Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware files found; getting rid of them


  • This topic is locked This topic is locked
8 replies to this topic

#1 WesNathan

WesNathan

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 21 April 2015 - 07:16 PM

Referred from this topic...Firewall modified by crapware, allows unlimited Internet access.

Started with Adobe Flash Player and the forced acceptance of 5 unwanted programs in order to get Flash to run. Several scans have revealed other malware problems.
 
About a half dozen malware files have been deleted as the result of the various scans. But there are still problems. See text and messages below.
The latest problem to pop up is Malwarebytes...it is continuously placing a small window in the lower right corner of the desktop advising "Databases Out Of Date. Update Now,"
 
Tried to do that but the message keeps coming back.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015 (ATTENTION: ====> FRST version is 15 days old and could be outdated)
Ran by user (administrator) on USER-PC on 05-05-2015 19:55:11
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available profiles: user)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(johnsadventures.com) C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2015-01-28] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll [2009-09-23] (Intel Corporation)
HKU\S-1-5-21-2567902623-2305694563-1768279651-1000\...\Run: [BackgroundSwitcher] => C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [117400 2014-06-25] (johnsadventures.com)
HKU\S-1-5-21-2567902623-2305694563-1768279651-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2567902623-2305694563-1768279651-1000\...\MountPoints2: {55beb34f-ac00-11e4-93ef-806e6f6e6963} - D:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-04-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-04-09]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2567902623-2305694563-1768279651-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dwndlm_15_16&cd=2XzuyEtN2Y1L1QzuzyyEtCtDtA0EyC0AyC0DtBtDtD0AtD0DtN0D0Tzu0StCtBtDtDtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCyBtB0ByEtAyEtGyDtA0AzytG0DyC0FyCtGtDtAzytAtGtA0CzyzytC0A0E0B0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDyC0A0BtDyCtGzyyCtA0EtGyE0EyBtBtG0B0EzytCtGyB0A0BtA0FzytByEyDtD0DtC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBtDtA&cr=1627102564&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2567902623-2305694563-1768279651-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dwndlm_15_16&cd=2XzuyEtN2Y1L1QzuzyyEtCtDtA0EyC0AyC0DtBtDtD0AtD0DtN0D0Tzu0StCtBtDtDtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCyBtB0ByEtAyEtGyDtA0AzytG0DyC0FyCtGtDtAzytAtGtA0CzyzytC0A0E0B0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDyC0A0BtDyCtGzyyCtA0EtGyE0EyBtBtG0B0EzytCtGyB0A0BtA0FzytByEyDtD0DtC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBtDtA&cr=1627102564&ir=
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2015-04-09] (LastPass)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2015-04-09] (LastPass)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\axslsjou.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2015-04-09] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2567902623-2305694563-1768279651-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Extension: LastPass - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\axslsjou.default\Extensions\support@lastpass.com [2015-04-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2015-01-28] (ESET)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-02-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [339456 2009-07-20] (Analog Devices, Inc.) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [176448 2015-01-30] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37928 2015-01-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [51824 2015-01-30] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-05-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [898152 2012-12-19] (Realtek Semiconductor Corporation                           )
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 19:55 - 2015-05-05 19:55 - 00010445 _____ () C:\Users\user\Downloads\FRST.txt
2015-05-05 19:54 - 2015-05-05 19:55 - 00000000 ____D () C:\FRST
2015-05-05 19:52 - 2015-05-05 19:52 - 01139200 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2015-05-05 19:46 - 2015-05-05 19:47 - 00002336 _____ () C:\Users\user\Desktop\Rkill.txt
2015-05-05 11:44 - 2015-05-05 11:44 - 00004286 _____ () C:\Users\user\Documents\uninstall.txt
2015-05-05 11:40 - 2015-05-05 11:40 - 00001308 _____ () C:\Users\user\Documents\startup2.txt
2015-05-05 11:34 - 2015-05-05 11:34 - 00002054 _____ () C:\Users\user\Documents\startup1.txt
2015-05-05 06:39 - 2015-05-05 06:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\ESET
2015-05-05 06:39 - 2015-05-05 06:39 - 00000000 ____D () C:\Users\user\AppData\Local\ESET
2015-05-05 06:37 - 2015-05-05 06:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-05-05 06:37 - 2015-05-05 06:37 - 00000000 ____D () C:\ProgramData\ESET
2015-05-05 06:37 - 2015-05-05 06:37 - 00000000 ____D () C:\Program Files\ESET
2015-05-05 06:25 - 2015-05-05 06:25 - 10783944 _____ (ESET) C:\Users\user\Downloads\avremover_nt32_enu.exe
2015-05-05 06:15 - 2015-05-05 06:15 - 00000956 _____ () C:\Users\user\Desktop\JRT.txt
2015-05-05 06:12 - 2015-05-05 06:12 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Professional-(32-bit).dat
2015-05-05 06:12 - 2015-05-05 06:12 - 00000000 ____D () C:\RegBackup
2015-05-05 06:09 - 2015-05-05 06:09 - 00001864 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2015-05-05 06:05 - 2015-05-05 10:08 - 00000168 _____ () C:\Windows\setupact.log
2015-05-05 06:05 - 2015-05-05 06:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-05 06:04 - 2015-05-05 06:04 - 00000352 _____ () C:\Windows\PFRO.log
2015-05-05 06:01 - 2015-05-05 06:03 - 00000000 ____D () C:\AdwCleaner
2015-05-05 05:59 - 2015-04-21 02:19 - 02217984 _____ () C:\Users\user\Downloads\adwcleaner_4.201.exe
2015-05-05 05:58 - 2015-04-21 02:30 - 01660616 _____ (ESET) C:\Users\user\Downloads\eset_smart_security_live_installer_.exe
2015-05-05 05:58 - 2015-04-21 02:24 - 02685507 _____ (Thisisu) C:\Users\user\Downloads\JRT(2).exe
2015-05-05 04:26 - 2015-05-05 04:26 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-05 04:26 - 2015-05-05 04:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-05 04:25 - 2015-05-05 04:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-05 04:25 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-05 04:25 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-05 04:23 - 2015-05-05 18:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-05-05 04:23 - 2015-05-05 04:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2015-05-05 04:23 - 2015-05-05 04:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-05 04:23 - 2015-05-05 04:25 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-05-05 04:23 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-05 04:21 - 2013-08-11 13:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300(1).exe
2015-05-04 11:43 - 2015-05-04 11:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\LibreOffice
2015-05-04 11:37 - 2015-05-04 11:37 - 00001458 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2015-05-04 11:37 - 2015-05-04 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2015-05-04 11:35 - 2015-05-04 11:37 - 00000000 ____D () C:\Program Files\LibreOffice 4
2015-05-04 06:19 - 2015-05-04 06:19 - 00000000 ____D () C:\Users\user\AppData\Local\Privatefirewall
2015-05-04 06:17 - 2013-09-29 21:24 - 00130568 _____ (Privacyware/PWI, Inc.) C:\Windows\system32\Drivers\pwipf6.sys
2015-05-04 06:16 - 2015-05-04 06:16 - 00000146 _____ () C:\Windows\ODBC.INI
2015-05-04 06:16 - 2015-05-04 06:16 - 00000000 ____D () C:\ProgramData\Privacyware
2015-05-04 06:16 - 2015-05-04 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2015-05-04 06:16 - 2015-05-04 06:16 - 00000000 ____D () C:\Program Files\Privacyware
2015-05-04 06:15 - 2015-04-20 06:14 - 03749640 _____ (PWI, Inc. ) C:\Users\user\Downloads\privatefirewall.exe
2015-05-04 03:44 - 2015-05-04 03:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-04 03:43 - 2015-04-01 11:22 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-03 21:28 - 2015-05-03 21:30 - 00000000 ____D () C:\HOA
2015-05-03 19:59 - 2015-05-03 19:59 - 00016056 _____ () C:\Users\user\Documents\2015 HOA MINUTES.odt
2015-04-17 22:48 - 2015-04-17 22:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-17 22:33 - 2015-04-17 22:33 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-17 16:39 - 2015-04-18 00:39 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-04-17 16:08 - 2015-04-18 05:10 - 00000000 ____D () C:\Program Files\Analog Devices
2015-04-17 16:08 - 2007-11-12 14:27 - 00049152 _____ (Analog Devices Inc.) C:\Windows\system32\DSndUp.exe
2015-04-17 16:06 - 2008-01-16 16:50 - 00031232 _____ (Analog Devices, Inc.) C:\Windows\system32\PostProc.dll
2015-04-17 16:05 - 2015-04-17 16:05 - 00000000 ____D () C:\dell
2015-04-17 16:05 - 2009-07-20 14:39 - 00339456 _____ (Analog Devices, Inc.) C:\Windows\system32\Drivers\ADIHdAud.sys
2015-04-17 11:54 - 2015-04-18 05:04 - 00000000 ____D () C:\Program Files\Real
2015-04-17 11:54 - 2015-04-18 05:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Real
2015-04-17 11:52 - 2015-04-18 05:04 - 00000000 ____D () C:\ProgramData\Real
2015-04-16 18:23 - 2015-04-16 18:23 - 00000410 _____ () C:\Windows\BRWMARK.INI
2015-04-16 18:23 - 2015-04-16 18:23 - 00000034 _____ () C:\Windows\system32\BD2820.DAT
2015-04-16 16:45 - 2015-04-16 16:45 - 00034278 _____ () C:\Users\user\Documents\Tatted Sandals.odt
2015-04-16 05:31 - 2015-04-16 05:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 05:31 - 2015-04-16 05:31 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 19:02 - 2015-05-05 11:39 - 00326144 ___SH () C:\Users\user\Documents\Thumbs.db
2015-04-15 18:05 - 2015-04-15 18:05 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia
2015-04-15 18:00 - 2015-05-04 11:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\0D1T1C2W1P1G0D0L0M
2015-04-15 17:59 - 2015-05-05 03:22 - 00000000 ____D () C:\Program Files\360
2015-04-15 10:10 - 2015-04-15 18:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 10:10 - 2015-04-15 18:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 10:09 - 2015-04-15 10:10 - 17593008 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\install_flash_player_ax.exe
2015-04-15 09:52 - 2015-04-01 16:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 09:52 - 2015-03-22 19:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 09:52 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 09:52 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 09:52 - 2015-03-16 22:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 09:52 - 2015-03-16 22:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 09:52 - 2015-03-16 21:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 09:52 - 2015-03-16 21:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 09:52 - 2015-03-16 21:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 09:52 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 09:52 - 2015-03-16 21:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 09:52 - 2015-03-16 21:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 09:52 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 09:52 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 09:52 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 09:52 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 09:52 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 09:52 - 2015-03-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 09:52 - 2015-03-12 20:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 09:52 - 2015-03-12 20:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 09:52 - 2015-03-12 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 09:52 - 2015-03-12 20:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 09:52 - 2015-03-12 20:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 09:52 - 2015-03-12 20:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 09:52 - 2015-03-12 20:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 09:52 - 2015-03-12 20:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 09:52 - 2015-03-12 20:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 09:52 - 2015-03-12 20:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 09:52 - 2015-03-12 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 09:52 - 2015-03-12 19:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 09:52 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 09:52 - 2015-03-12 19:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 09:52 - 2015-03-12 19:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 09:52 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 09:52 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 09:52 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 09:52 - 2015-03-04 21:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 09:52 - 2015-03-03 21:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 09:52 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:52 - 2015-01-27 16:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 09:51 - 2015-03-24 20:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 09:51 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 09:51 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 09:51 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 09:51 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 09:51 - 2015-03-12 20:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 09:51 - 2015-03-12 20:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 09:51 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 09:51 - 2015-03-12 20:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 09:51 - 2015-03-12 19:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 09:51 - 2015-03-12 19:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 09:51 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 09:51 - 2015-03-12 19:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 09:51 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 09:51 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 09:51 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 09:51 - 2015-02-24 20:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 09:47 - 2015-04-15 09:47 - 00001429 _____ () C:\Users\user\Desktop\UltraFileSearch - Shortcut.lnk
2015-04-15 09:47 - 2015-04-15 09:47 - 00000000 ____D () C:\Users\user\AppData\Roaming\Stegisoft
2015-04-11 13:39 - 2015-04-11 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-11 13:39 - 2015-04-11 13:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-11 13:37 - 2015-04-11 13:37 - 06958304 _____ (Microsoft Corporation) C:\Users\user\Downloads\Silverlight.exe
2015-04-10 22:11 - 2015-05-03 19:43 - 00000000 ____D () C:\Users\user\Documents\Barbs Old Computer files
2015-04-10 21:17 - 2015-04-10 21:17 - 00001066 _____ () C:\Users\user\Desktop\Pictures.lnk
2015-04-10 21:14 - 2015-02-02 17:21 - 00019110 _____ () C:\Users\Public\Documents\Follies WORKSHEET 2015.odt
2015-04-10 21:14 - 2015-01-25 12:18 - 00018166 _____ () C:\Users\Public\Documents\My Sister, My Friend.odt
2015-04-10 20:07 - 2015-05-05 11:34 - 00000000 ____D () C:\Users\user\Documents\Poetry By Barbara
2015-04-10 20:07 - 2015-02-06 20:30 - 00023192 _____ () C:\Users\user\Documents\BARBARA resume 1.3.11.odt
2015-04-10 20:07 - 2015-01-18 13:28 - 00014660 _____ () C:\Users\user\Documents\Mr. Sandman Lyrics.odt
2015-04-10 20:07 - 2015-01-17 12:11 - 00019128 _____ () C:\Users\user\Documents\sister valentine.odt
2015-04-10 20:07 - 2015-01-17 12:07 - 00011084 _____ () C:\Users\user\Documents\Valentine for Friend.odt
2015-04-10 20:07 - 2014-09-05 09:27 - 00017934 _____ () C:\Users\user\Documents\tatted christmas tree.odt
2015-04-10 20:07 - 2014-08-30 07:37 - 00022179 _____ () C:\Users\user\Documents\BARBARA EISENBERG resume new pic.odt
