Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

internet explorer running in background


  • This topic is locked This topic is locked
54 replies to this topic

#1 mommyofnuts

mommyofnuts

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 24 April 2015 - 03:49 AM

I have an internet explorer running in the background. I have tried the taskkill and it kills it but just comes right back , malware bytes will not find it. please help.

I created a hijack this file and attached here. please help.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:37:12 PM, on 4/23/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\mom\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5259 bytes

Attached Files


Edited by mommyofnuts, 24 April 2015 - 03:50 AM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 AM

Posted 24 April 2015 - 11:31 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 mommyofnuts

mommyofnuts
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 24 April 2015 - 07:18 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2015
Ran by mom at 2015-04-24 20:00:06
Running from C:\Users\mom\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4272652656-438244758-189266899-500 - Administrator - Disabled)
Guest (S-1-5-21-4272652656-438244758-189266899-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4272652656-438244758-189266899-1002 - Limited - Enabled)
mom (S-1-5-21-4272652656-438244758-189266899-1000 - Administrator - Enabled) => C:\Users\mom
TEst (S-1-5-21-4272652656-438244758-189266899-1003 - Administrator - Enabled) => C:\Users\TEst

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HughesNet Status Meter (HKLM-x32\...\{67939A60-3C84-4556-8427-97793155AEF6}) (Version: 6.2.0 - None provided)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Price is Right (x32 Version: 2.2.0.95 - WildTangent) Hidden
Unity Web Player (All users) (HKLM-x32\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4272652656-438244758-189266899-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\mom\AppData\Roaming\tyvitsju\tivesen.dll () <==== ATTENTION

==================== Restore Points  =========================

19-04-2015 08:06:06 Windows Update
20-04-2015 05:47:16 Created By FixIEDef
22-04-2015 19:03:19 Installed Sophos Virus Removal Tool.
22-04-2015 19:07:29 Removed Sophos Virus Removal Tool.
23-04-2015 18:51:13 Removed Sophos Virus Removal Tool.
24-04-2015 05:34:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-04-20 14:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00ADB057-7617-4876-8787-470055CF12B2} - \Runner IC No Task File <==== ATTENTION
Task: {0206CC90-D392-45D8-B52A-4078BEC9674F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {03EDF0DA-6EC2-46FB-8FD7-5A6E99BDA2AF} - \Microsoft\Windows\Media Center\PBDADiscovery No Task File <==== ATTENTION
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {0BC40909-6AF2-4FF1-9B83-EC806549F4E5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {13980026-C96F-4528-BF04-7C5C3FF6EB96} - \Microsoft\Windows\Media Center\RecordingRestart No Task File <==== ATTENTION
Task: {178FDE67-9DC1-400D-8B52-3DD6280BD032} - \Microsoft\Windows\Media Center\PvrRecoveryTask No Task File <==== ATTENTION
Task: {1ACEA5C9-2DA3-4900-9F01-CA45DA2CCAF5} - \Microsoft\Windows\Media Center\ActivateWindowsSearch No Task File <==== ATTENTION
Task: {1E4EE1F0-285F-4BCE-88F2-74A67977E747} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive No Task File <==== ATTENTION
Task: {21261CCF-BA29-4F4E-84CC-D4ABAB7E6406} - \{448273CE-D309-48C4-84D0-481B35A23B64} No Task File <==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {251DE5CB-6DF6-4978-BB83-A22FA50902C5} - \Microsoft\Windows\Media Center\InstallPlayReady No Task File <==== ATTENTION
Task: {28011108-68DF-4C73-B91B-57427D501BBA} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION
Task: {2BF072F7-41E0-4360-A67F-254A6FC579C0} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {2DBD6EB3-FD63-429A-87E0-DE5C318A737C} - \Hewlett-Packard\HP Support Assistant\PC Tuneup No Task File <==== ATTENTION
Task: {2ED50D70-9BCB-4055-BD8A-590EDF562402} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification No Task File <==== ATTENTION
Task: {31EC477A-5792-4E21-A65D-F50F57D0F9DB} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService No Task File <==== ATTENTION
Task: {362954CD-1443-46A3-861B-5C3A2743FDFA} - \Microsoft\Windows\Media Center\ReindexSearchRoot No Task File <==== ATTENTION
Task: {38CBD6F3-F1ED-4796-BD24-5766C43B3098} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4272652656-438244758-189266899-1000
Task: {43E5453C-BBA3-4111-9F4D-DF9C96CE1634} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {4402013C-4A89-4F58-94BF-FB640B800996} - \Microsoft\Windows\Media Center\RegisterSearch No Task File <==== ATTENTION
Task: {45FB66C6-E868-474F-A8D9-88C12CBEA99D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip No Task File <==== ATTENTION
Task: {486C1A9B-CCF9-462C-935B-E4F25EE9BB1D} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector No Task File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration No Task File <==== ATTENTION
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {4E19B4A4-BE39-4B6D-B11E-A3BFF4D5CB7F} - \{DD176437-0E2A-4047-AB32-224ADBED2401} No Task File <==== ATTENTION
Task: {52D6E666-548F-410E-BFF1-92B8C63CA97F} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {56D31F25-04BC-471E-AA27-52CB4C3020A5} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks No Task File <==== ATTENTION
Task: {578D0CA6-4844-430C-8D2A-BA79E7C01266} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File <==== ATTENTION
Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION
Task: {6271FDC0-C194-43DB-84D2-1233380741CB} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {67144494-C016-4460-BDE4-2BF8247102BC} - \Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask No Task File <==== ATTENTION
Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask No Task File <==== ATTENTION
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck No Task File <==== ATTENTION
Task: {782D691B-CCD9-488A-8678-C9931DACC414} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File <==== ATTENTION
Task: {8472E2B4-4982-4C64-B496-4564F8A1352D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {8C67184E-865A-4D27-82EC-43505B50026E} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task No Task File <==== ATTENTION
Task: {8E359152-D8C9-4871-AEA1-9851E769A8F1} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 No Task File <==== ATTENTION
Task: {92481A48-26F5-442C-9298-DD713B27E3A4} - \Registration No Task File <==== ATTENTION
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {95E7292F-653F-46C1-8160-FAEC9F3307D5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {98F6E988-20BB-4E04-B95B-F31E5CB356B2} - \Microsoft\Windows\Wininet\CacheTask No Task File <==== ATTENTION
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader No Task File <==== ATTENTION
Task: {A42684B2-6D5E-4EDE-9919-61D64518237D} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary No Task File <==== ATTENTION
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter No Task File <==== ATTENTION
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - \Microsoft\Windows\Location\Notifications No Task File <==== ATTENTION
Task: {A70F1A61-D69D-4D02-876F-B399AB64BC35} - \Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events No Task File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent No Task File <==== ATTENTION
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager No Task File <==== ATTENTION
Task: {ADC06EF7-C9A8-49F7-A5A6-C2F6231DA82B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {AEBA3AC0-F3A7-4FBC-A122-DC734318377B} - \Microsoft\Windows\Media Center\PvrScheduleTask No Task File <==== ATTENTION
Task: {B0B73B96-C439-4820-AAB1-3FBB85493C87} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis No Task File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor No Task File <==== ATTENTION
Task: {B32E3924-31FA-4833-8AA8-B4E634B38626} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B76872B0-5B6E-4877-9431-373627D853E7} - \{CE39A8BC-59C4-4FD5-B984-2B0CD994E71E} No Task File <==== ATTENTION
Task: {B852AA03-A8A4-490A-B8DC-A7570EFBDEE4} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe
Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled No Task File <==== ATTENTION
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION
Task: {C0B2AA68-DF9E-400A-B71C-581384C21B8A} - \Hewlett-Packard\HP Support Assistant\Ghost Resign Task No Task File <==== ATTENTION
Task: {C57336C0-7423-4250-A8DD-AAE1E77A45DC} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask No Task File <==== ATTENTION
Task: {C9780D19-2567-4C8C-B584-369072FD98FE} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 No Task File <==== ATTENTION
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup No Task File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {CBFED178-75FE-42F5-BB35-F3E5E50AD33F} - \Microsoft\Windows\Media Center\PeriodicScanRetry No Task File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - \Microsoft\Windows\Autochk\Proxy No Task File <==== ATTENTION
Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - \Microsoft\Windows\Maintenance\WinSAT No Task File <==== ATTENTION
Task: {DC3C0E7C-6B67-43C4-B5AE-246681442028} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-21] (Adobe Systems Incorporated)
Task: {DCCEC452-F4F3-4193-B418-3B352CADD5F6} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {DD7B370B-7F26-4978-987E-08483B367623} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {DE3A3F25-99E5-4F0A-9D2F-6321A5602C47} - \Microsoft\Windows\Media Center\StartRecording No Task File <==== ATTENTION
Task: {DF0EB2A9-6AB6-4508-B310-E6D1ED383B44} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange No Task File <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION
Task: {E4790C4E-756E-414D-87A6-3830EE638044} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask No Task File <==== ATTENTION
Task: {EA3B8A34-590B-4F03-969B-766CC1A3C4C8} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask No Task File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask No Task File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {F446D15B-7274-4052-B5BB-24F19B0AD4C7} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {F64F9C9D-6599-44CB-BC8B-AE58B29EFC2F} - System32\Tasks\HPCeeScheduleFormom => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {F6734812-A49A-4C93-AA1F-E2D06F27C571} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File <==== ATTENTION
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem No Task File <==== ATTENTION
Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleFormom.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2009-10-01 09:22 - 2009-10-01 09:22 - 00327168 _____ () C:\Windows\system32\SaMinDrv.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4272652656-438244758-189266899-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdpeakProxy => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: BeFrugal.com Service => 2
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\startupreg: BFHP => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: HughesNetStatusMeter => "C:\Program Files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Regedit32 => C:\Windows\system32\regedit.exe
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Tagee => C:\Users\mom\AppData\Roaming\Uhbyi\tagee.exe
MSCONFIG\startupreg: YTDownloader => /boot

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2015 10:08:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e8

Start Time: 01d07a457d2a4122

Termination Time: 15

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: ee9a9470-e638-11e4-9903-78acc0bae5e9

Error: (04/18/2015 10:06:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cc4

Start Time: 01d07a456dba9cda

Termination Time: 16

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: b645e91b-e638-11e4-9903-78acc0bae5e9

Error: (04/18/2015 10:06:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 298

Start Time: 01d07a455e2c83bc

Termination Time: 16

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: a3f6dae2-e638-11e4-9903-78acc0bae5e9

Error: (04/16/2015 03:04:43 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (04/15/2015 01:09:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9e0

Start Time: 01d076fadfc6a2a5

Termination Time: 3488

Application Path: C:\Windows\Explorer.EXE

Report Id: 0852614a-e392-11e4-a9ea-78acc0bae5e9

Error: (04/14/2015 08:03:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3c04

Start Time: 01d0770d798f7bc2

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (04/14/2015 11:03:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: PhotoAcq.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c955
Exception code: 0xc0000005
Fault offset: 0x000000000001a3e3
Faulting process id: 0xb2c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/06/2015 03:19:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msert.exe version 1.195.2073.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cd8

Start Time: 01d07030112f86a1

Termination Time: 0

Application Path: C:\Users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YCC87VH\msert.exe

Report Id: 257a8a75-dc2d-11e4-bcd9-78acc0bae5e9

Error: (04/05/2015 10:24:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spybot Search & Destroy Setup.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ea4

Start Time: 01d07010a8258b8a

Termination Time: 0

Application Path: C:\Users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4C848CDR\Spybot Search & Destroy Setup.exe

Report Id: 009fc69c-dc04-11e4-bcd9-78acc0bae5e9

Error: (04/05/2015 10:17:02 PM) (Source: Application Virtualization Client) (EventID: 3079) (User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=3478:usr=mom}
The client could not launch Q:\140066.enu\Office14\WINWORDC.EXE (rc 0B004B04-00000419, last error 2).

