPRP.DLL
2015-03-27 20:43 - 2015-02-19 10:32 - 00040960 _____ (Sage (UK) Ltd) C:\Windows\SysWOW64\EDllChecker.dll
2015-03-27 20:43 - 2015-02-19 10:32 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SOAPISAP.dll
2015-03-27 20:43 - 2015-02-19 10:32 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WiSC10.dll
2015-03-27 20:43 - 2015-02-19 10:32 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSOAPR.dll
2015-03-27 20:43 - 2015-02-19 10:32 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XHSC10.dll
2015-03-27 20:43 - 2014-03-19 12:35 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2015-03-27 20:42 - 2015-02-19 11:00 - 02796032 _____ () C:\Windows\Payroll for Windows.msi
2015-03-27 20:42 - 2015-02-19 10:32 - 04165632 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\SysWOW64\cdintf.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 01806336 _____ (TAS Software plc) C:\Windows\SysWOW64\tas_sdk.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 01724416 _____ () C:\Windows\SysWOW64\SGRep32.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 01691648 _____ (TAS Software plc) C:\Windows\SysWOW64\TAS_SDK2.DLL
2015-03-27 20:42 - 2015-02-19 10:32 - 01092096 _____ (AMYUNI Technologies http://www.amyuni.com) C:\Windows\SysWOW64\acfpdfuia64.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00921600 _____ (AMYUNI Technologies http://www.amyuni.com) C:\Windows\SysWOW64\acfpdfuamd64.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00727715 _____ (AMYUNI Technologies http://www.amyuni.com) C:\Windows\SysWOW64\acfpdfu.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00509084 _____ (AMYUNI Technologies http://www.amyuni.com) C:\Windows\SysWOW64\acfpdf.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00438272 _____ (The Sage Group plc) C:\Windows\SysWOW64\SdoEng70.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00434688 _____ (AMYUNI Technologies http://www.amyuni.com) C:\Windows\SysWOW64\acfpdfuiamd64.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00411797 _____ (AMYUNI Technologies http://www.amyuni.com) C:\Windows\SysWOW64\acfpdfui.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00345088 _____ (AMYUNI Technologies http://www.amyuni.com) C:\Windows\SysWOW64\acfpdfuiia64.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00344064 _____ (The Sage Group plc) C:\Windows\SysWOW64\SdoEng60.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00342016 _____ (The Sage Group plc) C:\Windows\SysWOW64\SVNCOM32.DLL
2015-03-27 20:42 - 2015-02-19 10:32 - 00334640 _____ (AMYUNI Technologies http://www.amyuni.com) C:\Windows\SysWOW64\acfpdf.drv
2015-03-27 20:42 - 2015-02-19 10:32 - 00304640 _____ (The Sage Group plc) C:\Windows\SysWOW64\SdoEng50.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00299008 _____ (HDSE Software) C:\Windows\SysWOW64\HDSECompression.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00285492 _____ (AMYUNI Technologies http://www.amyuni.com) C:\Windows\SysWOW64\acfpdfnt.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00233472 _____ () C:\Windows\SysWOW64\SGLch32.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00227840 _____ (The Sage Group plc) C:\Windows\SysWOW64\SdoEng.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00221184 _____ () C:\Windows\SysWOW64\Install.exe