2015-04-10 20:07 - 2014-08-30 07:31 - 00151669 _____ () C:\Users\user\Documents\BARBARA EISENBERG.odt
2015-04-10 20:07 - 2014-06-30 10:37 - 00029288 _____ () C:\Users\user\Documents\Stepping Stones.odt
2015-04-10 20:07 - 2014-05-30 22:20 - 00020481 _____ () C:\Users\user\Documents\Tin Box Community.odt
2015-04-10 20:07 - 2014-05-22 15:14 - 00015872 _____ () C:\Users\user\Documents\Sales & Royalty Report-Apr-22-2014-to-May-22-2014-en_US..xls
2015-04-10 20:07 - 2014-04-28 11:21 - 00014683 _____ () C:\Users\user\Documents\Too Much Chocolate Cake Recipe.odt
2015-04-10 20:07 - 2014-03-03 22:01 - 00019333 _____ () C:\Users\user\Documents\A Small Tribute to Sugar.odt
2015-04-10 20:07 - 2013-12-12 20:21 - 00022646 _____ () C:\Users\user\Documents\White Chocolate Cherry Shortbread Cookies.odt
2015-04-10 20:07 - 2013-12-12 15:29 - 00014797 _____ () C:\Users\user\Documents\PECAN TARTS.odt
2015-04-10 20:07 - 2013-11-13 15:11 - 00011363 _____ () C:\Users\user\Documents\Price Cinnamon Bird Fox Lake.odt
2015-04-10 20:07 - 2013-11-13 15:06 - 00009675 _____ () C:\Users\user\Documents\Prices Bottle Vase Fox Lake.odt
2015-04-10 20:07 - 2013-11-13 15:04 - 00011884 _____ () C:\Users\user\Documents\Prices Glassware Fox Lake.odt
2015-04-10 20:07 - 2013-09-03 12:03 - 00012296 _____ () C:\Users\user\Documents\Social Report August 2013 (1).xlsx
2015-04-10 20:07 - 2013-07-30 06:31 - 00013783 _____ () C:\Users\user\Documents\RF Export 7.30.13.ics
2015-04-10 20:07 - 2013-04-20 13:35 - 00008023 _____ () C:\Users\user\Documents\test doc.odt
2015-04-10 20:02 - 2015-04-10 20:02 - 00000000 ____D () C:\Users\user\Documents\CCleaner backups
2015-04-10 19:25 - 2015-04-10 19:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera Software
2015-04-10 19:25 - 2015-04-10 19:25 - 00000000 ____D () C:\Users\user\AppData\Local\Opera Software
2015-04-10 19:24 - 2015-05-04 11:29 - 00000000 ____D () C:\Program Files\Opera
2015-04-10 19:02 - 2012-02-10 22:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-04-10 19:02 - 2011-02-24 22:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-04-10 05:17 - 2015-04-10 05:17 - 00000000 ____D () C:\Users\user\AppData\Local\Unity
2015-04-10 05:17 - 2015-04-10 04:24 - 40896120 _____ () C:\Users\user\Downloads\Firefox Setup 37.0.exe
2015-04-10 05:16 - 2015-04-10 03:41 - 01088384 _____ (Unity Technologies ApS) C:\Users\user\Downloads\UnityWebPlayer.exe
2015-04-10 05:02 - 2015-04-10 05:04 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-09 21:08 - 2015-04-18 04:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-09 21:08 - 2015-04-09 21:08 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-09 21:08 - 2015-04-09 21:08 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-09 21:06 - 2015-02-22 08:45 - 00243360 _____ () C:\Users\user\Downloads\Firefox Setup Stub 36.0b10.exe
2015-04-09 20:38 - 2015-04-09 20:38 - 00001226 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk
2015-04-09 20:38 - 2015-04-09 20:38 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-09 20:37 - 2015-02-22 22:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup(2).exe
2015-04-09 20:32 - 2015-04-09 20:32 - 00000000 ____D () C:\Users\user\Downloads\UltraFileSearch
2015-04-09 20:31 - 2015-03-30 13:01 - 05617067 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2015-04-09 19:34 - 2015-05-04 11:25 - 00000000 ____D () C:\Users\user\AppData\Local\Chromium
2015-04-09 19:10 - 2015-04-09 19:10 - 00001357 _____ () C:\Users\Public\Desktop\John's Background Switcher.lnk
2015-04-09 19:10 - 2015-04-09 19:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\johnsadventures.com
2015-04-09 19:10 - 2015-04-09 19:10 - 00000000 ____D () C:\Users\user\AppData\Local\johnsadventures.com
2015-04-09 19:10 - 2015-04-09 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\johnsadventures.com
2015-04-09 19:10 - 2015-04-09 19:10 - 00000000 ____D () C:\Program Files\johnsadventures.com
2015-04-09 19:09 - 2014-07-07 09:07 - 02215896 _____ (johnsadventures.com) C:\Users\user\Downloads\SwitcherSetup49.exe
2015-04-09 18:57 - 2014-10-30 14:24 - 05570560 _____ () C:\Users\user\Downloads\LibreOffice_4.2.6-secfix_Win_x86_helppack_en-US.msi
2015-04-09 18:56 - 2014-10-30 14:23 - 220827648 _____ () C:\Users\user\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi
2015-04-09 18:38 - 2015-04-09 18:10 - 00000000 ____D () C:\Users\user\Downloads\LastPass
2015-04-09 18:10 - 2015-04-09 18:10 - 14190648 _____ () C:\Program Files\Common Files\lpuninstall.exe
2015-04-09 18:09 - 2015-04-09 18:10 - 00000000 ____D () C:\Program Files\LastPass
2015-04-09 18:09 - 2015-04-09 18:09 - 00001168 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-04-09 18:09 - 2015-04-09 18:09 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-04-09 18:09 - 2015-04-09 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-04-09 18:06 - 2015-04-09 18:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-04-09 18:06 - 2015-04-09 18:06 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-04-09 18:06 - 2015-04-09 18:06 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-09 17:52 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-09 17:52 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-09 17:51 - 2015-02-02 20:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-09 17:51 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-09 17:51 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-09 17:51 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-09 17:51 - 2015-02-02 20:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-09 17:51 - 2015-02-02 20:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-09 17:51 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-09 17:51 - 2015-02-02 20:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-09 17:51 - 2015-02-02 19:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-09 17:51 - 2015-01-30 16:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-09 17:51 - 2014-10-31 15:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-09 17:51 - 2014-06-27 17:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-09 17:51 - 2014-06-27 17:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-09 17:50 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-09 17:50 - 2015-01-30 20:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-09 17:50 - 2015-01-30 20:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-09 17:50 - 2015-01-30 17:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-09 17:50 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-04-09 17:50 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-04-09 17:50 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-04-09 17:50 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-04-09 17:50 - 2014-07-08 18:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-04-09 17:50 - 2013-01-23 21:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-04-09 17:49 - 2015-02-25 20:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-09 17:49 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-09 17:49 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-09 17:49 - 2015-02-19 21:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-09 17:49 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-09 17:49 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-09 17:49 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-09 17:49 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-09 17:49 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-09 17:49 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-09 17:49 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-04-09 17:49 - 2012-10-03 09:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-04-09 17:49 - 2012-10-03 09:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-04-09 17:49 - 2012-10-03 09:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-04-09 17:49 - 2012-10-03 08:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-04-09 17:49 - 2011-05-03 21:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-04-09 17:49 - 2011-05-03 21:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-04-09 17:49 - 2011-05-03 21:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-04-09 17:49 - 2011-05-03 21:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-04-09 17:49 - 2011-05-03 21:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-04-09 17:49 - 2011-05-03 21:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2015-04-09 17:49 - 2011-05-03 21:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-04-09 17:49 - 2011-05-03 21:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-04-09 17:49 - 2011-05-03 21:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2015-04-09 17:49 - 2011-03-10 22:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-04-09 17:49 - 2011-03-10 22:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-04-09 17:49 - 2011-03-10 22:38 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-04-09 17:49 - 2011-03-10 22:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-04-09 17:49 - 2011-03-10 22:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-04-09 17:49 - 2011-03-10 22:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-04-09 17:49 - 2011-03-10 22:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-04-09 17:49 - 2011-03-10 21:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-04-09 17:48 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-04-09 17:48 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-04-09 17:47 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-09 17:46 - 2012-12-07 05:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-04-09 17:46 - 2012-12-07 03:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-04-09 17:45 - 2014-12-18 19:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-09 17:45 - 2012-12-07 05:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-04-09 17:45 - 2012-12-07 03:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-04-09 17:45 - 2012-12-07 03:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-04-09 17:45 - 2012-12-07 03:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-04-09 17:45 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-04-09 17:44 - 2014-12-05 20:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-09 17:44 - 2012-10-03 09:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-09 17:44 - 2012-10-03 09:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-09 17:43 - 2015-04-09 17:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-04-09 17:42 - 2014-12-11 10:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-09 17:42 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-04-09 17:42 - 2014-02-03 19:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-04-09 17:42 - 2014-02-03 19:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-04-09 17:42 - 2014-02-03 19:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-04-09 17:42 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-04-09 17:42 - 2014-01-27 19:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-04-09 17:42 - 2013-08-27 17:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-04-09 17:42 - 2013-03-18 20:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-04-09 17:41 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-04-09 17:41 - 2014-01-23 19:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-04-09 17:40 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-09 17:40 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-04-09 17:40 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-04-09 17:39 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-04-09 17:39 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-09 17:39 - 2013-08-04 18:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-04-09 17:38 - 2014-12-18 18:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-09 17:38 - 2012-10-09 10:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-04-09 17:38 - 2012-10-09 10:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-04-09 17:38 - 2012-01-04 01:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-04-09 17:37 - 2011-04-08 22:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-09 16:27 - 2015-04-17 16:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-09 16:27 - 2015-04-09 16:27 - 00000000 ____D () C:\Program Files\Belkin
2015-04-09 16:27 - 2012-12-19 19:45 - 00898152 ____R (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2015-04-09 16:27 - 2012-02-23 11:01 - 00451072 _____ () C:\Windows\system32\ISSRemoveSP.exe
2015-04-08 15:50 - 2015-04-08 15:50 - 00000000 __SHD () C:\found.000
2015-04-08 12:54 - 2015-04-08 12:54 - 00000000 ____D () C:\Netgear
2015-04-07 10:17 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-04-07 10:17 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-04-07 10:17 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-04-07 10:17 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-04-07 10:17 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-04-07 10:17 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-04-07 10:17 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-04-07 10:17 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-04-07 10:17 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-04-07 10:15 - 2015-01-08 16:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-04-07 10:13 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-07 10:09 - 2012-07-25 20:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-04-07 10:09 - 2012-07-25 20:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-04-07 10:09 - 2012-07-25 20:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-04-07 10:09 - 2012-07-25 20:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-04-07 10:09 - 2012-07-25 20:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-04-07 10:09 - 2012-07-25 19:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-04-07 10:09 - 2012-07-25 19:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-04-07 10:09 - 2012-06-02 07:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-05 10:39 - 2015-02-03 16:59 - 01592395 _____ () C:\Windows\WindowsUpdate.log
2015-05-05 10:15 - 2009-07-13 21:34 - 00025392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-05 10:15 - 2009-07-13 21:34 - 00025392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 10:08 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-05 05:33 - 2015-02-03 17:15 - 00006166 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-05 04:07 - 2015-02-03 16:56 - 00000000 ____D () C:\Windows\Panther
2015-05-05 03:22 - 2015-02-10 17:19 - 00071616 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-05 03:21 - 2009-07-13 21:33 - 00321720 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-04 12:44 - 2015-02-03 17:05 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2015-04-18 06:33 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-18 00:38 - 2015-02-10 17:30 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-17 22:34 - 2015-02-10 17:30 - 00000000 ____D () C:\Program Files\Java
2015-04-17 22:32 - 2015-02-10 17:30 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-17 16:47 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-17 16:07 - 2015-02-10 17:37 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-04-17 12:24 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 16:46 - 2009-07-13 21:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-16 12:01 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2015-04-16 11:35 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 18:04 - 2015-02-10 17:23 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-04-11 16:59 - 2015-02-10 17:23 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-10 19:58 - 2009-07-13 19:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-09 19:56 - 2015-02-10 17:23 - 00000000 ____D () C:\Program Files\Adobe
2015-04-09 16:27 - 2009-07-13 19:04 - 00000467 _____ () C:\Windows\win.ini
2015-04-07 10:09 - 2015-02-10 17:09 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-04-07 10:09 - 2015-02-10 17:09 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-04-07 10:08 - 2015-02-10 17:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client