System errors:
=============
Error: (04/24/2015 02:34:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/24/2015 02:34:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/24/2015 02:34:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/24/2015 02:29:55 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/24/2015 01:47:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/24/2015 05:55:16 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/24/2015 05:52:46 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/24/2015 05:04:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%3

Error: (04/24/2015 05:04:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%3

Error: (04/24/2015 05:03:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Remote Procedure Call (RPC) Locator service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (04/18/2015 10:08:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.75.0.12e801d07a457d2a412215C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeee9a9470-e638-11e4-9903-78acc0bae5e9

Error: (04/18/2015 10:06:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.75.0.1cc401d07a456dba9cda16C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeb645e91b-e638-11e4-9903-78acc0bae5e9

Error: (04/18/2015 10:06:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.75.0.129801d07a455e2c83bc16C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exea3f6dae2-e638-11e4-9903-78acc0bae5e9

Error: (04/16/2015 03:04:43 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog

Error: (04/15/2015 01:09:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175679e001d076fadfc6a2a53488C:\Windows\Explorer.EXE0852614a-e392-11e4-a9ea-78acc0bae5e9

Error: (04/14/2015 08:03:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.176893c0401d0770d798f7bc20C:\Program Files\Internet Explorer\iexplore.exe

Error: (04/14/2015 11:03:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4PhotoAcq.dll6.1.7601.175144ce7c955c0000005000000000001a3e3b2c01d076aab112fcb3C:\Windows\Explorer.EXEC:\Program Files\Windows Photo Viewer\PhotoAcq.dll5c95d2bd-e2b7-11e4-99ee-78acc0bae5e9

Error: (04/06/2015 03:19:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msert.exe1.195.2073.0cd801d07030112f86a10C:\Users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YCC87VH\msert.exe257a8a75-dc2d-11e4-bcd9-78acc0bae5e9

Error: (04/05/2015 10:24:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Spybot Search & Destroy Setup.exe0.0.0.0ea401d07010a8258b8a0C:\Users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4C848CDR\Spybot Search & Destroy Setup.exe009fc69c-dc04-11e4-bcd9-78acc0bae5e9

Error: (04/05/2015 10:17:02 PM) (Source: Application Virtualization Client) (EventID: 3079) (User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=3478:usr=mom}
Q:\140066.enu\Office14\WINWORDC.EXE0B004B04-000004192

CodeIntegrity Errors:
===================================
  Date: 2015-04-20 14:27:59.692
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-20 14:27:59.661
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-20 14:27:59.629
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-20 14:27:59.583
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-20 05:22:33.019
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-20 05:22:32.987
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 240 Processor
Percentage of memory in use: 32%
Total physical RAM: 2815.29 MB
Available physical RAM: 1889.08 MB
Total Pagefile: 7035.48 MB
Available Pagefile: 5816.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.46 GB) (Free:371.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:13.2 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 635DE117)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2015
Ran by mom at 2015-04-24 20:00:06
Running from C:\Users\mom\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4272652656-438244758-189266899-500 - Administrator - Disabled)
Guest (S-1-5-21-4272652656-438244758-189266899-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4272652656-438244758-189266899-1002 - Limited - Enabled)
mom (S-1-5-21-4272652656-438244758-189266899-1000 - Administrator - Enabled) => C:\Users\mom
TEst (S-1-5-21-4272652656-438244758-189266899-1003 - Administrator - Enabled) => C:\Users\TEst

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HughesNet Status Meter (HKLM-x32\...\{67939A60-3C84-4556-8427-97793155AEF6}) (Version: 6.2.0 - None provided)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Price is Right (x32 Version: 2.2.0.95 - WildTangent) Hidden
Unity Web Player (All users) (HKLM-x32\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4272652656-438244758-189266899-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\mom\AppData\Roaming\tyvitsju\tivesen.dll () <==== ATTENTION

==================== Restore Points  =========================

19-04-2015 08:06:06 Windows Update
20-04-2015 05:47:16 Created By FixIEDef
22-04-2015 19:03:19 Installed Sophos Virus Removal Tool.
22-04-2015 19:07:29 Removed Sophos Virus Removal Tool.
23-04-2015 18:51:13 Removed Sophos Virus Removal Tool.
24-04-2015 05:34:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-04-20 14:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00ADB057-7617-4876-8787-470055CF12B2} - \Runner IC No Task File <==== ATTENTION
Task: {0206CC90-D392-45D8-B52A-4078BEC9674F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {03EDF0DA-6EC2-46FB-8FD7-5A6E99BDA2AF} - \Microsoft\Windows\Media Center\PBDADiscovery No Task File <==== ATTENTION
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {0BC40909-6AF2-4FF1-9B83-EC806549F4E5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {13980026-C96F-4528-BF04-7C5C3FF6EB96} - \Microsoft\Windows\Media Center\RecordingRestart No Task File <==== ATTENTION
Task: {178FDE67-9DC1-400D-8B52-3DD6280BD032} - \Microsoft\Windows\Media Center\PvrRecoveryTask No Task File <==== ATTENTION
Task: {1ACEA5C9-2DA3-4900-9F01-CA45DA2CCAF5} - \Microsoft\Windows\Media Center\ActivateWindowsSearch No Task File <==== ATTENTION
Task: {1E4EE1F0-285F-4BCE-88F2-74A67977E747} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive No Task File <==== ATTENTION
Task: {21261CCF-BA29-4F4E-84CC-D4ABAB7E6406} - \{448273CE-D309-48C4-84D0-481B35A23B64} No Task File <==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {251DE5CB-6DF6-4978-BB83-A22FA50902C5} - \Microsoft\Windows\Media Center\InstallPlayReady No Task File <==== ATTENTION
Task: {28011108-68DF-4C73-B91B-57427D501BBA} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION
Task: {2BF072F7-41E0-4360-A67F-254A6FC579C0} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {2DBD6EB3-FD63-429A-87E0-DE5C318A737C} - \Hewlett-Packard\HP Support Assistant\PC Tuneup No Task File <==== ATTENTION
Task: {2ED50D70-9BCB-4055-BD8A-590EDF562402} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification No Task File <==== ATTENTION
Task: {31EC477A-5792-4E21-A65D-F50F57D0F9DB} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService No Task File <==== ATTENTION
Task: {362954CD-1443-46A3-861B-5C3A2743FDFA} - \Microsoft\Windows\Media Center\ReindexSearchRoot No Task File <==== ATTENTION
Task: {38CBD6F3-F1ED-4796-BD24-5766C43B3098} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4272652656-438244758-189266899-1000
Task: {43E5453C-BBA3-4111-9F4D-DF9C96CE1634} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {4402013C-4A89-4F58-94BF-FB640B800996} - \Microsoft\Windows\Media Center\RegisterSearch No Task File <==== ATTENTION
Task: {45FB66C6-E868-474F-A8D9-88C12CBEA99D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip No Task File <==== ATTENTION
Task: {486C1A9B-CCF9-462C-935B-E4F25EE9BB1D} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector No Task File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration No Task File <==== ATTENTION
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {4E19B4A4-BE39-4B6D-B11E-A3BFF4D5CB7F} - \{DD176437-0E2A-4047-AB32-224ADBED2401} No Task File <==== ATTENTION
Task: {52D6E666-548F-410E-BFF1-92B8C63CA97F} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {56D31F25-04BC-471E-AA27-52CB4C3020A5} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks No Task File <==== ATTENTION
Task: {578D0CA6-4844-430C-8D2A-BA79E7C01266} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File <==== ATTENTION
Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION
Task: {6271FDC0-C194-43DB-84D2-1233380741CB} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {67144494-C016-4460-BDE4-2BF8247102BC} - \Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask No Task File <==== ATTENTION
Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask No Task File <==== ATTENTION
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck No Task File <==== ATTENTION
Task: {782D691B-CCD9-488A-8678-C9931DACC414} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File <==== ATTENTION
Task: {8472E2B4-4982-4C64-B496-4564F8A1352D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {8C67184E-865A-4D27-82EC-43505B50026E} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task No Task File <==== ATTENTION
Task: {8E359152-D8C9-4871-AEA1-9851E769A8F1} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 No Task File <==== ATTENTION
Task: {92481A48-26F5-442C-9298-DD713B27E3A4} - \Registration No Task File <==== ATTENTION
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {95E7292F-653F-46C1-8160-FAEC9F3307D5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {98F6E988-20BB-4E04-B95B-F31E5CB356B2} - \Microsoft\Windows\Wininet\CacheTask No Task File <==== ATTENTION
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader No Task File <==== ATTENTION
Task: {A42684B2-6D5E-4EDE-9919-61D64518237D} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary No Task File <==== ATTENTION
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter No Task File <==== ATTENTION
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - \Microsoft\Windows\Location\Notifications No Task File <==== ATTENTION
Task: {A70F1A61-D69D-4D02-876F-B399AB64BC35} - \Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events No Task File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent No Task File <==== ATTENTION
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager No Task File <==== ATTENTION
Task: {ADC06EF7-C9A8-49F7-A5A6-C2F6231DA82B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {AEBA3AC0-F3A7-4FBC-A122-DC734318377B} - \Microsoft\Windows\Media Center\PvrScheduleTask No Task File <==== ATTENTION
Task: {B0B73B96-C439-4820-AAB1-3FBB85493C87} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis No Task File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor No Task File <==== ATTENTION
Task: {B32E3924-31FA-4833-8AA8-B4E634B38626} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B76872B0-5B6E-4877-9431-373627D853E7} - \{CE39A8BC-59C4-4FD5-B984-2B0CD994E71E} No Task File <==== ATTENTION
Task: {B852AA03-A8A4-490A-B8DC-A7570EFBDEE4} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe
Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled No Task File <==== ATTENTION
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION
Task: {C0B2AA68-DF9E-400A-B71C-581384C21B8A} - \Hewlett-Packard\HP Support Assistant\Ghost Resign Task No Task File <==== ATTENTION
Task: {C57336C0-7423-4250-A8DD-AAE1E77A45DC} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask No Task File <==== ATTENTION
Task: {C9780D19-2567-4C8C-B584-369072FD98FE} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 No Task File <==== ATTENTION
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup No Task File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {CBFED178-75FE-42F5-BB35-F3E5E50AD33F} - \Microsoft\Windows\Media Center\PeriodicScanRetry No Task File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - \Microsoft\Windows\Autochk\Proxy No Task File <==== ATTENTION
Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - \Microsoft\Windows\Maintenance\WinSAT No Task File <==== ATTENTION
Task: {DC3C0E7C-6B67-43C4-B5AE-246681442028} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-21] (Adobe Systems Incorporated)
Task: {DCCEC452-F4F3-4193-B418-3B352CADD5F6} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {DD7B370B-7F26-4978-987E-08483B367623} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {DE3A3F25-99E5-4F0A-9D2F-6321A5602C47} - \Microsoft\Windows\Media Center\StartRecording No Task File <==== ATTENTION
Task: {DF0EB2A9-6AB6-4508-B310-E6D1ED383B44} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange No Task File <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION
Task: {E4790C4E-756E-414D-87A6-3830EE638044} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask No Task File <==== ATTENTION
Task: {EA3B8A34-590B-4F03-969B-766CC1A3C4C8} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask No Task File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask No Task File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {F446D15B-7274-4052-B5BB-24F19B0AD4C7} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {F64F9C9D-6599-44CB-BC8B-AE58B29EFC2F} - System32\Tasks\HPCeeScheduleFormom => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {F6734812-A49A-4C93-AA1F-E2D06F27C571} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File <==== ATTENTION
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem No Task File <==== ATTENTION
Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleFormom.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2009-10-01 09:22 - 2009-10-01 09:22 - 00327168 _____ () C:\Windows\system32\SaMinDrv.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4272652656-438244758-189266899-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdpeakProxy => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: BeFrugal.com Service => 2
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\startupreg: BFHP => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: HughesNetStatusMeter => "C:\Program Files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Regedit32 => C:\Windows\system32\regedit.exe
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Tagee => C:\Users\mom\AppData\Roaming\Uhbyi\tagee.exe
MSCONFIG\startupreg: YTDownloader => /boot

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2015 10:08:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e8

Start Time: 01d07a457d2a4122

Termination Time: 15

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: ee9a9470-e638-11e4-9903-78acc0bae5e9

Error: (04/18/2015 10:06:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cc4

Start Time: 01d07a456dba9cda

Termination Time: 16

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: b645e91b-e638-11e4-9903-78acc0bae5e9

Error: (04/18/2015 10:06:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 298

Start Time: 01d07a455e2c83bc

Termination Time: 16

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: a3f6dae2-e638-11e4-9903-78acc0bae5e9

Error: (04/16/2015 03:04:43 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (04/15/2015 01:09:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9e0

Start Time: 01d076fadfc6a2a5

Termination Time: 3488

Application Path: C:\Windows\Explorer.EXE

Report Id: 0852614a-e392-11e4-a9ea-78acc0bae5e9

Error: (04/14/2015 08:03:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3c04

Start Time: 01d0770d798f7bc2

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (04/14/2015 11:03:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: PhotoAcq.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c955
Exception code: 0xc0000005
Fault offset: 0x000000000001a3e3
Faulting process id: 0xb2c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/06/2015 03:19:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msert.exe version 1.195.2073.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cd8

Start Time: 01d07030112f86a1

Termination Time: 0

Application Path: C:\Users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YCC87VH\msert.exe

Report Id: 257a8a75-dc2d-11e4-bcd9-78acc0bae5e9

Error: (04/05/2015 10:24:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spybot Search & Destroy Setup.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ea4

Start Time: 01d07010a8258b8a

Termination Time: 0

Application Path: C:\Users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4C848CDR\Spybot Search & Destroy Setup.exe

Report Id: 009fc69c-dc04-11e4-bcd9-78acc0bae5e9

Error: (04/05/2015 10:17:02 PM) (Source: Application Virtualization Client) (EventID: 3079) (User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=3478:usr=mom}
The client could not launch Q:\140066.enu\Office14\WINWORDC.EXE (rc 0B004B04-00000419, last error 2).