2015-03-27 20:42 - 2015-02-19 10:32 - 00172544 _____ (The Sage Group plc) C:\Windows\SysWOW64\SVNFIL32.DLL
2015-03-27 20:42 - 2015-02-19 10:32 - 00158208 _____ (The Sage Group plc) C:\Windows\SysWOW64\SYSDLL32.DLL
2015-03-27 20:42 - 2015-02-19 10:32 - 00143360 _____ (The Sage Group Plc) C:\Windows\SysWOW64\SGCtrlEx.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00090112 _____ () C:\Windows\SysWOW64\SGDt32.dll
2015-03-27 20:42 - 2015-02-19 10:32 - 00040960 _____ () C:\Windows\SysWOW64\RepDes32.exe
2015-03-27 20:42 - 2015-02-19 10:32 - 00011776 _____ (The Sage Group plc) C:\Windows\SysWOW64\SVNCAT32.DLL
2015-03-27 20:42 - 2015-02-19 10:32 - 00009095 _____ () C:\Windows\SysWOW64\atpdf251.cat
2015-03-27 20:42 - 2015-02-19 10:32 - 00007680 _____ (The Sage Group plc) C:\Windows\SysWOW64\SVNBAR32.DLL
2015-03-27 20:42 - 2015-02-19 10:32 - 00000109 _____ () C:\Windows\SysWOW64\acfpdf.txt
2015-03-27 20:41 - 2015-04-07 21:29 - 00000000 ____D () C:\ProgramData\Sage
2015-03-27 20:41 - 2015-03-27 21:03 - 00000000 ____D () C:\Program Files (x86)\Sage Payroll
2015-03-27 20:41 - 2015-02-19 10:32 - 00407312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl35.dll
2015-03-27 20:41 - 2015-02-19 10:32 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbar332.dll
2015-03-27 20:41 - 2015-02-19 10:32 - 00123664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSJINT35.DLL
2015-03-27 20:41 - 2015-02-19 10:32 - 00032256 _____ () C:\Windows\SysWOW64\_RegTLB.dll
2015-03-27 20:41 - 2015-02-19 10:32 - 00024848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter35.dll
2015-03-25 21:26 - 2015-03-25 21:26 - 00007216 _____ () C:\Users\dell\Downloads\Statements09013446686786 (12).qif
2015-03-25 21:24 - 2015-03-25 21:24 - 00007216 _____ () C:\Users\dell\Downloads\Statements09013446686786 (11).qif
2015-03-25 20:12 - 2015-03-25 20:15 - 384512648 _____ (Sage (UK) Limited) C:\Users\dell\Downloads\sg50payrollpye15.exe
2015-03-20 20:17 - 2015-03-20 20:18 - 28728108 _____ () C:\Users\dell\Downloads\vulcandet_0.zip
2015-03-20 19:06 - 2015-03-20 19:06 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Unity
2015-03-20 18:47 - 2015-03-20 18:47 - 01088544 _____ (Unity Technologies ApS) C:\Users\dell\Downloads\UnityWebPlayer.exe
2015-03-20 18:47 - 2015-03-20 18:47 - 00000000 ____D () C:\Users\dell\AppData\Local\Unity
2015-03-18 17:52 - 2015-03-18 17:52 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-18 17:31 - 2015-03-18 17:31 - 00000214 _____ () C:\Users\dell\Desktop\Judge Dredd Dredd vs Death.url
2015-03-18 08:25 - 2015-03-18 08:25 - 00000000 ____D () C:\Users\Nathan and Hannah\AppData\Roaming\HpUpdate
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-17 18:02 - 2009-07-14 05:45 - 00029936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 18:02 - 2009-07-14 05:45 - 00029936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 17:54 - 2015-02-07 16:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-17 17:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-17 07:27 - 2015-02-06 21:30 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-17 07:27 - 2014-06-17 12:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-17 07:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 22:53 - 2015-02-07 11:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 22:51 - 2014-06-17 12:01 - 00901432 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 22:50 - 2009-07-14 06:13 - 00901432 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 22:47 - 2014-05-14 13:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 20:04 - 2014-04-08 15:05 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 22:15 - 2015-02-07 18:50 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Skype
2015-04-15 17:51 - 2015-02-08 11:47 - 00000000 ____D () C:\Users\dell\AppData\Local\Spotify
2015-04-15 17:09 - 2015-02-08 11:47 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Spotify
2015-04-15 16:49 - 2015-02-07 15:26 - 00000000 ____D () C:\Program Files\Steam
2015-04-15 16:39 - 2015-02-07 09:29 - 00000000 ____D () C:\Users\dell\Documents\my games
2015-04-15 08:00 - 2015-02-17 13:09 - 00000000 ____D () C:\ProgramData\Origin
2015-04-14 22:21 - 2015-02-09 07:15 - 04317184 _____ () C:\Users\dell\Documents\My Money.mny
2015-04-14 22:21 - 2014-05-30 17:52 - 00000000 ____D () C:\Users\dell\Documents\Household Finances
2015-04-12 21:01 - 2015-02-07 13:37 - 00030208 ___SH () C:\Users\dell\Documents\Thumbs.db
2015-04-12 19:23 - 2015-02-08 09:20 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-12 19:23 - 2015-02-08 09:19 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-12 10:36 - 2015-02-20 12:08 - 00001629 _____ () C:\Users\Nathan and Hannah\Desktop\Technic Launcher.lnk
2015-04-12 08:07 - 2014-11-16 21:23 - 00000000 ____D () C:\AdwCleaner
2015-04-12 06:05 - 2015-02-10 20:55 - 00000000 ____D () C:\Windows\pss
2015-04-11 14:02 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-04-11 07:32 - 2015-02-16 21:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-10 18:55 - 2015-02-16 21:20 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-10 13:06 - 2015-02-17 13:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-10 13:05 - 2015-02-16 21:15 - 00000000 ____D () C:\Users\Nathan and Hannah\AppData\Local\NVIDIA
2015-04-10 13:04 - 2015-02-28 17:33 - 00000000 ____D () C:\Users\Nathan and Hannah\AppData\Local\NVIDIA Corporation
2015-04-06 09:46 - 2015-02-08 11:47 - 00001799 _____ () C:\Users\dell\Desktop\Spotify.lnk
2015-04-06 09:46 - 2015-02-08 11:47 - 00001785 _____ () C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-01 11:16 - 2014-05-14 13:38 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-28 04:44 - 2015-02-25 09:01 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 04:44 - 2015-02-25 09:01 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 04:43 - 2015-02-25 09:01 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 04:43 - 2015-02-25 09:01 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-27 21:00 - 2014-04-08 14:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-20 20:37 - 2013-12-27 16:38 - 00000000 ____D () C:\Users\dell\Documents\Flight Simulator X Files
2015-03-18 17:31 - 2015-03-07 13:27 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-18 08:25 - 2015-03-10 22:12 - 00000000 ____D () C:\Users\dell\AppData\Roaming\HpUpdate
 