==================== Files in the root of some directories =======

2015-04-09 18:10 - 2015-04-09 18:10 - 14190648 _____ () C:\Program Files\Common Files\lpuninstall.exe
2015-02-10 17:52 - 2015-02-10 17:52 - 0007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\InstHelper.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 04:31

==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-04-2015
Ran by user at 2015-05-05 19:56:03
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Belkin N600 DB USB Wireless Adapter (HKLM\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0184.2 - Belkin International, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
ESET Smart Security (HKLM\...\{D66C9F03-5F7C-4A4F-A4D0-7D04FCD426AE}) (Version: 8.0.312.0 - ESET, spol s r. o.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 7 Update 75 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
John's Background Switcher 4.9 (HKLM\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.9 - johnsadventures.com)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
LibreOffice 4.2 Help Pack (English (United States)) (HKLM\...\{367D30F8-BF1B-402D-A79F-C60CAB06411A}) (Version: 4.2.6.3 - The Document Foundation)
LibreOffice 4.2.6.3 (HKLM\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Unity Web Player (HKU\S-1-5-21-2567902623-2305694563-1768279651-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2567902623-2305694563-1768279651-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {309037C6-D3CB-424E-A53B-D552902625EF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2567902623-2305694563-1768279651-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {41954178-BBC4-4530-A60A-6A2A07F5FD0B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {4DD61343-A929-4BD5-AE69-CB069092984D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {B1EC7C8E-E594-4C18-9683-623A704AE0D6} - System32\Tasks\Opera scheduled Autoupdate 1428719103 => C:\Program Files\Opera\launcher.exe
Task: {C4EECA43-6EE5-49F8-B354-7BF509B5FBB6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CF6793AF-AB3F-4C72-8D21-762571141276} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {E62422CF-F061-4BD5-A769-395DB64403E6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EC0C58BF-6927-4D76-89BA-72DABB5E7978} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2567902623-2305694563-1768279651-1000 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {F754E323-2452-43BF-853F-0B9A85F22319} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2015-04-09 18:21 - 2015-04-09 18:21 - 01020928 _____ () C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\axslsjou.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2567902623-2305694563-1768279651-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2567902623-2305694563-1768279651-500 - Administrator - Disabled)
Guest (S-1-5-21-2567902623-2305694563-1768279651-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2567902623-2305694563-1768279651-1003 - Limited - Enabled)
user (S-1-5-21-2567902623-2305694563-1768279651-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2015 10:52:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (05/05/2015 05:57:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/05/2015 05:33:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/05/2015 05:33:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/05/2015 05:32:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/05/2015 05:32:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/05/2015 04:21:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/05/2015 04:21:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/05/2015 04:20:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/05/2015 04:20:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (05/05/2015 10:08:41 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (05/05/2015 06:58:15 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.197.73.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/05/2015 06:58:15 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.197.73.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (05/05/2015 06:37:20 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/05/2015 06:27:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (05/05/2015 06:26:29 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (05/05/2015 06:15:48 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WMI Performance Adapter service, but this action failed with the following error:
%%1056

Error: (05/05/2015 06:13:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (05/05/2015 06:13:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (05/05/2015 06:13:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (05/05/2015 10:52:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (05/05/2015 05:57:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"E:\msert(1).exe

Error: (05/05/2015 05:33:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/05/2015 05:33:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/05/2015 05:32:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/05/2015 05:32:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/05/2015 04:21:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/05/2015 04:21:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/05/2015 04:20:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/05/2015 04:20:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000


==================== Memory info ===========================

Processor: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 58%
Total physical RAM: 2037.61 MB
Available physical RAM: 838.69 MB
Total Pagefile: 4075.23 MB
Available Pagefile: 2490.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:72.51 GB) (Free:46.57 GB) NTFS
Drive e: () (Removable) (Total:14.97 GB) (Free:12.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: A9C30D01)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=72.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
 
 
I  will now attempt to copy the message traffic on this issue developed in the Firewall forum. And by the way, I do NOT want Windows Firewall restarted.
 
Ran RKill. It didn't find anything. It said, "all is well". We know all is not well.
 
 
 
Tried to copy the 14 messages in the Firewall forum to here. Got an error message...too many images ??? What is the fix?

Attached Files


Edited by quietman7, 21 April 2015 - 07:47 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 26 April 2015 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dwndlm_15_16&cd=2XzuyEtN2Y1L1QzuzyyEtCtDtA0EyC0AyC0DtBtDtD0AtD0DtN0D0Tzu0StCtBtDtDtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCyBtB0ByEtAyEtGyDtA0AzytG0DyC0FyCtGtDtAzytAtGtA0CzyzytC0A0E0B0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDyC0A0BtDyCtGzyyCtA0EtGyE0EyBtBtG0B0EzytCtGyB0A0BtA0FzytByEyDtD0DtC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBtDtA&cr=1627102564&ir=
SearchScopes: HKU\S-1-5-21-2567902623-2305694563-1768279651-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dwndlm_15_16&cd=2XzuyEtN2Y1L1QzuzyyEtCtDtA0EyC0AyC0DtBtDtD0AtD0DtN0D0Tzu0StCtBtDtDtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCyBtB0ByEtAyEtGyDtA0AzytG0DyC0FyCtGtDtAzytAtGtA0CzyzytC0A0E0B0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDyC0A0BtDyCtGzyyCtA0EtGyE0EyBtBtG0B0EzytCtGyB0A0BtA0FzytByEyDtD0DtC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBtDtA&cr=1627102564&ir=
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
C:\Users\user\AppData\Local\Temp\InstHelper.exe

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 WesNathan

WesNathan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 29 April 2015 - 09:08 PM

Nasdaq,

 

I think I posted this scan in the other forum a while back. Here it is again. See attached fileAttached File  FRST.txt   54.67KB   1 downloads



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 30 April 2015 - 07:30 AM

That is not what I was looking for.