System errors:
=============
Error: (04/24/2015 02:34:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/24/2015 02:34:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/24/2015 02:34:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/24/2015 02:29:55 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/24/2015 01:47:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/24/2015 05:55:16 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/24/2015 05:52:46 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/24/2015 05:04:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%3

Error: (04/24/2015 05:04:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%3

Error: (04/24/2015 05:03:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Remote Procedure Call (RPC) Locator service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (04/18/2015 10:08:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.75.0.12e801d07a457d2a412215C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeee9a9470-e638-11e4-9903-78acc0bae5e9

Error: (04/18/2015 10:06:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.75.0.1cc401d07a456dba9cda16C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeb645e91b-e638-11e4-9903-78acc0bae5e9

Error: (04/18/2015 10:06:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.75.0.129801d07a455e2c83bc16C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exea3f6dae2-e638-11e4-9903-78acc0bae5e9

Error: (04/16/2015 03:04:43 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog

Error: (04/15/2015 01:09:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175679e001d076fadfc6a2a53488C:\Windows\Explorer.EXE0852614a-e392-11e4-a9ea-78acc0bae5e9

Error: (04/14/2015 08:03:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.176893c0401d0770d798f7bc20C:\Program Files\Internet Explorer\iexplore.exe

Error: (04/14/2015 11:03:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4PhotoAcq.dll6.1.7601.175144ce7c955c0000005000000000001a3e3b2c01d076aab112fcb3C:\Windows\Explorer.EXEC:\Program Files\Windows Photo Viewer\PhotoAcq.dll5c95d2bd-e2b7-11e4-99ee-78acc0bae5e9

Error: (04/06/2015 03:19:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msert.exe1.195.2073.0cd801d07030112f86a10C:\Users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YCC87VH\msert.exe257a8a75-dc2d-11e4-bcd9-78acc0bae5e9

Error: (04/05/2015 10:24:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Spybot Search & Destroy Setup.exe0.0.0.0ea401d07010a8258b8a0C:\Users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4C848CDR\Spybot Search & Destroy Setup.exe009fc69c-dc04-11e4-bcd9-78acc0bae5e9

Error: (04/05/2015 10:17:02 PM) (Source: Application Virtualization Client) (EventID: 3079) (User: )
Description: {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=3478:usr=mom}
Q:\140066.enu\Office14\WINWORDC.EXE0B004B04-000004192

CodeIntegrity Errors:
===================================
  Date: 2015-04-20 14:27:59.692
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-20 14:27:59.661
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-20 14:27:59.629
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-20 14:27:59.583
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-20 05:22:33.019
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-20 05:22:32.987
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 240 Processor
Percentage of memory in use: 32%
Total physical RAM: 2815.29 MB
Available physical RAM: 1889.08 MB
Total Pagefile: 7035.48 MB
Available Pagefile: 5816.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.46 GB) (Free:371.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:13.2 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 635DE117)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 mommyofnuts

mommyofnuts
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 24 April 2015 - 07:25 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015

Ran by mom (administrator) on MOM-HP on 24-04-2015 19:59:28

Running from C:\Users\mom\Downloads

Loaded Profiles: mom (Available profiles: mom & TEst)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Microsoft Corporation) C:\Windows\System32\Locator.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dinotify.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKU\S-1-5-21-4272652656-438244758-189266899-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)

HKU\S-1-5-21-4272652656-438244758-189266899-1000\...\Policies\Explorer: [TaskbarNoNotification] 1

HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 1

HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4272652656-438244758-189266899-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4272652656-438244758-189266899-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4272652656-438244758-189266899-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/

SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

Toolbar: HKU\S-1-5-21-4272652656-438244758-189266899-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKU\S-1-5-21-4272652656-438244758-189266899-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @unity3d.com/UnityPlayer,version=1.0 -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-25] (Unity Technologies ApS)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll [2014-11-24] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]

R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-15] (McAfee, Inc.)

S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R1 DVDHelp; C:\Windows\System32\drivers\DVDHelp.sys [28696 2014-08-11] ()

S3 GSVDRIVE; C:\Windows\System32\DRIVERS\GSVDRIVE.sys [28568 2014-08-11] (GiliSoft International LLC.) [File not signed]

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2014-02-19] ()

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-04-15] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106120 2015-04-15] (McAfee, Inc.)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-20] ()

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-18] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 19:59 - 2015-04-24 19:59 - 00009029 _____ () C:\Users\mom\Downloads\FRST.txt

2015-04-24 19:58 - 2015-04-24 19:59 - 00000000 ____D () C:\FRST

2015-04-24 19:58 - 2015-04-24 19:58 - 02099712 _____ (Farbar) C:\Users\mom\Downloads\FRST64.exe

2015-04-24 05:56 - 2015-04-24 05:56 - 00020085 _____ () C:\ComboFix.txt

2015-04-24 05:15 - 2015-04-24 05:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-04-24 05:15 - 2015-04-24 05:15 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-24 05:14 - 2015-04-24 05:14 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-04-23 19:49 - 2015-04-23 19:49 - 00000000 ____D () C:\Users\mom\AppData\Local\Secunia PSI

2015-04-23 19:49 - 2015-04-23 19:49 - 00000000 ____D () C:\Program Files (x86)\Secunia

2015-04-23 18:35 - 2015-04-23 18:35 - 00005227 _____ () C:\Users\mom\Downloads\hijackthis.log

2015-04-23 18:32 - 2015-04-23 18:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\mom\Downloads\HijackThis.exe

2015-04-22 19:04 - 2015-04-23 18:51 - 00000000 ____D () C:\ProgramData\Sophos

2015-04-22 18:49 - 2015-04-22 18:49 - 00000000 ____D () C:\Users\mom\AppData\Local\AntiLogger Free

2015-04-22 05:18 - 2015-04-22 05:37 - 00000000 ____D () C:\Users\mom\Downloads\stinger64-epo (1)

2015-04-22 05:17 - 2015-04-22 05:18 - 15261040 _____ () C:\Users\mom\Downloads\stinger64-epo (1).zip

2015-04-21 18:00 - 2015-04-21 18:00 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MOM-HP-Windows-7-Home-Premium-(64-bit).dat

2015-04-21 17:46 - 2015-04-21 17:46 - 00321952 _____ () C:\Users\mom\AppData\Local\census.cache

2015-04-21 17:46 - 2015-04-21 17:46 - 00154956 _____ () C:\Users\mom\AppData\Local\ars.cache

2015-04-21 17:35 - 2015-04-21 17:35 - 00000036 _____ () C:\Users\mom\AppData\Local\housecall.guid.cache

2015-04-21 17:35 - 2013-09-27 22:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys

2015-04-20 05:47 - 2015-04-20 05:47 - 00000000 ____D () C:\ERDNT

2015-04-20 05:47 - 2015-04-20 05:47 - 00000000 ____D () C:\!FixIEDef

2015-04-20 05:13 - 2015-04-24 05:56 - 00000000 ____D () C:\Qoobox

2015-04-20 05:13 - 2015-04-20 05:47 - 00000000 ____D () C:\Windows\erdnt

2015-04-20 05:13 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-04-20 05:13 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-04-20 05:13 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-04-20 05:13 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-04-20 05:13 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-04-20 05:13 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe

2015-04-20 05:13 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe

2015-04-20 05:13 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe

2015-04-19 09:23 - 2015-04-19 09:23 - 00000000 ____D () C:\Program Files\Enigma Software Group

2015-04-19 04:56 - 2015-04-19 05:07 - 00705832 _____ () C:\Users\mom\Documents\duplicate.txt

2015-04-18 22:51 - 2015-04-18 22:57 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-04-18 22:51 - 2015-04-18 22:51 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-04-18 17:27 - 2015-04-18 17:27 - 00003976 _____ () C:\Windows\System32\Tasks\LaunchPreSignup

2015-04-18 17:26 - 2015-04-18 17:26 - 00000264 _____ () C:\prefs.js

2015-04-18 17:26 - 2015-04-18 17:26 - 00000000 ____D () C:\searchplugins

2015-04-18 17:25 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll

2015-04-18 17:25 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll

2015-04-16 06:01 - 2015-04-16 06:01 - 00012019 _____ () C:\Users\mom\Documents\nick bmt 2015.wlmp

2015-04-16 03:35 - 2015-04-16 03:35 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-04-16 03:35 - 2015-04-16 03:35 - 00000000 ____D () C:\Windows\system32\appraiser

2015-04-15 13:22 - 2015-04-21 16:11 - 00010672 _____ () C:\Windows\PFRO.log

2015-04-15 13:15 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-04-15 13:15 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-04-15 13:15 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-04-15 13:15 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-04-15 13:15 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-04-15 13:15 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-04-15 13:15 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-04-15 13:15 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-04-15 13:15 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-04-15 13:15 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-04-15 13:15 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-04-15 13:15 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-04-15 13:15 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-04-15 13:15 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-04-15 13:15 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-04-15 13:15 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-04-15 13:15 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-04-15 13:15 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2015-04-15 13:14 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-04-15 13:14 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-04-15 13:14 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-04-15 13:14 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-04-15 13:14 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-04-15 13:14 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-04-15 13:14 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-04-15 13:14 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-04-15 13:14 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-04-15 13:14 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-04-15 13:14 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-04-15 13:14 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-04-15 13:14 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-04-15 13:14 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-04-15 13:14 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-04-15 13:14 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-04-15 13:14 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-04-15 13:14 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-04-15 13:14 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-04-15 13:14 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-04-15 13:14 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-04-15 13:14 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-04-15 13:14 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-04-15 13:14 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-04-15 13:14 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-04-15 13:14 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-04-15 13:14 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-04-15 13:14 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-04-15 13:14 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-04-15 13:14 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-04-15 13:14 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-04-15 13:14 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-04-15 13:14 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-04-15 13:14 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-04-15 13:14 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-04-15 13:14 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-04-15 13:14 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-04-15 13:14 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-04-15 13:14 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-04-15 13:14 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-04-15 13:14 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-04-15 13:14 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-04-15 13:14 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-04-15 13:14 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-04-15 13:14 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-04-15 13:14 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-04-15 13:14 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-04-15 13:14 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-04-15 13:14 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-04-15 13:14 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-04-15 13:14 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-04-15 13:14 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-04-15 13:14 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2015-04-15 13:14 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2015-04-15 13:13 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-04-15 13:13 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-04-15 13:13 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-04-15 13:13 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-04-15 13:13 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-04-15 13:13 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-04-15 13:13 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-04-15 13:13 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-04-15 13:13 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-04-15 13:13 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-04-15 13:13 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-04-15 13:13 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-04-15 13:13 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-04-15 13:13 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-04-15 13:13 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-04-15 13:13 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-04-15 13:13 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-04-15 13:13 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-04-15 13:13 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-04-15 13:13 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-04-15 13:13 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-04-15 13:13 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-04-15 13:13 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-04-15 13:13 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-04-15 13:13 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-04-15 13:13 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-04-15 13:13 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-04-15 13:13 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-04-15 13:13 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-04-15 13:13 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-04-15 13:13 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-04-15 13:13 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-04-15 13:13 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-04-15 13:13 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-04-15 13:13 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-04-15 13:13 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-04-15 13:13 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-04-15 13:13 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-04-15 13:13 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-04-15 13:13 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-04-15 13:13 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-04-15 13:13 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-04-15 13:11 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2015-04-15 13:11 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-04-15 13:11 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2015-04-15 05:08 - 2015-04-15 05:08 - 00864072 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys

2015-04-15 05:08 - 2015-04-15 05:08 - 00250672 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe

2015-04-15 05:08 - 2015-04-15 05:08 - 00106120 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys

2015-04-15 05:06 - 2015-04-15 05:06 - 00000000 ____D () C:\Program Files\McAfee

2015-04-15 04:51 - 2015-04-15 04:51 - 00000000 ____D () C:\ProgramData\McAfee

2015-04-14 12:50 - 2015-04-14 12:50 - 00012826 _____ () C:\Users\mom\Documents\bmt movie 2.wlmp

2015-04-05 22:19 - 2015-04-24 05:04 - 00001120 _____ () C:\Windows\setupact.log

2015-04-05 22:19 - 2015-04-05 22:19 - 00279704 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-04-05 22:19 - 2015-04-05 22:19 - 00000000 _____ () C:\Windows\setuperr.log

2015-04-05 18:39 - 2015-04-05 18:39 - 00065112 _____ () C:\Users\mom\AppData\Local\GDIPFONTCACHEV1.DAT

2015-04-04 03:01 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-04-04 03:01 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\system32\GWX

2015-04-02 03:04 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls

2015-04-02 03:04 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls

2015-03-31 18:06 - 2015-04-22 22:46 - 00000000 ____D () C:\Users\mom\Downloads\dBvW6h

2015-03-31 06:35 - 2015-03-31 06:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-03-31 06:35 - 2015-03-31 06:35 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2015-03-31 06:21 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll

2015-03-31 06:21 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll

2015-03-31 06:21 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll

2015-03-31 06:21 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

2015-03-31 06:20 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-31 06:20 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-31 06:20 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-31 06:20 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-31 06:20 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-03-31 06:20 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-31 06:20 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-03-31 06:20 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-03-31 06:20 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-31 06:20 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-31 06:20 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-03-31 06:20 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-31 06:20 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-03-31 06:20 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-31 06:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-31 06:20 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-31 06:20 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-31 06:20 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-31 06:20 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-31 06:20 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-03-31 06:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-03-31 06:20 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-03-31 06:20 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2015-03-31 06:20 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2015-03-31 06:20 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2015-03-31 06:20 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-31 06:20 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-31 06:20 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2015-03-31 06:20 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-03-31 06:18 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-03-31 06:18 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-03-31 06:18 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-31 06:17 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-31 06:17 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-31 06:17 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-31 06:17 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-31 06:17 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-31 06:17 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2015-03-31 06:17 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-31 06:17 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-31 06:17 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-31 06:17 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-03-31 06:17 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2015-03-31 06:16 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-31 06:13 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2015-03-31 06:13 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll

2015-03-31 06:08 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-31 06:08 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2015-03-31 05:54 - 2015-03-31 06:07 - 00000354 _____ () C:\Users\mom\Desktop\(1) Facebook.url

2015-03-31 04:26 - 2015-03-31 04:28 - 00000000 ____D () C:\7446898937202c09aea58bc4e3

2015-03-31 04:23 - 2015-03-31 04:23 - 00000000 _____ () C:\Users\mom\Downloads\Windows6_1-KB947821-v34-x64_msu.13sa3nw.partial

2015-03-30 21:44 - 2015-03-31 04:25 - 00000000 ____D () C:\1b691eef31c319cce6fafc4e

2015-03-29 11:34 - 2015-03-29 11:34 - 00389437 _____ () C:\Users\mom\Downloads\grilled cheese and jesus day

2015-03-27 05:15 - 2015-03-27 05:15 - 00000000 ____D () C:\Users\mom\Documents\ProcAlyzer Dumps

2015-03-26 09:59 - 2015-03-26 09:59 - 00000236 _____ () C:\Users\mom\Desktop\HeritageBank of the South.url

2015-03-26 09:26 - 2015-04-22 07:07 - 00000716 _____ () C:\Users\mom\Desktop\mail.url