==================== Files in the root of some directories =======
 
2015-04-12 07:38 - 2015-04-12 07:38 - 0122770 _____ () C:\Users\dell\AppData\Local\ars.cache
2015-04-12 07:39 - 2015-04-12 07:39 - 0308732 _____ () C:\Users\dell\AppData\Local\census.cache
2015-04-12 06:58 - 2015-04-12 06:58 - 0000036 _____ () C:\Users\dell\AppData\Local\housecall.guid.cache
2015-04-16 22:09 - 2015-04-16 22:09 - 0007605 _____ () C:\Users\dell\AppData\Local\Resmon.ResmonCfg
2015-02-10 20:26 - 2015-02-10 20:50 - 0001262 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\dell\TempWmicBatchFile.bat
 
 
Some content of TEMP:
====================
C:\Users\dell\AppData\Local\Temp\Quarantine.exe
C:\Users\dell\AppData\Local\Temp\RHSetup.exe
C:\Users\dell\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 07:28
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by dell at 2015-04-17 18:14:39
Running from C:\Users\dell\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2570 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
2570_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
2570Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
ACG's IWM Duxford FSX (HKU\S-1-5-21-808113960-3803862915-48894236-1000\...\ ACG's IWM Duxford FSX) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Music (HKU\S-1-5-21-808113960-3803862915-48894236-1000\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avro Lancaster TP464 DB AJJ v6 FSX & P3D (HKLM\...\{8A6DE79C-F7A4-4B2D-9157-9650B3859E8A}) (Version: 1 - Ross McLennan)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.02 - Ubisoft)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
Grow Home (HKLM-x32\...\Steam App 323320) (Version:  - Reflections, a Ubisoft Studio)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Judge Dredd: Dredd vs Death (HKLM-x32\...\Steam App 3710) (Version:  - Rebellion)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Keysticks (HKLM-x32\...\{017E32B0-23A9-40F0-952B-6B12F0702A15}) (Version: 1.8.1 - Keysticks.net)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7916 - Memeo Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62608.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62608.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version:  - Microsoft Game Studios)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-808113960-3803862915-48894236-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Payroll for Windows (x32 Version: 20.01 - Sage (UK) Limited) Hidden
Payroll for Windows (x32 Version: 21.00 - Sage (UK) Limited) Hidden
Play withSIX Windows client (HKU\S-1-5-21-808113960-3803862915-48894236-1003\...\PlaywithSIX) (Version: 1.66.1138.1 - SIX Networks GmbH)
Project Zomboid Demo (HKLM-x32\...\Steam App 264910) (Version:  - Indie Stone Studios)
Rapport (x32 Version: 3.5.1404.75 - Trusteer) Hidden
Sage 50 Payroll (HKLM-x32\...\{8E60F337-79E8-4F5C-9E13-D5BE5FE1C122}) (Version: 21.01 - Sage (UK) Ltd.)
Sage 50 Payroll (HKLM-x32\...\{AD4D9C3A-F361-4122-A386-1FDEE3208CE5}) (Version: 20.01 - Sage (UK) Ltd.)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1548 - Memeo Inc.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7265 - Analog Devices)
Spotify (HKU\S-1-5-21-808113960-3803862915-48894236-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Supreme Commander 2 - Demo (HKLM-x32\...\Steam App 40140) (Version:  - Gas Powered Games)
Surgeon Simulator (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
Sweet MIDI Arpeggiator 32 (remove only) (HKLM-x32\...\Sweet MIDI Arpeggiator 32) (Version:  - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Tenda Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.12.0 - Tenda)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version:  - Black Pants Studio)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.75 - Trusteer)
Unity Web Player (HKU\S-1-5-21-808113960-3803862915-48894236-1000\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.4 - Ubisoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-808113960-3803862915-48894236-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\dell\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-808113960-3803862915-48894236-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\dell\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-808113960-3803862915-48894236-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\dell\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-808113960-3803862915-48894236-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\dell\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-808113960-3803862915-48894236-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\dell\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
15-04-2015 07:46:25 Scheduled Checkpoint
15-04-2015 16:28:05 Windows Update
15-04-2015 22:56:25 Installed RegHunter
16-04-2015 22:33:07 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-04-12 05:51 - 00450771 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {019974B3-1807-47D4-A682-27198C10B8B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-08] (Google Inc.)
Task: {01EA64F2-D42E-49B1-B0DD-F8CC4FA7872A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {16044163-5646-4A6B-84DF-29EADBF195C2} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis2931.exe <==== ATTENTION
Task: {23D82941-0903-43EB-B91E-07CA55114253} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-22] (Adobe Systems Incorporated)
Task: {2F0EB8A3-E11F-4011-AE1A-A7BDD90C8CE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-08] (Google Inc.)
Task: {46BD4ED7-5AB4-468C-A451-7AD7B78E6D92} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {53FDFFC2-E4A5-444F-A765-1AEEEAA73063} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5768425A-370B-4F48-93B8-0B09820DE069} - System32\Tasks\dell DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
Task: {57DF6D7A-F68A-48FF-BC90-06081A83BC1A} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-04-15] (Enigma Software Group USA, LLC.)
Task: {84C64165-75A4-4565-9CDA-A0A3BE923978} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {8CF1D7C2-E3E2-4045-A62B-84AAD1C492D1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {98A6A47F-9B58-426C-AE6F-527FD9344152} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FEF40CE6-569D-445B-B211-399261BF3D43} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-02-07 16:09 - 2015-02-04 03:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2015-04-10 13:09 - 2015-03-28 04:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-16 20:04 - 2015-04-13 22:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 20:04 - 2015-04-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\dell\Downloads\B3B4.tmp:$CmdTcID
AlternateDataStreams: C:\Users\dell\Downloads\msert (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\dell\Downloads\msert.exe:$CmdTcID
AlternateDataStreams: C:\Users\dell\Downloads\msert.exe:$CmdZnID
AlternateDataStreams: C:\Users\dell\Downloads\Windows-KB890830-x64-V5.22.exe:$CmdTcID
AlternateDataStreams: C:\Users\dell\Downloads\Windows-KB890830-x64-V5.22.exe:$CmdZnID
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
Regards
 