Execute the instructions I previously gave you.

#5 WesNathan

WesNathan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 03 May 2015 - 09:18 PM

Here is the fixlist log:

 

start

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dwndlm_15_16&cd=2XzuyEtN2Y1L1QzuzyyEtCtDtA0EyC0AyC0DtBtDtD0AtD0DtN0D0Tzu0StCtBtDtDtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCyBtB0ByEtAyEtGyDtA0AzytG0DyC0FyCtGtDtAzytAtGtA0CzyzytC0A0E0B0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDyC0A0BtDyCtGzyyCtA0EtGyE0EyBtBtG0B0EzytCtGyB0A0BtA0FzytByEyDtD0DtC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBtDtA&cr=1627102564&ir=
SearchScopes: HKU\S-1-5-21-2567902623-2305694563-1768279651-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dwndlm_15_16&cd=2XzuyEtN2Y1L1QzuzyyEtCtDtA0EyC0AyC0DtBtDtD0AtD0DtN0D0Tzu0StCtBtDtDtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCyBtB0ByEtAyEtGyDtA0AzytG0DyC0FyCtGtDtAzytAtGtA0CzyzytC0A0E0B0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDyC0A0BtDyCtGzyyCtA0EtGyE0EyBtBtG0B0EzytCtGyB0A0BtA0FzytByEyDtD0DtC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBtDtA&cr=1627102564&ir=
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
C:\Users\user\AppData\Local\Temp\InstHelper.exe