2015-03-25 12:06 - 2015-04-05 22:13 - 00001279 _____ () C:\Users\mom\Desktop\Internet Explorer.lnk

2015-03-25 08:39 - 2015-03-25 08:39 - 00000959 _____ () C:\Users\mom\Desktop\msn.url

2015-03-25 07:59 - 2015-03-25 07:59 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2015-03-25 07:58 - 2015-03-25 17:52 - 00000000 ____D () C:\Program Files\Google

2015-03-25 06:37 - 2015-04-18 21:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-03-25 06:37 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2015-03-25 05:12 - 2015-03-25 05:12 - 00000000 _____ () C:\autoexec.bat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-24 19:43 - 2015-01-31 00:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-24 19:25 - 2015-01-29 23:02 - 01949721 _____ () C:\Windows\WindowsUpdate.log

2015-04-24 06:07 - 2015-01-30 09:31 - 00115712 ___SH () C:\Users\mom\Downloads\Thumbs.db

2015-04-24 05:55 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini

2015-04-24 05:36 - 2015-03-23 06:18 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-24 05:36 - 2015-03-23 06:18 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-24 05:30 - 2009-07-14 01:13 - 00782720 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-24 05:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-04-24 05:04 - 2014-11-07 21:10 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-24 05:03 - 2014-05-03 07:10 - 00000000 ____D () C:\AdwCleaner

2015-04-22 06:53 - 2015-02-28 18:35 - 00000000 ____D () C:\Users\mom\Documents\stinger64-epo

2015-04-22 06:53 - 2013-12-16 21:36 - 00000000 ____D () C:\Program Files\stinger

2015-04-22 05:00 - 2015-02-26 04:34 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleFormom.job

2015-04-22 04:59 - 2015-02-26 04:34 - 00003170 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormom

2015-04-21 19:08 - 2015-01-31 00:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-04-21 19:08 - 2013-11-07 23:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-21 19:08 - 2013-11-07 23:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-20 05:47 - 2014-05-03 06:56 - 00000000 ____D () C:\Windows\ERUNT

2015-04-20 05:25 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default

2015-04-20 05:22 - 2014-10-27 21:15 - 00000000 ____D () C:\Program Files (x86)\HughesNet Status Meter

2015-04-20 00:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration

2015-04-19 11:44 - 2015-01-29 08:52 - 00000000 ____D () C:\Users\TEst\AppData\Local\1E43F865-F207-7C45-B202-B0A8B8BFB9CC

2015-04-19 11:44 - 2015-01-23 17:57 - 00000000 ____D () C:\Users\mom\AppData\Local\1E43F865-F207-7C45-B202-B0A8B8BFB9CC

2015-04-19 11:44 - 2015-01-23 17:28 - 00000000 ____D () C:\ProgramData\ckdeopcgmamecmdeoigfjpmjdapfplpf

2015-04-19 11:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System

2015-04-19 10:32 - 2015-01-29 10:28 - 00001393 _____ () C:\Users\TEst\Desktop\TeamSpeak 3 Client.lnk

2015-04-19 05:09 - 2014-11-26 01:11 - 00000000 ____D () C:\Users\mom\funny

2015-04-18 22:19 - 2014-02-19 05:17 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-04-18 22:08 - 2015-01-29 22:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2015-04-18 21:45 - 2015-01-24 05:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-04-18 19:49 - 2014-11-09 07:02 - 00001945 _____ () C:\Windows\epplauncher.mif

2015-04-18 02:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat

2015-04-16 19:21 - 2015-01-29 08:15 - 00000000 ____D () C:\Users\TEst

2015-04-16 19:17 - 2014-10-27 22:23 - 00007601 _____ () C:\Users\mom\AppData\Local\resmon.resmoncfg

2015-04-16 03:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-04-16 03:15 - 2013-12-08 13:04 - 00774842 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-04-14 17:35 - 2014-11-07 21:11 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-04-14 11:03 - 2013-11-10 13:30 - 00000000 ____D () C:\Users\mom\AppData\Local\CrashDumps

2015-04-05 22:17 - 2013-12-08 13:05 - 00000000 ____D () C:\Users\mom\AppData\Roaming\SoftGrid Client

2015-04-02 03:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2015-04-02 03:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism

2015-04-01 11:16 - 2014-10-28 05:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-03-31 06:36 - 2014-10-21 07:44 - 00000000 ____D () C:\Users\mom\AppData\Local\Adobe

2015-03-31 06:35 - 2014-10-22 19:25 - 00000000 ____D () C:\ProgramData\Adobe

2015-03-31 06:35 - 2014-10-22 19:25 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-03-31 05:44 - 2013-11-08 02:16 - 00000000 ____D () C:\Users\mom

2015-03-31 05:42 - 2011-03-10 18:32 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM

2015-03-31 05:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security

2015-03-31 05:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2015-03-31 05:41 - 2015-01-24 05:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-03-27 05:49 - 2014-01-19 18:28 - 00000000 ____D () C:\Users\mom\Documents\Mindy Jones

2015-03-26 03:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing

2015-03-25 18:13 - 2014-02-19 05:51 - 00000000 ____D () C:\Users\mom\AppData\Roaming\Malwarebytes

2015-03-25 17:52 - 2014-06-15 12:11 - 00000000 ____D () C:\Program Files (x86)\Google

2015-03-25 08:04 - 2014-06-15 12:24 - 00000000 ____D () C:\Games

2015-03-25 08:02 - 2014-06-15 12:11 - 00000000 ____D () C:\Users\mom\AppData\Local\Google

2015-03-25 07:59 - 2013-11-08 21:29 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2015-03-25 07:59 - 2013-11-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-03-25 07:59 - 2013-11-08 21:29 - 00000000 ____D () C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2014-10-29 13:08 - 2014-10-29 13:08 - 0001856 _____ () C:\Users\mom\AppData\Roaming\GhostObjGAFix.xml

2015-04-05 20:43 - 2015-04-05 22:11 - 0000115 _____ () C:\Users\mom\AppData\Roaming\LogFile.txt

2014-12-25 18:33 - 2015-01-24 03:34 - 0000128 _____ () C:\Users\mom\AppData\Roaming\WB.CFG

2014-11-12 03:18 - 2014-11-12 03:18 - 0000064 _____ () C:\Users\mom\AppData\Local\08e47ea8493e9b149244bb38e017f2d9

2015-04-21 17:46 - 2015-04-21 17:46 - 0154956 _____ () C:\Users\mom\AppData\Local\ars.cache

2015-04-21 17:46 - 2015-04-21 17:46 - 0321952 _____ () C:\Users\mom\AppData\Local\census.cache

2014-11-01 16:55 - 2015-01-15 19:17 - 0003584 _____ () C:\Users\mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-12-27 08:33 - 2014-12-27 08:33 - 0234679 _____ () C:\Users\mom\AppData\Local\dsi1.dat

2014-12-27 08:33 - 2014-12-27 08:33 - 0161916 _____ () C:\Users\mom\AppData\Local\dsi2.dat

2015-04-21 17:35 - 2015-04-21 17:35 - 0000036 _____ () C:\Users\mom\AppData\Local\housecall.guid.cache

2014-10-27 22:23 - 2015-04-16 19:17 - 0007601 _____ () C:\Users\mom\AppData\Local\resmon.resmoncfg

Files to move or delete:

====================

C:\Users\mom\jagex_cl_runescape_LIVE.dat

C:\Users\mom\random.dat

C:\Users\TEst\jagex_cl_runescape_LIVE.dat

C:\Users\TEst\random.dat

 

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2014-11-05 03:53

==================== End Of Log ============================



#5 mommyofnuts

mommyofnuts
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 25 April 2015 - 05:47 AM

thank you for helping me. I think I posted them in the wrong order.  I had a hard time figuring our how to post the logs to here. thank you


Edited by mommyofnuts, 25 April 2015 - 05:55 AM.


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 AM

Posted 25 April 2015 - 09:51 AM

Hi there,

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Step 1

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    systemspecs;
    startupall;
    filesrcm;
    emptyclsid;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 mommyofnuts

mommyofnuts
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 25 April 2015 - 05:25 PM

Zoek.exe v5.0.0.0 Updated 23-04-2015
Tool run by mom on Sat 04/25/2015 at 18:10:26.68.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\mom\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4/25/2015 6:13:41 PM Zoek.exe System Restore Point Created Successfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4272652656-438244758-189266899-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\S-1-5-21-4272652656-438244758-189266899-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Users\mom\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 2816 MB
CPU Info: AMD Athlon™ II X2 240 Processor
CPU Speed: 2816.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Display Adapters: ATI Radeon HD 4200  | ATI Radeon HD 4200  | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; HP S2031 Series Wide LCD Monitor | HP S2031 Series Wide LCD Monitor |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      CDDVDW TS-H653T
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  452.5GB | D:  13.2GB | Q:  0.0MB
Hard Disks - Free: C:  370.6GB | D:  1.6GB | Q:  0.0MB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | HPQOEM - 20110118
Time Zone: Eastern Standard Time
Motherboard *: FOXCONN 2AB1
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17728
Adobe Reader version: 11.0.10.32
Shockwave Player version: 12.1.6r156