 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 21 April 2015 - 09:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-808113960-3803862915-48894236-1003_classes] ATTENTION ==> Default URLSearchHook is missing.
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
Task: {16044163-5646-4A6B-84DF-29EADBF195C2} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis2931.exe <==== ATTENTION
C:\ProgramData\cis2931.exe
AlternateDataStreams: C:\Users\dell\Downloads\B3B4.tmp:$CmdTcID
AlternateDataStreams: C:\Users\dell\Downloads\msert (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\dell\Downloads\msert.exe:$CmdTcID
AlternateDataStreams: C:\Users\dell\Downloads\msert.exe:$CmdZnID
AlternateDataStreams: C:\Users\dell\Downloads\Windows-KB890830-x64-V5.22.exe:$CmdTcID
AlternateDataStreams: C:\Users\dell\Downloads\Windows-KB890830-x64-V5.22.exe:$CmdZnID

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Chrome was compromised.
Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Reinstall Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now?

#3 techlec2000

techlec2000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 21 April 2015 - 12:49 PM

hi nasdaq,

 

I've carried out the steps listed - logs below

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by dell at 2015-04-21 17:41:18 Run:1
Running from C:\Users\dell\Downloads
Loaded Profiles: dell (Available profiles: dell & Nathan and Hannah)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-808113960-3803862915-48894236-1003_classes] ATTENTION ==> Default URLSearchHook is missing.
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
Task: {16044163-5646-4A6B-84DF-29EADBF195C2} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis2931.exe <==== ATTENTION
C:\ProgramData\cis2931.exe
AlternateDataStreams: C:\Users\dell\Downloads\B3B4.tmp:$CmdTcID
AlternateDataStreams: C:\Users\dell\Downloads\msert (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\dell\Downloads\msert.exe:$CmdTcID
AlternateDataStreams: C:\Users\dell\Downloads\msert.exe:$CmdZnID
AlternateDataStreams:
C:\Users\dell\Downloads\Windows-KB890830-x64-V5.22.exe:$CmdTcID
AlternateDataStreams: C:\Users\dell\Downloads\Windows-KB890830-x64-V5.22.exe:$CmdZnID
 
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Error setting Default URLSearchHook.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
MSICDSetup => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16044163-5646-4A6B-84DF-29EADBF195C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16044163-5646-4A6B-84DF-29EADBF195C2}" => Key deleted successfully.
C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}" => Key deleted successfully.
"C:\ProgramData\cis2931.exe" => File/Directory not found.
C:\Users\dell\Downloads\B3B4.tmp => ":$CmdTcID" ADS removed successfully.
C:\Users\dell\Downloads\msert (1).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\dell\Downloads\msert.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\dell\Downloads\msert.exe => ":$CmdZnID" ADS removed successfully.
AlternateDataStreams: => Error: No automatic fix found for this entry.
Could not move "C:\Users\dell\Downloads\Windows-KB890830-x64-V5.22.exe:$CmdTcID" => Scheduled to move on reboot.
C:\Users\dell\Downloads\Windows-KB890830-x64-V5.22.exe => ":$CmdZnID" ADS removed successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-21 17:45:34)<=
 
"C:\Users\dell\Downloads\Windows-KB890830-x64-V5.22.exe:$CmdTcID" => File could not move.
 