End

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01
Ran by user (administrator) on USER-PC on 30-04-2015 21:09:26
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available profiles: user)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(johnsadventures.com) C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKU\S-1-5-21-2567902623-2305694563-1768279651-1000\...\Run: [BackgroundSwitcher] => C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [117400 2014-06-25] (johnsadventures.com)
HKU\S-1-5-21-2567902623-2305694563-1768279651-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2567902623-2305694563-1768279651-1000\...\MountPoints2: {55beb34f-ac00-11e4-93ef-806e6f6e6963} - D:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-05-14]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-14]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2567902623-2305694563-1768279651-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dwndlm_15_16&cd=2XzuyEtN2Y1L1QzuzyyEtCtDtA0EyC0AyC0DtBtDtD0AtD0DtN0D0Tzu0StCtBtDtDtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCyBtB0ByEtAyEtGyDtA0AzytG0DyC0FyCtGtDtAzytAtGtA0CzyzytC0A0E0B0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDyC0A0BtDyCtGzyyCtA0EtGyE0EyBtBtG0B0EzytCtGyB0A0BtA0FzytByEyDtD0DtC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBtDtA&cr=1627102564&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2567902623-2305694563-1768279651-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dwndlm_15_16&cd=2XzuyEtN2Y1L1QzuzyyEtCtDtA0EyC0AyC0DtBtDtD0AtD0DtN0D0Tzu0StCtBtDtDtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCyBtB0ByEtAyEtGyDtA0AzytG0DyC0FyCtGtDtAzytAtGtA0CzyzytC0A0E0B0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDyC0A0BtDyCtGzyyCtA0EtGyE0EyBtBtG0B0EzytCtGyB0A0BtA0FzytByEyDtD0DtC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBtDtA&cr=1627102564&ir=
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2015-05-14] (LastPass)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2015-05-14] (LastPass)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\axslsjou.default
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-11] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2015-05-14] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2567902623-2305694563-1768279651-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Extension: LastPass - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\axslsjou.default\Extensions\support@lastpass.com [2015-05-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-02-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [339456 2009-07-20] (Analog Devices, Inc.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-05-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [898152 2012-12-19] (Realtek Semiconductor Corporation                           )
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S1 MpKsl500bff5a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6A0173D-860B-4377-8293-7F0CF4CD4157}\MpKsl500bff5a.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 20:27 - 2015-05-14 20:27 - 00001168 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-05-14 19:45 - 2015-05-14 19:45 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-14 19:43 - 2015-05-14 19:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-05-11 18:26 - 2015-05-14 21:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 21:51 - 2015-05-08 21:51 - 00001664 _____ () C:\Users\user\Desktop\PFGUI - Shortcut.lnk
2015-05-08 21:45 - 2015-05-08 21:45 - 00001234 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-05-08 21:45 - 2015-05-08 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-05-08 21:45 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-05-07 13:40 - 2015-05-07 13:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\Windows Live Writer
2015-05-07 13:40 - 2015-05-07 13:40 - 00000000 ____D () C:\Users\user\AppData\Local\Windows Live Writer
2015-05-07 13:29 - 2015-05-07 13:29 - 00000512 _____ () C:\Users\user\Documents\Revo Pro 3 registration.rupaf
2015-05-07 12:57 - 2014-03-11 16:39 - 05198480 _____ () C:\Users\user\Downloads\tweaking.com_windows_repair_aio_setup(1).exe
2015-05-05 21:07 - 2015-05-05 21:07 - 00000000 ____D () C:\Users\user\AppData\Local\VS Revo Group
2015-05-05 21:07 - 2015-05-05 21:07 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-05-05 20:58 - 2015-05-05 20:59 - 10801480 _____ (VS Revo Group ) C:\Users\user\Downloads\RevoUninProSetup312.exe
2015-05-05 19:56 - 2015-05-05 19:56 - 00019979 _____ () C:\Users\user\Downloads\Addition.txt
2015-05-05 19:55 - 2015-04-30 21:09 - 00009748 _____ () C:\Users\user\Downloads\FRST.txt
2015-05-05 19:54 - 2015-04-30 21:09 - 00000000 ____D () C:\FRST
2015-05-05 19:52 - 2015-04-30 21:08 - 01140736 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2015-05-05 19:46 - 2015-05-05 19:47 - 00002336 _____ () C:\Users\user\Desktop\Rkill.txt
2015-05-05 11:44 - 2015-05-05 11:44 - 00004286 _____ () C:\Users\user\Documents\uninstall.txt
2015-05-05 11:40 - 2015-05-05 11:40 - 00001308 _____ () C:\Users\user\Documents\startup2.txt
2015-05-05 11:34 - 2015-05-05 11:34 - 00002054 _____ () C:\Users\user\Documents\startup1.txt
2015-05-05 06:39 - 2015-05-05 06:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\ESET
2015-05-05 06:39 - 2015-05-05 06:39 - 00000000 ____D () C:\Users\user\AppData\Local\ESET
2015-05-05 06:25 - 2015-05-05 06:25 - 10783944 _____ (ESET) C:\Users\user\Downloads\avremover_nt32_enu.exe
2015-05-05 06:15 - 2015-05-05 06:15 - 00000956 _____ () C:\Users\user\Desktop\JRT.txt
2015-05-05 06:12 - 2015-05-05 06:12 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Professional-(32-bit).dat
2015-05-05 06:12 - 2015-05-05 06:12 - 00000000 ____D () C:\RegBackup
2015-05-05 06:09 - 2015-05-05 06:09 - 00001864 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2015-05-05 06:05 - 2015-05-14 09:15 - 00000952 _____ () C:\Windows\setupact.log
2015-05-05 06:05 - 2015-05-05 06:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-05 06:04 - 2015-05-05 06:04 - 00000352 _____ () C:\Windows\PFRO.log
2015-05-05 06:01 - 2015-05-05 06:03 - 00000000 ____D () C:\AdwCleaner
2015-05-05 05:59 - 2015-04-21 02:19 - 02217984 _____ () C:\Users\user\Downloads\adwcleaner_4.201.exe
2015-05-05 05:58 - 2015-04-21 02:30 - 01660616 _____ (ESET) C:\Users\user\Downloads\eset_smart_security_live_installer_.exe
2015-05-05 05:58 - 2015-04-21 02:24 - 02685507 _____ (Thisisu) C:\Users\user\Downloads\JRT(2).exe
2015-05-05 04:26 - 2015-05-14 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-05 04:25 - 2015-05-14 19:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-05 04:25 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-05 04:25 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-05 04:23 - 2015-05-14 19:46 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-05-05 04:23 - 2015-05-14 19:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2015-05-05 04:23 - 2015-05-05 04:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-05 04:23 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-05 04:21 - 2013-08-11 13:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300(1).exe
2015-05-04 11:43 - 2015-05-04 11:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\LibreOffice
2015-05-04 11:37 - 2015-05-04 11:37 - 00001458 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2015-05-04 11:37 - 2015-05-04 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2015-05-04 11:35 - 2015-05-04 11:37 - 00000000 ____D () C:\Program Files\LibreOffice 4
2015-05-04 06:19 - 2015-05-04 06:19 - 00000000 ____D () C:\Users\user\AppData\Local\Privatefirewall
2015-05-04 06:17 - 2013-09-29 21:24 - 00130568 _____ (Privacyware/PWI, Inc.) C:\Windows\system32\Drivers\pwipf6.sys
2015-05-04 06:16 - 2015-05-04 06:16 - 00000146 _____ () C:\Windows\ODBC.INI
2015-05-04 06:16 - 2015-05-04 06:16 - 00000000 ____D () C:\ProgramData\Privacyware
2015-05-04 06:16 - 2015-05-04 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2015-05-04 06:16 - 2015-05-04 06:16 - 00000000 ____D () C:\Program Files\Privacyware
2015-05-04 06:15 - 2015-04-20 06:14 - 03749640 _____ (PWI, Inc. ) C:\Users\user\Downloads\privatefirewall.exe
2015-05-04 03:44 - 2015-05-04 03:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-04 03:43 - 2015-04-01 11:22 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-03 21:28 - 2015-05-03 21:30 - 00000000 ____D () C:\HOA
2015-05-03 19:59 - 2015-05-03 19:59 - 00016056 _____ () C:\Users\user\Documents\2015 HOA MINUTES.odt
2015-04-30 21:08 - 2015-04-30 21:08 - 00000000 ____D () C:\Users\user\Downloads\FRST-OlderVersion
2015-04-17 22:48 - 2015-04-17 22:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-17 22:33 - 2015-04-17 22:33 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-17 16:39 - 2015-04-18 00:39 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-04-17 16:08 - 2015-04-18 05:10 - 00000000 ____D () C:\Program Files\Analog Devices
2015-04-17 16:08 - 2007-11-12 14:27 - 00049152 _____ (Analog Devices Inc.) C:\Windows\system32\DSndUp.exe
2015-04-17 16:06 - 2008-01-16 16:50 - 00031232 _____ (Analog Devices, Inc.) C:\Windows\system32\PostProc.dll
2015-04-17 16:05 - 2015-04-17 16:05 - 00000000 ____D () C:\dell
2015-04-17 16:05 - 2009-07-20 14:39 - 00339456 _____ (Analog Devices, Inc.) C:\Windows\system32\Drivers\ADIHdAud.sys
2015-04-17 11:54 - 2015-04-18 05:04 - 00000000 ____D () C:\Program Files\Real
2015-04-17 11:54 - 2015-04-18 05:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Real
2015-04-17 11:52 - 2015-04-18 05:04 - 00000000 ____D () C:\ProgramData\Real
2015-04-16 18:23 - 2015-04-16 18:23 - 00000410 _____ () C:\Windows\BRWMARK.INI
2015-04-16 18:23 - 2015-04-16 18:23 - 00000034 _____ () C:\Windows\system32\BD2820.DAT
2015-04-16 16:45 - 2015-04-16 16:45 - 00034278 _____ () C:\Users\user\Documents\Tatted Sandals.odt
2015-04-16 05:31 - 2015-04-16 05:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 05:31 - 2015-04-16 05:31 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 19:02 - 2015-05-05 11:39 - 00326144 ___SH () C:\Users\user\Documents\Thumbs.db
2015-04-15 18:05 - 2015-04-15 18:05 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia
2015-04-15 18:00 - 2015-05-04 11:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\0D1T1C2W1P1G0D0L0M
2015-04-15 17:59 - 2015-05-05 03:22 - 00000000 ____D () C:\Program Files\360
2015-04-15 10:10 - 2015-05-11 18:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 10:10 - 2015-05-11 18:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 10:09 - 2015-04-15 10:10 - 17593008 _____ (Adobe Systems Incorporated) C:\Users\user\Downloads\install_flash_player_ax.exe