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-04-21 22:00:09 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\Windows\tweaking.com-regbackup-MOM-HP-Windows-7-Home-Premium-(64-bit).dat
2015-04-20 09:13:39 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2015-04-20 09:13:39 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2015-04-20 09:13:39 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2015-04-20 09:13:39 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2015-04-20 09:13:39 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\mom\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-04-18 21:25:39 C85A2849F9E3389E70D5240D0EB77A0A 326288 ----a-w- C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-04-15 17:15:23 E981C27FA6C2F45C135DB4AF78D6FE1F 92672 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2015-04-15 17:15:23 C7E498E41D92CF8C2EAED9995781A7F7 29696 ----a-w- C:\Windows\SysWOW64\wups.dll
2015-04-15 17:15:23 9D68CE45935C439D5082ECB56902124D 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2015-04-15 17:15:23 751C4859FD46A1461B3FB57252F541D8 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2015-04-15 17:15:23 031C03C9639CE0D294695968C68A5775 173056 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 17:14:53 2B381229CCACA02AFF9D27B09073E523 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll
2015-04-15 17:14:51 DA5B856A037872BE089CA6967C7050C5 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2015-04-15 17:14:51 78492CF3C3697FB5AF4EAABB2BAF8595 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 17:14:43 32B9FEE479FF55234ED6BCF1D7976189 1309696 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2015-04-15 17:14:42 11896E75E1A118ABFAD126BEB650A189 3920824 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 17:14:41 A6A644BFAE31F111F35F8C3C7BA2A8A0 3976632 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 17:14:40 99DE8BADC0E85C9AB4A8301A3723FFEA 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2015-04-15 17:14:39 DB7CFA08957C94F6CFAA0DBB8BE4B906 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2015-04-15 17:14:39 BC09159AFF6639DB2CB28058731199F0 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll
2015-04-15 17:14:39 56977F27A96383E2A6C8BACEFC17E9CA 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 17:14:38 2DE438AE95C59FB33B3E4E34827C1100 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 17:14:37 E6A73ED322D8D0E85589894157F81940 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2015-04-15 17:14:37 A169307F0105183092F2AEDA9A8BD15D 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll
2015-04-15 17:14:37 A057B61F8A553F6DA38563597FA3676B 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 17:14:37 6F8CEB8115737D2E049804B191AE41A9 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
2015-04-15 17:14:37 655C88135254C78E6FB66B6C2F6AC5DA 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2015-04-15 17:14:37 06C69684C3730E1A31DF06D4DD4042BC 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 17:14:36 C2A7AEA0A0FF0E7284632902FF9BD73A 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2015-04-15 17:14:36 6A9FFEF19C4F8F2E9082A50BB07ECDF1 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2015-04-15 17:14:36 52C84F726B8B84634F2E666C49076CDE 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 17:14:36 47A1F23EE40C2389FCD53E9D5CEA3430 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2015-04-15 17:14:36 0FF9EEFF3EFC725FD90AD2CDA5A96776 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2015-04-15 17:14:34 FC898E44379D877DE92D869E713528CD 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2015-04-15 17:14:34 C557EB6CD735B4EE5076EA289B02CEAC 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 17:14:34 C0693456929F40833B9CC36C9CF7E3A8 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2015-04-15 17:14:34 53C485BC8BBD41877F58AEB89412F5D7 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2015-04-15 17:14:34 4B21D227B191A6305087BDD6BB19220F 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll
2015-04-15 17:14:34 2E0F849B7BF17969E45881FA4EB9B487 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2015-04-15 17:14:03 BA897AB3BC3DBC25829946EBA487496C 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2015-04-15 17:14:03 8CD57250F538CFFA0D5DCA9773AEDCAB 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 17:14:03 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\SysWOW64\ieuinit.inf
2015-04-15 17:14:02 DC155C2C14DC69EA400020CF92895873 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 17:14:02 D730BA653F9F95EC044F6636E6E45905 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 17:14:01 92CF8BC1B198C01CDC55A1A91E510700 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 17:14:01 89CACDF654626F1948BF6C19A6D610BE 342704 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 17:14:01 8127C2EE2E287BB3AB7843F9923B62BD 1311232 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2015-04-15 17:14:00 EC442CB6F2D08F4FAA6BA68A23B82383 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 17:14:00 CD91FE4F2718A88FC1C9C9C2E73EABB2 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 17:14:00 2F42037DD6F2831332653EB7F35D7E9A 19695616 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2015-04-15 17:13:59 CA4F96D21BEF43DE9407210CFF76FCEA 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 17:13:59 8E30C9B4E16C23211F1DD02B517E4FA8 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2015-04-15 17:13:59 8A083313C1F7F50098D1D4F2FC092BD1 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 17:13:59 01C2BB4C13E6E0AF50867BCE8EE8A03E 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 17:13:58 B7BFB7C2970DF5E779FF729C037BD8E4 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 17:13:58 A305BEDA0CD8304102BFBBA0EB2A48CA 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 17:13:58 77104FDBBD821F2D73338D9370675EF3 2278400 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2015-04-15 17:13:58 2B5DD86A4B6E92E5A79C479C0652E727 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 17:13:58 1DFA1B4968C4E9E23CD6E68AF9CC063F 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 17:13:57 AE8A9FCDC135F681EFE9135929CF4A7B 12825600 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2015-04-15 17:13:57 94D64C343FE6341430A4C61BC490FEBF 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll
2015-04-15 17:13:55 C46904F2E9E121A91DDDABB48D7648C3 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll
2015-04-15 17:13:55 BDE9AA78B575CDA7C946A725926021F7 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 17:13:55 7776F3DA2B1AEDC2DA226F726B1E9A01 503296 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2015-04-15 17:13:55 43A5A38E45F0D4FA02A0CCD51244AA17 4305408 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2015-04-15 17:13:54 B55293D48979DADE6049944C252A3BDB 340992 ----a-w- C:\Windows\SysWOW64\html.iec
2015-04-15 17:13:54 2396395B6F563158BEC2E0526D7F6CD2 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
2015-04-15 17:11:48 D824C1C235349B67E652A5CA70D1AA49 58880 ----a-w- C:\Windows\SysWOW64\clfsw32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-04-18 21:25:41 ADC083FC7EB215A8FC3D32482DC8F211 373864 ----a-w- C:\Windows\Sysnative\LavasoftTcpService64.dll
2015-04-15 17:15:23 C5D90D20035928387FE27E4485EE463F 36864 ----a-w- C:\Windows\Sysnative\wuapp.exe
2015-04-15 17:15:23 AEA602B4036CF95522818E911654F52E 135168 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2015-04-15 17:15:22 AECC03D0A794619E15FF1CB92D65EF9E 191488 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2015-04-15 17:15:22 95A9A336CFF6AC51B33BBFDBEA6D848B 60416 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll
2015-04-15 17:15:22 6C21C983C1F83900DBEDE51DCA247B72 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll
2015-04-15 17:15:22 6BAC8DCC6C58755A1B9E6D3B04C28FC5 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll
2015-04-15 17:15:22 2ADEA6F221BBF0992FDF9A3E25BA9F59 98304 ----a-w- C:\Windows\Sysnative\wudriver.dll
2015-04-15 17:15:22 2A77BD58F0A8D3743D4299434390922E 35328 ----a-w- C:\Windows\Sysnative\wups.dll
2015-04-15 17:15:22 21DF773EF8EFEF531E7E0BF477E03047 3298816 ----a-w- C:\Windows\Sysnative\wucltux.dll
2015-04-15 17:15:22 21CA4277E6918B019525ECCD748EF401 37376 ----a-w- C:\Windows\Sysnative\wups2.dll
2015-04-15 17:15:22 0814A74C853F50B354F08F83DDA9F7FB 2553856 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2015-04-15 17:15:08 7150E809474BBD4D4AD24B13FA2454E5 1239720 ----a-w- C:\Windows\Sysnative\aitstatic.exe
2015-04-15 17:15:07 E72C92A252EC4B230287BC6E06F24296 957952 ----a-w- C:\Windows\Sysnative\appraiser.dll
2015-04-15 17:15:07 826A7F422014E4762C700B4254F5C588 1111552 ----a-w- C:\Windows\Sysnative\aeinv.dll
2015-04-15 17:15:07 5D0A492C42A43DCF73284F2865519712 30720 ----a-w- C:\Windows\Sysnative\acmigration.dll
2015-04-15 17:15:07 3FCD3FE7F58935A85ACC33019129358E 419840 ----a-w- C:\Windows\Sysnative\devinv.dll
2015-04-15 17:15:07 205EE22E14A9848FB2266FF035BE0C9C 192000 ----a-w- C:\Windows\Sysnative\aepic.dll
2015-04-15 17:15:07 0E0723E6D064ACD3D603BEF93EE0B950 769536 ----a-w- C:\Windows\Sysnative\invagent.dll
2015-04-15 17:15:07 05ED759DD0821294F05A41F6A8F1E18F 726528 ----a-w- C:\Windows\Sysnative\generaltel.dll
2015-04-15 17:15:06 3F0FFBA1765470F979D57F88248070CA 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll
2015-04-15 17:14:53 72098048AB8AE2CAFA4ECE35D5051D62 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll
2015-04-15 17:14:51 2AA1704C1475AD9D18560AD07BDA66DF 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll
2015-04-15 17:14:51 0B85F3551337FE233477DA31545DC45C 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll
2015-04-15 17:14:44 DCB7D8034C773ADB660FA8F1139AC0A0 5557696 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2015-04-15 17:14:43 96C2380819EBAC0BF592A7E8977E9E8A 1727904 ----a-w- C:\Windows\Sysnative\ntdll.dll
2015-04-15 17:14:42 E75074EFBE3C24FBC95C7C1985E08FDE 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll
2015-04-15 17:14:42 B47C4E8E9AF9044F9D59443196D54608 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2015-04-15 17:14:40 CBEFBE487F0C09EE0F8AC5299447450E 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2015-04-15 17:14:40 5EA8A53A243ED52DA1F705D000854B2A 341504 ----a-w- C:\Windows\Sysnative\schannel.dll
2015-04-15 17:14:39 F87B5878D7621A16A0A5CF1D94BE5A53 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
2015-04-15 17:14:39 EA32F4EA3AE06EDD122FBCD5A489E457 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2015-04-15 17:14:39 B00F1AC213172C557EF84F71E4DF5EA3 243712 ----a-w- C:\Windows\Sysnative\wow64.dll
2015-04-15 17:14:39 A32CA33E8692DA882133341AF31A4C36 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2015-04-15 17:14:39 8E615D40A652999B224EDBBFA7B4035B 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll
2015-04-15 17:14:39 6DEDB5E0258998C01C26280DBDB2A4B9 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2015-04-15 17:14:39 5E9E31A2F213E757184EB2CA4B562E6C 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe
2015-04-15 17:14:38 F36EF8DBE5CE842B8F04515BF422DFB4 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2015-04-15 17:14:38 CB33B9F21F06764DCA561FC194823199 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2015-04-15 17:14:38 799E731B83F911A6220E678722A73DDF 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2015-04-15 17:14:38 7220246418A40D3BF7470058A2DB939A 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
2015-04-15 17:14:38 234529666FB5BBE12343FF58380E8234 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll
2015-04-15 17:14:37 CFDA43CD05B94C4853042E4A9561B156 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
2015-04-15 17:14:37 CACB6D061EAAE5CEB9203A26127843AF 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe
2015-04-15 17:14:37 CA4FC33FB22D92368A0B221092B46374 31232 ----a-w- C:\Windows\Sysnative\lsass.exe
2015-04-15 17:14:37 C631969919195C040E135CC380018A65 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll
2015-04-15 17:14:37 5905040249D279F61AE988A7F5F0D241 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2015-04-15 17:14:37 2ABF1BA930E5CE0017D6197A06B03E07 50176 ----a-w- C:\Windows\Sysnative\srclient.dll
2015-04-15 17:14:37 1150C2D3C72887571581DF6D0E58540D 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2015-04-15 17:14:37 0B6514A14631E41DE4D6D40D1C80BE68 112640 ----a-w- C:\Windows\Sysnative\smss.exe
2015-04-15 17:14:36 DE328CD9E0678A55880C2189EE5BDBDC 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2015-04-15 17:14:36 978BC01DD41125DED32AC03925A16578 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
2015-04-15 17:14:34 88B6EDA230EFEFC780AF717AA9640CAD 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll
2015-04-15 17:14:34 55BF60184106FCF60B999CDEB4EACB2E 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
2015-04-15 17:14:34 39D0217773202CF09F13C1E420CBA6CA 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll
2015-04-15 17:14:34 3474740668B86841E999893D9314193E 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll
2015-04-15 17:14:02 B664D90F9BFCFBBCF520C63B17736880 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2015-04-15 17:14:02 3B69EBB762C52E8EFC127857C93CAC4F 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2015-04-15 17:14:02 3278499EBA0DAA54EB4B68F695F0FB43 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2015-04-15 17:14:01 9D3E174BD20A383523D5551A46C24BF6 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll
2015-04-15 17:14:01 7571102ACD8A82A55D1657CDF96A1A0E 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2015-04-15 17:14:01 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\Sysnative\ieuinit.inf
2015-04-15 17:14:00 0B077004AE4C2F7DE630445391360262 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-04-15 17:13:59 F36C78BC3D456BFB42A606A6B723F6DC 389808 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2015-04-15 17:13:58 B137E42258BCE4D1DA6D7F11C084983A 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2015-04-15 17:13:58 68996E442920AD397279C3CD2AC37551 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2015-04-15 17:13:58 630FB85EF5FFB7441A7AFB4CC9FC9DB6 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-04-15 17:13:58 3C9D34F1F5A2C6867ECC60026F1F6CB7 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll
2015-04-15 17:13:57 9171D1A18B1185A78BA33FEE884B8912 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2015-04-15 17:13:57 0E98ED153699741D42472B0B429B3434 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll
2015-04-15 17:13:56 706A56A863BD5F24FC98EF5E2D0582AD 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2015-04-15 17:13:56 50B2A19B2FBFEFE0FFC537C1BA6C5DD9 2886144 ----a-w- C:\Windows\Sysnative\iertutil.dll
2015-04-15 17:13:56 3408F27ABC8B2426481306336F747949 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2015-04-15 17:13:55 35B570D079F77FDE5D816CCB2FCE9C98 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2015-04-15 17:13:54 E935163C8AFFEB519572CEB8AA10E8E1 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2015-04-15 17:13:54 8E9A5B0DA4B6DFCD3CB13A69E89417D6 633856 ----a-w- C:\Windows\Sysnative\ieui.dll
2015-04-15 17:13:54 0DD9381BE8609D889F01812B7EFB1693 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2015-04-15 17:13:53 FA10EC0F44A75511D13F9D93184CFC90 14397440 ----a-w- C:\Windows\Sysnative\ieframe.dll
2015-04-15 17:13:53 3C9C1ADE982DB6FD77AD19FFE252B80A 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2015-04-15 17:13:53 3457A873B2246B36F1FF58876841D7FE 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2015-04-15 17:13:52 E593E891B374088572AD021431EBC38B 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll
2015-04-15 17:13:52 AA0640B3252BB6E9F90715F79EE77399 6025216 ----a-w- C:\Windows\Sysnative\jscript9.dll
2015-04-15 17:13:52 93B4EB4C7FF742BB834607B24EEF9F8F 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2015-04-15 17:13:52 77B35D0FC22A2D2EAC8D07C3F9784DBF 2358784 ----a-w- C:\Windows\Sysnative\wininet.dll
2015-04-15 17:13:51 E0B5729CDAD0701839569A16DE68D311 199680 ----a-w- C:\Windows\Sysnative\msrating.dll
2015-04-15 17:13:51 899C731AF8C5FF826DFA6C19D725A355 417280 ----a-w- C:\Windows\Sysnative\html.iec
2015-04-15 17:13:51 58DF183B856803E74BED39550FED0BCE 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2015-04-15 17:13:50 DBC0C4554A8B2A81F68690D30F12C99E 24980480 ----a-w- C:\Windows\Sysnative\mshtml.dll
2015-04-15 17:11:48 745DE455E02693423B1B78F448D52961 79360 ----a-w- C:\Windows\Sysnative\clfsw32.dll
2015-04-15 17:11:48 404B7DF9CA4D1CB675045AF220FF3285 367552 ----a-w- C:\Windows\Sysnative\clfs.sys
2015-04-15 09:08:05 F9881B099DD511A9A53B0B9DB668EA9D 250672 ----a-w- C:\Windows\Sysnative\mfevtps.exe
====== C:\Windows\Sysnative\drivers =====
2015-04-24 09:15:12 E9CD058C79EA15B4AA93E259FA713B07 136408 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-04-24 09:14:06 0307CF4184F4F22DB75F36ACCCEF7ED1 107736 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-04-21 21:35:33 F51065667FB127CF6DE984DAEA2F6B24 285208 ----a-w- C:\Windows\Sysnative\drivers\tmcomm.sys
2015-04-19 02:51:19 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2015-04-15 17:14:38 1FA627E63195BF3BF636BFEF0D7190D4 155576 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-04-15 17:14:38 063C09DB965E3DFD6F4F08416F6DB8F5 95672 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2015-04-15 17:14:05 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\Sysnative\drivers\http.sys
2015-04-15 09:08:04 F2DF90B0DA5D80A7D0728D036886D129 106120 ----a-w- C:\Windows\Sysnative\drivers\mferkdet.sys
2015-04-15 09:08:04 E66C388028FC6D4B837504BB350FF368 864072 ----a-w- C:\Windows\Sysnative\drivers\mfehidk.sys
2015-03-31 10:20:13 ED6E75158D28D33A2E2A020AC5B2B59D 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys
2015-03-31 10:20:11 87BCD1034CBF33537D4D4C251D39BA26 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys
2015-03-31 10:20:09 90C53BD47979FB8814F465A08B885102 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2015-03-31 10:17:30 27667A788130A7F7A5858DE27572E6D7 459336 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
====== C:\Windows\Tasks ======
2015-04-18 21:27:26 2C8DF895C10B187663899439F54A185B 3976 ----a-w- C:\Windows\Sysnative\Tasks\LaunchPreSignup
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-04-19 13:23:22 -------- d-----w- C:\Program Files\Enigma Software Group
======= C:\PROGRA~2 =====
2015-04-23 23:49:49 -------- d-----w- C:\PROGRA~2\Secunia
======= C: =====
2015-04-18 21:26:14 807D3A67B283851C624EC7A4FC8785D4 264 ----a-w- C:\prefs.js
====== C:\Users\mom\AppData\Roaming ======
2015-04-24 09:56:59 -------- d-----w- C:\Users\TEst\AppData\Local\temp
2015-04-24 09:56:59 -------- d-----w- C:\Users\Public\AppData\Local\temp
2015-04-24 09:56:59 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\temp
2015-04-24 09:56:59 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2015-04-24 09:56:59 -------- d-----w- C:\Users\Default\AppData\Local\temp
2015-04-24 09:56:59 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2015-04-24 09:56:59 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2015-04-23 23:49:58 -------- d-----w- C:\Users\mom\AppData\Local\Secunia PSI
2015-04-22 22:49:01 -------- d-----w- C:\Users\mom\AppData\Local\AntiLogger Free
2015-04-21 21:46:09 28983A06A77174B8A0A66811910B5968 321952 ----a-w- C:\Users\mom\AppData\Local\census.cache
2015-04-21 21:46:08 AEE46B2AECC2990F03A315B48E80172D 154956 ----a-w- C:\Users\mom\AppData\Local\ars.cache
2015-04-21 21:35:03 88237B77AD869AF39B31D814EBA60444 36 ----a-w- C:\Users\mom\AppData\Local\housecall.guid.cache
2015-04-18 21:46:21 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\WebBar
2015-04-18 21:45:04 20C01A33DC3771C4D0B24DB02F4E687F 151368 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2015-04-06 00:43:36 0EE7C3CEA1DED759A5D27CCB7E8801DC 115 ----a-w- C:\Users\mom\AppData\Roaming\LogFile.txt
2015-04-05 22:39:36 9E4BDFA36AB3BEDABBE8DD39A4B7677A 65112 ----a-w- C:\Users\mom\AppData\Local\GDIPFONTCACHEV1.DAT
====== C:\Users\mom ======
2015-04-24 23:58:11 B1DAAA766F73F5FF65EE3E9DE152D274 2099712 ----a-w- C:\Users\mom\Downloads\FRST64.exe
2015-04-22 23:04:04 -------- d-----w- C:\ProgramData\Sophos
2015-04-20 09:25:31 -------- d-----w- C:\Users\Public\AppData
2015-04-19 02:51:13 -------- d-----w- C:\ProgramData\RogueKiller
2015-04-16 23:20:59 BE51DA8D6CFD6702F046D859376F5215 65536 --sha-w- C:\Users\TEst\NTUSER.LMIRescue.TMP{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2015-04-16 23:20:59 8CB36DA408072A5DFB0888DA225F8E1F 524288 --sha-w- C:\Users\TEst\NTUSER.LMIRescue.TMP{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2015-04-16 23:20:59 59071590099D21DD439896592338BF95 524288 --sha-w- C:\Users\TEst\NTUSER.LMIRescue.TMP{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2015-03-28 22:13:56 59071590099D21DD439896592338BF95 524288 --sha-w- C:\Users\TEst\NTUSER.LMIRescue.TMP{b4d9fe7f-d576-11e4-804b-78acc0bae5e9}.TMContainer00000000000000000002.regtrans-ms
2015-03-28 22:13:55 8BCBD324CF2CF5CD433BB9CC0014D4AA 65536 --sha-w- C:\Users\TEst\NTUSER.LMIRescue.TMP{b4d9fe7f-d576-11e4-804b-78acc0bae5e9}.TM.blf
2015-03-28 22:13:55 6B6B98836D594FFE2D0D79C0F9D0413A 524288 --sha-w- C:\Users\TEst\NTUSER.LMIRescue.TMP{b4d9fe7f-d576-11e4-804b-78acc0bae5e9}.TMContainer00000000000000000001.regtrans-ms