# AdwCleaner v4.201 - Logfile created 21/04/2015 at 17:56:51
# Updated 08/04/2015 by Xplode
# Database : 2015-04-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : dell - DELL-PC
# Running from : C:\Users\dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZI0CDIX\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Nathan and Hannah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [6389 bytes] - [16/11/2014 21:24:10]
AdwCleaner[R1].txt - [1365 bytes] - [21/04/2015 17:50:27]
AdwCleaner[S0].txt - [6545 bytes] - [16/11/2014 21:28:29]
AdwCleaner[S1].txt - [1224 bytes] - [21/04/2015 17:56:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1283  bytes] ##########
 
I removed Chrome and re-installed. Hard drive still seems to be busy though, Not as yet seen any pop-ups but obviously haven't been on much.
 
Thanks
 
techlec2000


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 22 April 2015 - 07:43 AM

There could be some remnant items.
Run this online scan and remove everyting that will be identified.
It may take some time. Do it when you know you will not need the computer for a few hours.

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

#5 techlec2000

techlec2000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 23 April 2015 - 01:12 AM

Here's ESET log

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a8d8cfffb90ba144b46612b54fc7a657
# engine=23513
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-23 12:11:31
# local_time=2015-04-23 01:11:31 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6102330 52728285 0 0
# scanned=249378
# found=15
# cleaned=0
# scan_time=18128
sh=7D54BE264410B1EEE9ABF3671565D28685AC704E ft=1 fh=37aed56c018e24e2 vn="a variant of Win32/Toolbar.Iminent.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Iminent\inst\Bootstrapper\IminentUninstall.exe.vir"
sh=F1CBB8903C73D5C48D10BE47126423CEFE715034 ft=1 fh=4e55fba2bcbacc6c vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\autoi.exe"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\ccsetup413.exe"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\ccsetup414.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\ccsetup416 (1).exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\ccsetup416.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\ccsetup417.exe"
sh=A601D7FA1AC943E7C513C18554B4963A7CC30777 ft=1 fh=24077ef6e95ea586 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\ccsetup419.exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\ccsetup500.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\ccsetup501 (1).exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\ccsetup501.exe"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\ccsetup502.exe"
sh=8CB06BCA312ED2BFA02C7F9344F2717D02ECD931 ft=1 fh=ae24f2cd7ccbd608 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\dell\Documents\Downloads\CheatEngine64.exe"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\dell\Downloads\ccsetup502.exe"
sh=F3B2E76613CEC5B94C66F08F7420B9F0EC7BF4A0 ft=1 fh=c71c0011a9fedbd2 vn="a variant of Win32/Adware.MultiPlug.ER application" ac=I fn="C:\Users\Nathan and Hannah\AppData\Local\Temp\C7B0\temp\eBorg.xyz"
 
Thanks


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 23 April 2015 - 08:17 AM

Run the scan again and remove everything.

How is the computer running?

#7 techlec2000

techlec2000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 24 April 2015 - 01:32 AM

Scanned and cleaned. I've not noticed any pop-ups as yet. Hard drive seems busy at times but not constant. Maybe I'm paranoid. I've noticed when I look in task manager there are several instances of chrome.exe *32 running in processes, is this of any significance? Thanks again.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 24 April 2015 - 10:23 AM

chrome.exe *32 running in processes, is this of any significance?

That's normal. Each extension and plugins runs in it's own process.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 AM

Posted 29 April 2015 - 07:54 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users