2015-04-15 09:52 - 2015-04-01 16:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 09:52 - 2015-03-22 20:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 09:52 - 2015-03-22 19:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 09:52 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 09:52 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 09:52 - 2015-03-16 22:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 09:52 - 2015-03-16 22:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 09:52 - 2015-03-16 21:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 09:52 - 2015-03-16 21:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 09:52 - 2015-03-16 21:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 09:52 - 2015-03-16 21:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 09:52 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 09:52 - 2015-03-16 21:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 09:52 - 2015-03-16 21:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 09:52 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 09:52 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 09:52 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 09:52 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 09:52 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 09:52 - 2015-03-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 09:52 - 2015-03-12 20:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 09:52 - 2015-03-12 20:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 09:52 - 2015-03-12 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 09:52 - 2015-03-12 20:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 09:52 - 2015-03-12 20:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 09:52 - 2015-03-12 20:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 09:52 - 2015-03-12 20:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 09:52 - 2015-03-12 20:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 09:52 - 2015-03-12 20:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 09:52 - 2015-03-12 20:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 09:52 - 2015-03-12 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 09:52 - 2015-03-12 19:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 09:52 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 09:52 - 2015-03-12 19:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 09:52 - 2015-03-12 19:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 09:52 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 09:52 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 09:52 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 09:52 - 2015-03-04 21:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 09:52 - 2015-03-03 21:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 09:52 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:52 - 2015-01-27 16:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 09:51 - 2015-03-24 20:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 09:51 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 09:51 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 09:51 - 2015-03-24 20:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 09:51 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 09:51 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 09:51 - 2015-03-12 20:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 09:51 - 2015-03-12 20:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 09:51 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 09:51 - 2015-03-12 20:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 09:51 - 2015-03-12 19:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 09:51 - 2015-03-12 19:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 09:51 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 09:51 - 2015-03-12 19:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 09:51 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 09:51 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 09:51 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 09:51 - 2015-02-24 20:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 09:47 - 2015-04-15 09:47 - 00001429 _____ () C:\Users\user\Desktop\UltraFileSearch - Shortcut.lnk
2015-04-15 09:47 - 2015-04-15 09:47 - 00000000 ____D () C:\Users\user\AppData\Roaming\Stegisoft
2015-04-11 13:39 - 2015-04-11 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-11 13:39 - 2015-04-11 13:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-11 13:37 - 2015-04-11 13:37 - 06958304 _____ (Microsoft Corporation) C:\Users\user\Downloads\Silverlight.exe
2015-04-10 22:11 - 2015-05-03 19:43 - 00000000 ____D () C:\Users\user\Documents\Barbs Old Computer files
2015-04-10 21:17 - 2015-04-10 21:17 - 00001066 _____ () C:\Users\user\Desktop\Pictures.lnk
2015-04-10 21:14 - 2015-02-02 17:21 - 00019110 _____ () C:\Users\Public\Documents\Follies WORKSHEET 2015.odt
2015-04-10 21:14 - 2015-01-25 12:18 - 00018166 _____ () C:\Users\Public\Documents\My Sister, My Friend.odt
2015-04-10 20:07 - 2015-05-05 11:34 - 00000000 ____D () C:\Users\user\Documents\Poetry By Barbara
2015-04-10 20:07 - 2015-02-06 20:30 - 00023192 _____ () C:\Users\user\Documents\BARBARA resume 1.3.11.odt
2015-04-10 20:07 - 2015-01-18 13:28 - 00014660 _____ () C:\Users\user\Documents\Mr. Sandman Lyrics.odt
2015-04-10 20:07 - 2015-01-17 12:11 - 00019128 _____ () C:\Users\user\Documents\sister valentine.odt
2015-04-10 20:07 - 2015-01-17 12:07 - 00011084 _____ () C:\Users\user\Documents\Valentine for Friend.odt
2015-04-10 20:07 - 2014-09-05 09:27 - 00017934 _____ () C:\Users\user\Documents\tatted christmas tree.odt
2015-04-10 20:07 - 2014-08-30 07:37 - 00022179 _____ () C:\Users\user\Documents\BARBARA EISENBERG resume new pic.odt
2015-04-10 20:07 - 2014-08-30 07:31 - 00151669 _____ () C:\Users\user\Documents\BARBARA EISENBERG.odt
2015-04-10 20:07 - 2014-06-30 10:37 - 00029288 _____ () C:\Users\user\Documents\Stepping Stones.odt
2015-04-10 20:07 - 2014-05-30 22:20 - 00020481 _____ () C:\Users\user\Documents\Tin Box Community.odt
2015-04-10 20:07 - 2014-05-22 15:14 - 00015872 _____ () C:\Users\user\Documents\Sales & Royalty Report-Apr-22-2014-to-May-22-2014-en_US..xls
2015-04-10 20:07 - 2014-04-28 11:21 - 00014683 _____ () C:\Users\user\Documents\Too Much Chocolate Cake Recipe.odt
2015-04-10 20:07 - 2014-03-03 22:01 - 00019333 _____ () C:\Users\user\Documents\A Small Tribute to Sugar.odt
2015-04-10 20:07 - 2013-12-12 20:21 - 00022646 _____ () C:\Users\user\Documents\White Chocolate Cherry Shortbread Cookies.odt
2015-04-10 20:07 - 2013-12-12 15:29 - 00014797 _____ () C:\Users\user\Documents\PECAN TARTS.odt
2015-04-10 20:07 - 2013-11-13 15:11 - 00011363 _____ () C:\Users\user\Documents\Price Cinnamon Bird Fox Lake.odt
2015-04-10 20:07 - 2013-11-13 15:06 - 00009675 _____ () C:\Users\user\Documents\Prices Bottle Vase Fox Lake.odt
2015-04-10 20:07 - 2013-11-13 15:04 - 00011884 _____ () C:\Users\user\Documents\Prices Glassware Fox Lake.odt
2015-04-10 20:07 - 2013-09-03 12:03 - 00012296 _____ () C:\Users\user\Documents\Social Report August 2013 (1).xlsx
2015-04-10 20:07 - 2013-07-30 06:31 - 00013783 _____ () C:\Users\user\Documents\RF Export 7.30.13.ics
2015-04-10 20:07 - 2013-04-20 13:35 - 00008023 _____ () C:\Users\user\Documents\test doc.odt
2015-04-10 20:02 - 2015-04-10 20:02 - 00000000 ____D () C:\Users\user\Documents\CCleaner backups
2015-04-10 19:25 - 2015-04-10 19:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera Software
2015-04-10 19:25 - 2015-04-10 19:25 - 00000000 ____D () C:\Users\user\AppData\Local\Opera Software
2015-04-10 19:24 - 2015-05-04 11:29 - 00000000 ____D () C:\Program Files\Opera
2015-04-10 19:02 - 2012-02-10 22:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-04-10 19:02 - 2011-02-24 22:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-04-10 05:17 - 2015-04-10 05:17 - 00000000 ____D () C:\Users\user\AppData\Local\Unity
2015-04-10 05:17 - 2015-04-10 04:24 - 40896120 _____ () C:\Users\user\Downloads\Firefox Setup 37.0.exe
2015-04-10 05:16 - 2015-04-10 03:41 - 01088384 _____ (Unity Technologies ApS) C:\Users\user\Downloads\UnityWebPlayer.exe
2015-04-10 05:02 - 2015-04-10 05:04 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-09 21:08 - 2015-04-18 04:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-09 21:08 - 2015-04-09 21:08 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-09 21:08 - 2015-04-09 21:08 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-09 21:06 - 2015-02-22 08:45 - 00243360 _____ () C:\Users\user\Downloads\Firefox Setup Stub 36.0b10.exe
2015-04-09 20:38 - 2015-05-08 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-09 20:38 - 2015-04-09 20:38 - 00001226 _____ () C:\Users\user\Desktop\Revo Uninstaller.lnk
2015-04-09 20:37 - 2015-02-22 22:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup(2).exe
2015-04-09 20:32 - 2015-04-09 20:32 - 00000000 ____D () C:\Users\user\Downloads\UltraFileSearch
2015-04-09 20:31 - 2015-03-30 13:01 - 05617067 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2015-04-09 19:34 - 2015-05-04 11:25 - 00000000 ____D () C:\Users\user\AppData\Local\Chromium
2015-04-09 19:10 - 2015-04-09 19:10 - 00001357 _____ () C:\Users\Public\Desktop\John's Background Switcher.lnk
2015-04-09 19:10 - 2015-04-09 19:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\johnsadventures.com
2015-04-09 19:10 - 2015-04-09 19:10 - 00000000 ____D () C:\Users\user\AppData\Local\johnsadventures.com
2015-04-09 19:10 - 2015-04-09 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\johnsadventures.com
2015-04-09 19:10 - 2015-04-09 19:10 - 00000000 ____D () C:\Program Files\johnsadventures.com
2015-04-09 19:09 - 2014-07-07 09:07 - 02215896 _____ (johnsadventures.com) C:\Users\user\Downloads\SwitcherSetup49.exe
2015-04-09 18:57 - 2014-10-30 14:24 - 05570560 _____ () C:\Users\user\Downloads\LibreOffice_4.2.6-secfix_Win_x86_helppack_en-US.msi
2015-04-09 18:56 - 2014-10-30 14:23 - 220827648 _____ () C:\Users\user\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi
2015-04-09 18:38 - 2015-04-09 18:10 - 00000000 ____D () C:\Users\user\Downloads\LastPass
2015-04-09 18:10 - 2015-05-14 20:28 - 14190648 _____ () C:\Program Files\Common Files\lpuninstall.exe
2015-04-09 18:09 - 2015-05-14 20:28 - 00000000 ____D () C:\Program Files\LastPass