====== C: exe-files ==
2015-04-24 23:58:11 B1DAAA766F73F5FF65EE3E9DE152D274 2099712 ----a-w- C:\Users\mom\Downloads\FRST64.exe
2015-04-24 09:14:04 FE9BD656A5F251D2BB90151325DA1B14 54072 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-4272652656-438244758-189266899-1000\$RYH2NO8\mbamdor.exe
2015-04-24 09:14:04 7CBC1070E51238E59F7535C8F2344FB6 821560 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-4272652656-438244758-189266899-1000\$RYH2NO8\Plugins\fixdamage.exe
2015-04-24 09:14:04 5E29C495F48A9CFED856D097FED6ECE4 170296 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-4272652656-438244758-189266899-1000\$RYH2NO8\mbar.exe
2015-04-24 09:02:11 BCA7C7F35103894AC6D403C0917DF0F3 2224640 ----a-w- C:\Users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLWE60H9\adwcleaner_4.202.exe
2015-04-21 18:03:56 CD871389A85568A92C100AFBA6A91DEA 15269744 ----a-w- C:\Users\mom\Downloads\stinger64-epo (1)\stinger.exe
2015-04-21 18:03:56 CD871389A85568A92C100AFBA6A91DEA 15269744 ----a-w- C:\Users\mom\AppData\Local\Microsoft\Windows\Burn\Burn\Pictures\Downloads (2)\stinger64-epo (1)\stinger.exe
2015-04-20 09:13:39 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2015-04-20 09:13:39 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2015-04-20 09:13:39 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2015-04-20 09:13:39 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2015-04-20 09:13:39 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2015-04-19 13:23:56 E796CCF06C15CE6C7AE8E158D3BAAD02 25472 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\native.exe
2015-04-19 13:23:31 F845E730A534BA17372368372DF01579 8260480 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
2015-04-19 13:23:30 492DD2C144612A8F6F9C39F27F009667 1026432 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
=== C: other files ==
2015-04-24 09:15:12 E9CD058C79EA15B4AA93E259FA713B07 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-04-24 09:14:06 0307CF4184F4F22DB75F36ACCCEF7ED1 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-22 09:17:36 3E36547BCA472E87A05FADC10E91919C 15261040 ----a-w- C:\Users\mom\Downloads\stinger64-epo (1).zip
2015-04-22 09:17:36 3E36547BCA472E87A05FADC10E91919C 15261040 ----a-w- C:\Users\mom\AppData\Local\Microsoft\Windows\Burn\Burn\Pictures\Downloads (2)\stinger64-epo (1).zip
2015-04-21 21:35:33 F51065667FB127CF6DE984DAEA2F6B24 285208 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2015-04-21 18:03:56 9CD766D6D530B54F57EA95171C9764DF 553 ----a-w- C:\Users\mom\Downloads\stinger64-epo (1)\stingerc.bat
2015-04-21 18:03:56 9CD766D6D530B54F57EA95171C9764DF 553 ----a-w- C:\Users\mom\AppData\Local\Microsoft\Windows\Burn\Burn\Pictures\Downloads (2)\stinger64-epo (1)\stingerc.bat
2015-04-19 13:23:56 F845E730A534BA17372368372DF01579 8260480 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com
2015-04-19 13:23:40 7AEC5E76816178BF6C543A155D8208B6 15920 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
2015-04-19 13:23:38 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.sys
2015-04-19 02:51:19 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BFHP]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BFHP"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\BeFrugal.com\\Toolbar\\BFHP.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HughesNetStatusMeter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HughesNetStatusMeter"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\HughesNet Status Meter\\HughesNet Status Meter.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NCPluginUpdater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="NCPluginUpdater"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Hewlett-Packard\\HP Health Check\\ActiveCheck\\product_line\\NCPluginUpdater.exe\" Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Norton Online Backup"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF Complete]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDF Complete"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF Complete\\pdfsty.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Regedit32]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Regedit32"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\regedit.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SmartMenu"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"c:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tagee]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Tagee"
"hkey"="HKCU"
"command"="C:\\Users\\mom\\AppData\\Roaming\\Uhbyi\\tagee.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YTDownloader"
"hkey"="HKCU"
"command"="/boot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdpeakProxy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BeFrugal.com Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GamesAppIntegrationService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GamesAppService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HP Health Check Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPClientSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPDrvMntSvc.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hpqwmiex]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LightScribeService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NOBU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\pdfcDispatcher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RoxioNow Service]

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04/21/2015 07:08 PM]
C:\Windows\tasks\HPCeeScheduleFormom.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [09/14/2010 02:15 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" [C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleFormom" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\LaunchPreSignup" [C:\Program Files (x86)\OLBPre\OLBPre.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Sat 04/25/2015 at 18:20:03.01 ======================
 


thank you  got this step done.



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 AM

Posted 26 April 2015 - 07:58 AM

Hi,

 

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 mommyofnuts

mommyofnuts
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 26 April 2015 - 09:55 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015

Ran by mom (administrator) on MOM-HP on 26-04-2015 10:36:02

Running from C:\Users\mom\Downloads

Loaded Profiles: mom (Available profiles: mom & TEst)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Microsoft Corporation) C:\Windows\System32\Locator.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKU\S-1-5-21-4272652656-438244758-189266899-1000\...\Policies\Explorer: [TaskbarNoNotification] 1

HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 1

HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-4272652656-438244758-189266899-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4272652656-438244758-189266899-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-4272652656-438244758-189266899-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/

SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @unity3d.com/UnityPlayer,version=1.0 -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-25] (Unity Technologies ApS)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll [2014-11-24] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]

R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-15] (McAfee, Inc.)

S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R1 DVDHelp; C:\Windows\System32\drivers\DVDHelp.sys [28696 2014-08-11] ()

S3 GSVDRIVE; C:\Windows\System32\DRIVERS\GSVDRIVE.sys [28568 2014-08-11] (GiliSoft International LLC.) [File not signed]

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2014-02-19] ()

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-04-15] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106120 2015-04-15] (McAfee, Inc.)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-20] ()

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-18] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 10:35 - 2015-04-26 10:35 - 00000000 ____D () C:\Users\mom\Downloads\FRST-OlderVersion

2015-04-25 18:23 - 2015-04-25 18:23 - 00034396 _____ () C:\Users\mom\Desktop\zoek-results.txt

2015-04-25 18:13 - 2015-04-25 18:20 - 00034396 _____ () C:\zoek-results.log

2015-04-25 12:56 - 2015-04-25 12:56 - 00001094 _____ () C:\Users\mom\Desktop\zoek - Shortcut.lnk

2015-04-25 12:56 - 2015-04-25 12:56 - 00000000 ____D () C:\zoek_backup

2015-04-25 12:55 - 2015-04-25 12:56 - 01305600 _____ () C:\Users\mom\Downloads\zoek.exe

2015-04-24 20:00 - 2015-04-24 20:00 - 00042538 _____ () C:\Users\mom\Downloads\Addition.txt

2015-04-24 19:59 - 2015-04-26 10:36 - 00008645 _____ () C:\Users\mom\Downloads\FRST.txt

2015-04-24 19:58 - 2015-04-26 10:36 - 00000000 ____D () C:\FRST

2015-04-24 19:58 - 2015-04-26 10:35 - 02101248 _____ (Farbar) C:\Users\mom\Downloads\FRST64.exe

2015-04-24 05:56 - 2015-04-24 05:56 - 00020085 _____ () C:\ComboFix.txt

2015-04-24 05:15 - 2015-04-24 05:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-04-24 05:15 - 2015-04-24 05:15 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-24 05:14 - 2015-04-24 05:14 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-04-23 19:49 - 2015-04-23 19:49 - 00000000 ____D () C:\Users\mom\AppData\Local\Secunia PSI

2015-04-23 19:49 - 2015-04-23 19:49 - 00000000 ____D () C:\Program Files (x86)\Secunia

2015-04-23 18:35 - 2015-04-23 18:35 - 00005227 _____ () C:\Users\mom\Downloads\hijackthis.log

2015-04-23 18:32 - 2015-04-23 18:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\mom\Downloads\HijackThis.exe

2015-04-22 19:04 - 2015-04-23 18:51 - 00000000 ____D () C:\ProgramData\Sophos

2015-04-22 18:49 - 2015-04-22 18:49 - 00000000 ____D () C:\Users\mom\AppData\Local\AntiLogger Free

2015-04-22 05:18 - 2015-04-22 05:37 - 00000000 ____D () C:\Users\mom\Downloads\stinger64-epo (1)

2015-04-22 05:17 - 2015-04-22 05:18 - 15261040 _____ () C:\Users\mom\Downloads\stinger64-epo (1).zip

2015-04-21 18:00 - 2015-04-21 18:00 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MOM-HP-Windows-7-Home-Premium-(64-bit).dat

2015-04-21 17:46 - 2015-04-21 17:46 - 00321952 _____ () C:\Users\mom\AppData\Local\census.cache

2015-04-21 17:46 - 2015-04-21 17:46 - 00154956 _____ () C:\Users\mom\AppData\Local\ars.cache

2015-04-21 17:35 - 2015-04-21 17:35 - 00000036 _____ () C:\Users\mom\AppData\Local\housecall.guid.cache

2015-04-21 17:35 - 2013-09-27 22:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys

2015-04-20 05:47 - 2015-04-20 05:47 - 00000000 ____D () C:\ERDNT

2015-04-20 05:47 - 2015-04-20 05:47 - 00000000 ____D () C:\!FixIEDef

2015-04-20 05:13 - 2015-04-24 05:56 - 00000000 ____D () C:\Qoobox

2015-04-20 05:13 - 2015-04-20 05:47 - 00000000 ____D () C:\Windows\erdnt

2015-04-20 05:13 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-04-20 05:13 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-04-20 05:13 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-04-20 05:13 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-04-20 05:13 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-04-20 05:13 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe

2015-04-20 05:13 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe

2015-04-20 05:13 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe

2015-04-19 09:23 - 2015-04-19 09:23 - 00000000 ____D () C:\Program Files\Enigma Software Group