2015-04-09 18:09 - 2015-05-14 20:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-04-09 18:09 - 2015-05-14 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-04-09 18:06 - 2015-04-09 18:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-04-09 18:06 - 2015-04-09 18:06 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-04-09 18:06 - 2015-04-09 18:06 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-09 17:52 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-09 17:52 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-09 17:51 - 2015-02-02 20:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-09 17:51 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-09 17:51 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-09 17:51 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-09 17:51 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-09 17:51 - 2015-02-02 20:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-09 17:51 - 2015-02-02 20:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-09 17:51 - 2015-02-02 20:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-09 17:51 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-09 17:51 - 2015-02-02 20:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-09 17:51 - 2015-02-02 19:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-09 17:51 - 2015-01-30 16:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-09 17:51 - 2014-10-31 15:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-09 17:51 - 2014-06-27 17:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-09 17:51 - 2014-06-27 17:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-09 17:50 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-09 17:50 - 2015-01-30 20:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-09 17:50 - 2015-01-30 20:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-09 17:50 - 2015-01-30 17:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-09 17:50 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-04-09 17:50 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-04-09 17:50 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-04-09 17:50 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-04-09 17:50 - 2014-07-08 18:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-04-09 17:50 - 2013-01-23 21:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-04-09 17:49 - 2015-02-25 20:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-09 17:49 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-09 17:49 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-09 17:49 - 2015-02-19 21:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-09 17:49 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-09 17:49 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-09 17:49 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-09 17:49 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-09 17:49 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-09 17:49 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-09 17:49 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-04-09 17:49 - 2012-10-03 09:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-04-09 17:49 - 2012-10-03 09:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-04-09 17:49 - 2012-10-03 09:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-04-09 17:49 - 2012-10-03 08:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-04-09 17:49 - 2011-05-03 21:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-04-09 17:49 - 2011-05-03 21:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-04-09 17:49 - 2011-05-03 21:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-04-09 17:49 - 2011-05-03 21:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-04-09 17:49 - 2011-05-03 21:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-04-09 17:49 - 2011-05-03 21:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2015-04-09 17:49 - 2011-05-03 21:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-04-09 17:49 - 2011-05-03 21:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-04-09 17:49 - 2011-05-03 21:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2015-04-09 17:49 - 2011-03-10 22:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-04-09 17:49 - 2011-03-10 22:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-04-09 17:49 - 2011-03-10 22:38 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-04-09 17:49 - 2011-03-10 22:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-04-09 17:49 - 2011-03-10 22:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-04-09 17:49 - 2011-03-10 22:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-04-09 17:49 - 2011-03-10 22:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-04-09 17:49 - 2011-03-10 21:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-04-09 17:48 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-04-09 17:48 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-04-09 17:47 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-09 17:46 - 2012-12-07 05:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-04-09 17:46 - 2012-12-07 03:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-04-09 17:46 - 2012-12-07 03:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-04-09 17:45 - 2014-12-18 19:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-09 17:45 - 2012-12-07 05:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-04-09 17:45 - 2012-12-07 03:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-04-09 17:45 - 2012-12-07 03:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-04-09 17:45 - 2012-12-07 03:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-04-09 17:45 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-04-09 17:44 - 2014-12-05 20:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-09 17:44 - 2012-10-03 09:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-09 17:44 - 2012-10-03 09:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-09 17:43 - 2015-04-09 17:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-04-09 17:42 - 2014-12-11 10:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-09 17:42 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-04-09 17:42 - 2014-02-03 19:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-04-09 17:42 - 2014-02-03 19:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-04-09 17:42 - 2014-02-03 19:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-04-09 17:42 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-04-09 17:42 - 2014-01-27 19:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-04-09 17:42 - 2013-08-27 17:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-04-09 17:42 - 2013-03-18 20:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-04-09 17:41 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-04-09 17:41 - 2014-01-23 19:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-04-09 17:40 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-09 17:40 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-04-09 17:40 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-04-09 17:39 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-04-09 17:39 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-09 17:39 - 2013-08-04 18:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-04-09 17:38 - 2014-12-18 18:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-09 17:38 - 2012-10-09 10:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-04-09 17:38 - 2012-10-09 10:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-04-09 17:38 - 2012-01-04 01:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-04-09 17:37 - 2011-04-08 22:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-09 16:27 - 2015-04-17 16:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-09 16:27 - 2015-04-09 16:27 - 00000000 ____D () C:\Program Files\Belkin
2015-04-09 16:27 - 2012-12-19 19:45 - 00898152 ____R (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2015-04-09 16:27 - 2012-02-23 11:01 - 00451072 _____ () C:\Windows\system32\ISSRemoveSP.exe
2015-04-08 15:50 - 2015-04-08 15:50 - 00000000 __SHD () C:\found.000
2015-04-08 12:54 - 2015-04-08 12:54 - 00000000 ____D () C:\Netgear
2015-04-07 10:17 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-04-07 10:17 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-04-07 10:17 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-04-07 10:17 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-04-07 10:17 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-04-07 10:17 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-04-07 10:17 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-04-07 10:17 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-04-07 10:17 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-04-07 10:15 - 2015-01-08 16:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-04-07 10:13 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-07 10:09 - 2012-07-25 20:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-04-07 10:09 - 2012-07-25 20:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-04-07 10:09 - 2012-07-25 20:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-04-07 10:09 - 2012-07-25 20:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-04-07 10:09 - 2012-07-25 20:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-04-07 10:09 - 2012-07-25 19:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-04-07 10:09 - 2012-07-25 19:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-04-07 10:09 - 2012-06-02 07:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 19:48 - 2015-02-03 16:59 - 01266119 _____ () C:\Windows\WindowsUpdate.log
2015-05-14 09:21 - 2009-07-13 21:34 - 00025392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 09:21 - 2009-07-13 21:34 - 00025392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 09:15 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-13 21:55 - 2015-02-03 17:15 - 00006166 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-11 18:26 - 2015-02-10 17:23 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-05-07 13:40 - 2015-02-10 17:40 - 00000000 ____D () C:\Users\user\AppData\Local\Windows Live
2015-05-05 04:07 - 2015-02-03 16:56 - 00000000 ____D () C:\Windows\Panther
2015-05-05 03:22 - 2015-02-10 17:19 - 00071616 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-05 03:21 - 2009-07-13 21:33 - 00321720 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-04 12:44 - 2015-02-03 17:05 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2015-04-18 06:33 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-18 00:38 - 2015-02-10 17:30 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-17 22:34 - 2015-02-10 17:30 - 00000000 ____D () C:\Program Files\Java
2015-04-17 22:32 - 2015-02-10 17:30 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-17 16:47 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-17 16:07 - 2015-02-10 17:37 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-04-17 12:24 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 16:46 - 2009-07-13 21:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-16 12:01 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2015-04-16 11:35 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-11 16:59 - 2015-02-10 17:23 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-10 19:58 - 2009-07-13 19:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-09 19:56 - 2015-02-10 17:23 - 00000000 ____D () C:\Program Files\Adobe
2015-04-09 16:27 - 2009-07-13 19:04 - 00000467 _____ () C:\Windows\win.ini
2015-04-07 10:09 - 2015-02-10 17:09 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-04-07 10:09 - 2015-02-10 17:09 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-04-07 10:08 - 2015-02-10 17:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client

==================== Files in the root of some directories =======

2015-04-09 18:10 - 2015-05-14 20:28 - 14190648 _____ () C:\Program Files\Common Files\lpuninstall.exe
2015-02-10 17:52 - 2015-02-10 17:52 - 0007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\InstHelper.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 11:13



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 04 May 2015 - 07:01 AM

It did not go as I expected.
Run this again. Make sure where you save the FixList.txt.
Look at my revised instructions where to save the file.


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dwndlm_15_16&cd=2XzuyEtN2Y1L1QzuzyyEtCtDtA0EyC0AyC0DtBtDtD0AtD0DtN0D0Tzu0StCtBtDtDtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCyBtB0ByEtAyEtGyDtA0AzytG0DyC0FyCtGtDtAzytAtGtA0CzyzytC0A0E0B0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDyC0A0BtDyCtGzyyCtA0EtGyE0EyBtBtG0B0EzytCtGyB0A0BtA0FzytByEyDtD0DtC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBtDtA&cr=1627102564&ir=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2567902623-2305694563-1768279651-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dwndlm_15_16&cd=2XzuyEtN2Y1L1QzuzyyEtCtDtA0EyC0AyC0DtBtDtD0AtD0DtN0D0Tzu0StCtBtDtDtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBtCyBtB0ByEtAyEtGyDtA0AzytG0DyC0FyCtGtDtAzytAtGtA0CzyzytC0A0E0B0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAtDyC0A0BtDyCtGzyyCtA0EtGyE0EyBtBtG0B0EzytCtGyB0A0BtA0FzytByEyDtD0DtC2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBtDtA&cr=1627102564&ir=
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S1 MpKsl500bff5a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6A0173D-860B-4377-8293-7F0CF4CD4157}\MpKsl500bff5a.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

How is the computer running now?

#7 WesNathan

WesNathan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 08 May 2015 - 07:54 AM

My wife's computer is now working normally. I fixed a date change, which caused several problems (the date, not the change). I suspect one of the forced on us programs DLd with Adobe Flash Player. Thanks for everybody's help. I don't want to waste any more of your time.

 

Wes



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 08 May 2015 - 12:51 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 14 May 2015 - 08:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users