2015-04-19 04:56 - 2015-04-19 05:07 - 00705832 _____ () C:\Users\mom\Documents\duplicate.txt

2015-04-18 22:51 - 2015-04-18 22:57 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-04-18 22:51 - 2015-04-18 22:51 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-04-18 17:27 - 2015-04-18 17:27 - 00003976 _____ () C:\Windows\System32\Tasks\LaunchPreSignup

2015-04-18 17:26 - 2015-04-18 17:26 - 00000264 _____ () C:\prefs.js

2015-04-18 17:26 - 2015-04-18 17:26 - 00000000 ____D () C:\searchplugins

2015-04-18 17:25 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll

2015-04-18 17:25 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll

2015-04-16 06:01 - 2015-04-25 20:56 - 00051851 _____ () C:\Users\mom\Documents\nick bmt 2015.wlmp

2015-04-16 03:35 - 2015-04-16 03:35 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-04-16 03:35 - 2015-04-16 03:35 - 00000000 ____D () C:\Windows\system32\appraiser

2015-04-15 13:22 - 2015-04-25 17:59 - 00011438 _____ () C:\Windows\PFRO.log

2015-04-15 13:15 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-04-15 13:15 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-04-15 13:15 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-04-15 13:15 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-04-15 13:15 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-04-15 13:15 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-04-15 13:15 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-04-15 13:15 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-04-15 13:15 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-04-15 13:15 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-04-15 13:15 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-04-15 13:15 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-04-15 13:15 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-04-15 13:15 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-04-15 13:15 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-04-15 13:15 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-04-15 13:15 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-04-15 13:15 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-04-15 13:15 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2015-04-15 13:14 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-04-15 13:14 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-04-15 13:14 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-04-15 13:14 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-04-15 13:14 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-04-15 13:14 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-04-15 13:14 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-04-15 13:14 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-04-15 13:14 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-04-15 13:14 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-04-15 13:14 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-04-15 13:14 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-04-15 13:14 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-04-15 13:14 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-04-15 13:14 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-04-15 13:14 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-04-15 13:14 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-04-15 13:14 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-04-15 13:14 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-04-15 13:14 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-04-15 13:14 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-04-15 13:14 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-04-15 13:14 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-04-15 13:14 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-04-15 13:14 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-04-15 13:14 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-04-15 13:14 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-04-15 13:14 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-04-15 13:14 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-04-15 13:14 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-04-15 13:14 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-04-15 13:14 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-04-15 13:14 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-04-15 13:14 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-04-15 13:14 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-04-15 13:14 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-04-15 13:14 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-04-15 13:14 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-04-15 13:14 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-04-15 13:14 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-04-15 13:14 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-04-15 13:14 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-04-15 13:14 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-04-15 13:14 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-04-15 13:14 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-04-15 13:14 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-04-15 13:14 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-04-15 13:14 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-04-15 13:14 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-04-15 13:14 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-04-15 13:14 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-04-15 13:14 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-04-15 13:14 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-04-15 13:14 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-04-15 13:14 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-04-15 13:14 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2015-04-15 13:14 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2015-04-15 13:13 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-04-15 13:13 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-04-15 13:13 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-04-15 13:13 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-04-15 13:13 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-04-15 13:13 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-04-15 13:13 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-04-15 13:13 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-04-15 13:13 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-04-15 13:13 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-04-15 13:13 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-04-15 13:13 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-04-15 13:13 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-04-15 13:13 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-04-15 13:13 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-04-15 13:13 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-04-15 13:13 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-04-15 13:13 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-04-15 13:13 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-04-15 13:13 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-04-15 13:13 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-04-15 13:13 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-04-15 13:13 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-04-15 13:13 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-04-15 13:13 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-04-15 13:13 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-04-15 13:13 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-04-15 13:13 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-04-15 13:13 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-04-15 13:13 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-04-15 13:13 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-04-15 13:13 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-04-15 13:13 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-04-15 13:13 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-04-15 13:13 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-04-15 13:13 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-04-15 13:13 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-04-15 13:13 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-04-15 13:13 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-04-15 13:13 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-04-15 13:13 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-04-15 13:13 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-04-15 13:11 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2015-04-15 13:11 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-04-15 13:11 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2015-04-15 05:08 - 2015-04-15 05:08 - 00864072 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys

2015-04-15 05:08 - 2015-04-15 05:08 - 00250672 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe

2015-04-15 05:08 - 2015-04-15 05:08 - 00106120 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys

2015-04-15 05:06 - 2015-04-15 05:06 - 00000000 ____D () C:\Program Files\McAfee

2015-04-15 04:51 - 2015-04-15 04:51 - 00000000 ____D () C:\ProgramData\McAfee

2015-04-14 12:50 - 2015-04-14 12:50 - 00012826 _____ () C:\Users\mom\Documents\bmt movie 2.wlmp

2015-04-05 22:19 - 2015-04-25 17:59 - 00001176 _____ () C:\Windows\setupact.log

2015-04-05 22:19 - 2015-04-05 22:19 - 00279704 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-04-05 22:19 - 2015-04-05 22:19 - 00000000 _____ () C:\Windows\setuperr.log

2015-04-05 18:39 - 2015-04-05 18:39 - 00065112 _____ () C:\Users\mom\AppData\Local\GDIPFONTCACHEV1.DAT

2015-04-04 03:01 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-04-04 03:01 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\system32\GWX

2015-04-02 03:04 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls

2015-04-02 03:04 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls

2015-03-31 18:06 - 2015-04-22 22:46 - 00000000 ____D () C:\Users\mom\Downloads\dBvW6h

2015-03-31 06:35 - 2015-03-31 06:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-03-31 06:35 - 2015-03-31 06:35 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2015-03-31 06:21 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll

2015-03-31 06:21 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll

2015-03-31 06:21 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll

2015-03-31 06:21 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

2015-03-31 06:20 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-31 06:20 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-31 06:20 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-31 06:20 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-31 06:20 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-03-31 06:20 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-31 06:20 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-03-31 06:20 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-03-31 06:20 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-31 06:20 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-31 06:20 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-03-31 06:20 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-31 06:20 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-03-31 06:20 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-31 06:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-31 06:20 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-31 06:20 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-31 06:20 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-31 06:20 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-31 06:20 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-31 06:20 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-31 06:20 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-31 06:20 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-03-31 06:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-03-31 06:20 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-03-31 06:20 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-03-31 06:20 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2015-03-31 06:20 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2015-03-31 06:20 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2015-03-31 06:20 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-31 06:20 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-31 06:20 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2015-03-31 06:20 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-03-31 06:18 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-03-31 06:18 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-03-31 06:18 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-31 06:17 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-31 06:17 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-31 06:17 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-31 06:17 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-31 06:17 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-31 06:17 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2015-03-31 06:17 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-31 06:17 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-31 06:17 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-31 06:17 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-03-31 06:17 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2015-03-31 06:16 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-31 06:13 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2015-03-31 06:13 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll

2015-03-31 06:08 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-31 06:08 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2015-03-31 05:54 - 2015-03-31 06:07 - 00000354 _____ () C:\Users\mom\Desktop\(1) Facebook.url

2015-03-31 04:26 - 2015-03-31 04:28 - 00000000 ____D () C:\7446898937202c09aea58bc4e3

2015-03-31 04:23 - 2015-03-31 04:23 - 00000000 _____ () C:\Users\mom\Downloads\Windows6_1-KB947821-v34-x64_msu.13sa3nw.partial

2015-03-30 21:44 - 2015-03-31 04:25 - 00000000 ____D () C:\1b691eef31c319cce6fafc4e

2015-03-29 11:34 - 2015-03-29 11:34 - 00389437 _____ () C:\Users\mom\Downloads\grilled cheese and jesus day

2015-03-27 05:15 - 2015-03-27 05:15 - 00000000 ____D () C:\Users\mom\Documents\ProcAlyzer Dumps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-26 09:43 - 2015-01-31 00:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-26 09:43 - 2015-01-29 23:02 - 02045184 _____ () C:\Windows\WindowsUpdate.log

2015-04-26 06:49 - 2015-02-26 04:34 - 00003170 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormom

2015-04-26 06:49 - 2015-02-26 04:34 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleFormom.job

2015-04-25 21:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-04-25 20:29 - 2009-07-14 01:13 - 00782720 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-25 20:22 - 2013-12-16 21:36 - 00000000 ____D () C:\Users\mom\Downloads\stinger64-epo

2015-04-25 18:07 - 2015-03-23 06:18 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-25 18:07 - 2015-03-23 06:18 - 00005984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-25 17:59 - 2014-11-07 21:10 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-25 12:54 - 2014-05-03 07:10 - 00000000 ____D () C:\AdwCleaner

2015-04-25 07:28 - 2015-01-30 09:31 - 00115712 ___SH () C:\Users\mom\Downloads\Thumbs.db

2015-04-24 05:55 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini

2015-04-22 07:07 - 2015-03-26 09:26 - 00000716 _____ () C:\Users\mom\Desktop\mail.url

2015-04-22 06:53 - 2015-02-28 18:35 - 00000000 ____D () C:\Users\mom\Documents\stinger64-epo

2015-04-22 06:53 - 2013-12-16 21:36 - 00000000 ____D () C:\Program Files\stinger

2015-04-21 19:08 - 2015-01-31 00:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-04-21 19:08 - 2013-11-07 23:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-21 19:08 - 2013-11-07 23:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-20 05:47 - 2014-05-03 06:56 - 00000000 ____D () C:\Windows\ERUNT

2015-04-20 05:25 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default

2015-04-20 05:22 - 2014-10-27 21:15 - 00000000 ____D () C:\Program Files (x86)\HughesNet Status Meter

2015-04-20 00:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration

2015-04-19 11:44 - 2015-01-29 08:52 - 00000000 ____D () C:\Users\TEst\AppData\Local\1E43F865-F207-7C45-B202-B0A8B8BFB9CC

2015-04-19 11:44 - 2015-01-23 17:57 - 00000000 ____D () C:\Users\mom\AppData\Local\1E43F865-F207-7C45-B202-B0A8B8BFB9CC

2015-04-19 11:44 - 2015-01-23 17:28 - 00000000 ____D () C:\ProgramData\ckdeopcgmamecmdeoigfjpmjdapfplpf

2015-04-19 11:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System

2015-04-19 10:32 - 2015-01-29 10:28 - 00001393 _____ () C:\Users\TEst\Desktop\TeamSpeak 3 Client.lnk

2015-04-19 05:09 - 2014-11-26 01:11 - 00000000 ____D () C:\Users\mom\funny

2015-04-18 22:19 - 2014-02-19 05:17 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-04-18 22:08 - 2015-01-29 22:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2015-04-18 21:45 - 2015-03-25 06:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-04-18 21:45 - 2015-01-24 05:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-04-18 19:49 - 2014-11-09 07:02 - 00001945 _____ () C:\Windows\epplauncher.mif

2015-04-18 02:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat

2015-04-16 19:21 - 2015-01-29 08:15 - 00000000 ____D () C:\Users\TEst

2015-04-16 19:17 - 2014-10-27 22:23 - 00007601 _____ () C:\Users\mom\AppData\Local\resmon.resmoncfg

2015-04-16 03:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-04-16 03:15 - 2013-12-08 13:04 - 00774842 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-04-14 17:35 - 2014-11-07 21:11 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-04-14 11:03 - 2013-11-10 13:30 - 00000000 ____D () C:\Users\mom\AppData\Local\CrashDumps

2015-04-05 22:17 - 2013-12-08 13:05 - 00000000 ____D () C:\Users\mom\AppData\Roaming\SoftGrid Client

2015-04-05 22:13 - 2015-03-25 12:06 - 00001279 _____ () C:\Users\mom\Desktop\Internet Explorer.lnk

2015-04-02 03:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2015-04-02 03:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism

2015-04-01 11:16 - 2014-10-28 05:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-03-31 06:36 - 2014-10-21 07:44 - 00000000 ____D () C:\Users\mom\AppData\Local\Adobe

2015-03-31 06:35 - 2014-10-22 19:25 - 00000000 ____D () C:\ProgramData\Adobe

2015-03-31 06:35 - 2014-10-22 19:25 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-03-31 05:44 - 2013-11-08 02:16 - 00000000 ____D () C:\Users\mom

2015-03-31 05:42 - 2011-03-10 18:32 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM

2015-03-31 05:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security

2015-03-31 05:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2015-03-31 05:41 - 2015-01-24 05:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-03-27 05:49 - 2014-01-19 18:28 - 00000000 ____D () C:\Users\mom\Documents\Mindy Jones

==================== Files in the root of some directories =======

2014-10-29 13:08 - 2014-10-29 13:08 - 0001856 _____ () C:\Users\mom\AppData\Roaming\GhostObjGAFix.xml

2015-04-05 20:43 - 2015-04-05 22:11 - 0000115 _____ () C:\Users\mom\AppData\Roaming\LogFile.txt

2014-12-25 18:33 - 2015-01-24 03:34 - 0000128 _____ () C:\Users\mom\AppData\Roaming\WB.CFG

2014-11-12 03:18 - 2014-11-12 03:18 - 0000064 _____ () C:\Users\mom\AppData\Local\08e47ea8493e9b149244bb38e017f2d9

2015-04-21 17:46 - 2015-04-21 17:46 - 0154956 _____ () C:\Users\mom\AppData\Local\ars.cache

2015-04-21 17:46 - 2015-04-21 17:46 - 0321952 _____ () C:\Users\mom\AppData\Local\census.cache

2014-11-01 16:55 - 2015-01-15 19:17 - 0003584 _____ () C:\Users\mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-12-27 08:33 - 2014-12-27 08:33 - 0234679 _____ () C:\Users\mom\AppData\Local\dsi1.dat

2014-12-27 08:33 - 2014-12-27 08:33 - 0161916 _____ () C:\Users\mom\AppData\Local\dsi2.dat

2015-04-21 17:35 - 2015-04-21 17:35 - 0000036 _____ () C:\Users\mom\AppData\Local\housecall.guid.cache

2014-10-27 22:23 - 2015-04-16 19:17 - 0007601 _____ () C:\Users\mom\AppData\Local\resmon.resmoncfg

Files to move or delete:

====================

C:\Users\mom\jagex_cl_runescape_LIVE.dat

C:\Users\mom\random.dat

C:\Users\TEst\jagex_cl_runescape_LIVE.dat

C:\Users\TEst\random.dat

 

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2014-11-05 03:53

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2015

 

Ran by mom at 2015-04-26 10:36:45

 

Running from C:\Users\mom\Downloads

 

Boot Mode: Normal

 

==========================================================

 

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-4272652656-438244758-189266899-500 - Administrator - Disabled)

 

Guest (S-1-5-21-4272652656-438244758-189266899-501 - Limited - Disabled)

 

HomeGroupUser$ (S-1-5-21-4272652656-438244758-189266899-1002 - Limited - Enabled)

 

mom (S-1-5-21-4272652656-438244758-189266899-1000 - Administrator - Enabled) => C:\Users\mom

 

TEst (S-1-5-21-4272652656-438244758-189266899-1003 - Administrator - Enabled) => C:\Users\TEst

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)

 

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

 

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

 

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)

 

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)

 

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

 

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)

 

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden

 

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)

 

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

 

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)

 

DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden

 

Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)

 

HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)

 

HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)

 

HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)

 

HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)

 

HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)

 

HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)

 

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

 

HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)

 

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)

 

HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)

 

HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)

 

HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)

 

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)

 

HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden

 

HughesNet Status Meter (HKLM-x32\...\{67939A60-3C84-4556-8427-97793155AEF6}) (Version: 6.2.0 - None provided)

 

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

 

Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)

 

LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)

 

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

 

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

 

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

 

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

 

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

 

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

 

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

 

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

 

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

 

Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)

 

Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden

 

Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)

 

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)

 

PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden

 

Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

 

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

 

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)

 

Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden

 

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)

 

PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden

 

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)

 

Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden

 

RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)

 

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

 

The Price is Right (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Unity Web Player (All users) (HKLM-x32\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)

 

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

 

Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

 

Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

 

WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden

 

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

 

Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)

 

Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden

 

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-4272652656-438244758-189266899-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\mom\AppData\Roaming\tyvitsju\tivesen.dll () <==== ATTENTION

 

==================== Restore Points =========================

 

19-04-2015 08:06:06 Windows Update

 

20-04-2015 05:47:16 Created By FixIEDef

 

22-04-2015 19:03:19 Installed Sophos Virus Removal Tool.

 

22-04-2015 19:07:29 Removed Sophos Virus Removal Tool.

 

23-04-2015 18:51:13 Removed Sophos Virus Removal Tool.

 

24-04-2015 05:34:54 Windows Update

 

25-04-2015 12:52:21 Removed Norton Online Backup

 

25-04-2015 12:59:01 zoek.exe restore point

 

25-04-2015 18:13:19 zoek.exe restore point

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2015-04-20 14:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1 localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {00ADB057-7617-4876-8787-470055CF12B2} - \Runner IC No Task File <==== ATTENTION

 

Task: {0206CC90-D392-45D8-B52A-4078BEC9674F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION

 

Task: {03EDF0DA-6EC2-46FB-8FD7-5A6E99BDA2AF} - \Microsoft\Windows\Media Center\PBDADiscovery No Task File <==== ATTENTION

 

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File <==== ATTENTION

 

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION

 

Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION

 

Task: {0BC40909-6AF2-4FF1-9B83-EC806549F4E5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

 

Task: {13980026-C96F-4528-BF04-7C5C3FF6EB96} - \Microsoft\Windows\Media Center\RecordingRestart No Task File <==== ATTENTION

 

Task: {178FDE67-9DC1-400D-8B52-3DD6280BD032} - \Microsoft\Windows\Media Center\PvrRecoveryTask No Task File <==== ATTENTION

 

Task: {1ACEA5C9-2DA3-4900-9F01-CA45DA2CCAF5} - \Microsoft\Windows\Media Center\ActivateWindowsSearch No Task File <==== ATTENTION

 

Task: {1E4EE1F0-285F-4BCE-88F2-74A67977E747} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION

 

Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive No Task File <==== ATTENTION

 

Task: {21261CCF-BA29-4F4E-84CC-D4ABAB7E6406} - \{448273CE-D309-48C4-84D0-481B35A23B64} No Task File <==== ATTENTION

 

Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION

 

Task: {251DE5CB-6DF6-4978-BB83-A22FA50902C5} - \Microsoft\Windows\Media Center\InstallPlayReady No Task File <==== ATTENTION

 

Task: {28011108-68DF-4C73-B91B-57427D501BBA} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION

 

Task: {2BF072F7-41E0-4360-A67F-254A6FC579C0} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION

 

Task: {2DBD6EB3-FD63-429A-87E0-DE5C318A737C} - \Hewlett-Packard\HP Support Assistant\PC Tuneup No Task File <==== ATTENTION

 

Task: {2ED50D70-9BCB-4055-BD8A-590EDF562402} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe

 

Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification No Task File <==== ATTENTION

 

Task: {31EC477A-5792-4E21-A65D-F50F57D0F9DB} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService No Task File <==== ATTENTION

 

Task: {362954CD-1443-46A3-861B-5C3A2743FDFA} - \Microsoft\Windows\Media Center\ReindexSearchRoot No Task File <==== ATTENTION

 

Task: {38CBD6F3-F1ED-4796-BD24-5766C43B3098} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4272652656-438244758-189266899-1000

 

Task: {43E5453C-BBA3-4111-9F4D-DF9C96CE1634} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

 

Task: {4402013C-4A89-4F58-94BF-FB640B800996} - \Microsoft\Windows\Media Center\RegisterSearch No Task File <==== ATTENTION

 

Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip No Task File <==== ATTENTION

 

Task: {486C1A9B-CCF9-462C-935B-E4F25EE9BB1D} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector No Task File <==== ATTENTION

 

Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration No Task File <==== ATTENTION

 

Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION

 

Task: {4E19B4A4-BE39-4B6D-B11E-A3BFF4D5CB7F} - \{DD176437-0E2A-4047-AB32-224ADBED2401} No Task File <==== ATTENTION

 

Task: {52D6E666-548F-410E-BFF1-92B8C63CA97F} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION

 

Task: {56D31F25-04BC-471E-AA27-52CB4C3020A5} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks No Task File <==== ATTENTION

 

Task: {578D0CA6-4844-430C-8D2A-BA79E7C01266} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION

 

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION

 

Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File <==== ATTENTION

 

Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION

 

Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION

 

Task: {6271FDC0-C194-43DB-84D2-1233380741CB} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION

 

Task: {67144494-C016-4460-BDE4-2BF8247102BC} - \Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask No Task File <==== ATTENTION

 

Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask No Task File <==== ATTENTION

 

Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck No Task File <==== ATTENTION

 

Task: {782D691B-CCD9-488A-8678-C9931DACC414} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

 

Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION

 

Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File <==== ATTENTION

 

Task: {8472E2B4-4982-4C64-B496-4564F8A1352D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION

 

Task: {8C67184E-865A-4D27-82EC-43505B50026E} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task No Task File <==== ATTENTION

 

Task: {8E359152-D8C9-4871-AEA1-9851E769A8F1} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 No Task File <==== ATTENTION

 

Task: {92481A48-26F5-442C-9298-DD713B27E3A4} - \Registration No Task File <==== ATTENTION

 

Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION

 

Task: {95E7292F-653F-46C1-8160-FAEC9F3307D5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)

 

Task: {98F6E988-20BB-4E04-B95B-F31E5CB356B2} - \Microsoft\Windows\Wininet\CacheTask No Task File <==== ATTENTION

 

Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION

 

Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION

 

Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader No Task File <==== ATTENTION

 

Task: {A42684B2-6D5E-4EDE-9919-61D64518237D} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary No Task File <==== ATTENTION

 

Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter No Task File <==== ATTENTION

 

Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - \Microsoft\Windows\Location\Notifications No Task File <==== ATTENTION

 

Task: {A70F1A61-D69D-4D02-876F-B399AB64BC35} - \Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events No Task File <==== ATTENTION

 

Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent No Task File <==== ATTENTION

 

Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager No Task File <==== ATTENTION

 

Task: {ADC06EF7-C9A8-49F7-A5A6-C2F6231DA82B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION

 

Task: {AEBA3AC0-F3A7-4FBC-A122-DC734318377B} - \Microsoft\Windows\Media Center\PvrScheduleTask No Task File <==== ATTENTION

 

Task: {B0B73B96-C439-4820-AAB1-3FBB85493C87} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis No Task File <==== ATTENTION

 

Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor No Task File <==== ATTENTION

 

Task: {B32E3924-31FA-4833-8AA8-B4E634B38626} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

 

Task: {B76872B0-5B6E-4877-9431-373627D853E7} - \{CE39A8BC-59C4-4FD5-B984-2B0CD994E71E} No Task File <==== ATTENTION

 

Task: {B852AA03-A8A4-490A-B8DC-A7570EFBDEE4} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe

 

Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled No Task File <==== ATTENTION

 

Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION

 

Task: {C0B2AA68-DF9E-400A-B71C-581384C21B8A} - \Hewlett-Packard\HP Support Assistant\Ghost Resign Task No Task File <==== ATTENTION

 

Task: {C57336C0-7423-4250-A8DD-AAE1E77A45DC} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask No Task File <==== ATTENTION

 

Task: {C9780D19-2567-4C8C-B584-369072FD98FE} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 No Task File <==== ATTENTION

 

Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup No Task File <==== ATTENTION

 

Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION

 

Task: {CBFED178-75FE-42F5-BB35-F3E5E50AD33F} - \Microsoft\Windows\Media Center\PeriodicScanRetry No Task File <==== ATTENTION

 

Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File <==== ATTENTION

 

Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION

 

Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - \Microsoft\Windows\Autochk\Proxy No Task File <==== ATTENTION

 

Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - \Microsoft\Windows\Maintenance\WinSAT No Task File <==== ATTENTION

 

Task: {DC3C0E7C-6B67-43C4-B5AE-246681442028} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-21] (Adobe Systems Incorporated)

 

Task: {DCCEC452-F4F3-4193-B418-3B352CADD5F6} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION

 

Task: {DD7B370B-7F26-4978-987E-08483B367623} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION

 

Task: {DE3A3F25-99E5-4F0A-9D2F-6321A5602C47} - \Microsoft\Windows\Media Center\StartRecording No Task File <==== ATTENTION

 

Task: {DF0EB2A9-6AB6-4508-B310-E6D1ED383B44} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION

 

Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange No Task File <==== ATTENTION

 

Task: {E3163C33-301D-4730-A266-5518C5ED3967} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION

 

Task: {E4790C4E-756E-414D-87A6-3830EE638044} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask No Task File <==== ATTENTION

 

Task: {EA3B8A34-590B-4F03-969B-766CC1A3C4C8} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask No Task File <==== ATTENTION

 

Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask No Task File <==== ATTENTION

 

Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION

 

Task: {F446D15B-7274-4052-B5BB-24F19B0AD4C7} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION

 

Task: {F64F9C9D-6599-44CB-BC8B-AE58B29EFC2F} - System32\Tasks\HPCeeScheduleFormom => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

 

Task: {F6734812-A49A-4C93-AA1F-E2D06F27C571} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION

 

Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File <==== ATTENTION

 

Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem No Task File <==== ATTENTION

 

Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask No Task File <==== ATTENTION

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

 

Task: C:\Windows\Tasks\HPCeeScheduleFormom.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2009-10-01 09:22 - 2009-10-01 09:22 - 00327168 _____ () C:\Windows\system32\SaMinDrv.dll

 

2015-01-24 04:34 - 2015-01-24 04:34 - 00157696 _____ () C:\Users\mom\AppData\Roaming\tyvitsju\tivesen.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:373E1720

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

 

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-4272652656-438244758-189266899-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

 

DNS Servers: 192.168.0.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeARMservice => 2

 

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

 

MSCONFIG\Services: AdpeakProxy => 2

 

MSCONFIG\Services: AMD External Events Utility => 2

 

MSCONFIG\Services: BeFrugal.com Service => 2

 

MSCONFIG\Services: GamesAppIntegrationService => 3

 

MSCONFIG\Services: GamesAppService => 3

 

MSCONFIG\Services: HP Health Check Service => 2

 

MSCONFIG\Services: HPClientSvc => 2

 

MSCONFIG\Services: HPDrvMntSvc.exe => 2

 

MSCONFIG\Services: hpqwmiex => 3

 

MSCONFIG\Services: LightScribeService => 2

 

MSCONFIG\Services: NOBU => 2

 

MSCONFIG\Services: pdfcDispatcher => 2

 

MSCONFIG\Services: RoxioNow Service => 2

 

MSCONFIG\startupreg: BFHP => C:\Program Files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe

 

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

 

MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

 

MSCONFIG\startupreg: HughesNetStatusMeter => "C:\Program Files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe"

 

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

 

MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

 

MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

 

MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe

 

MSCONFIG\startupreg: Regedit32 => C:\Windows\system32\regedit.exe

 

MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

 

MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

 

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

MSCONFIG\startupreg: Tagee => C:\Users\mom\AppData\Roaming\Uhbyi\tagee.exe

 

MSCONFIG\startupreg: YTDownloader => /boot

 

==================== FirewallRules (whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

FirewallRules: [TCP Query User{C646D13B-A9F9-4CA8-B409-D3C3F0BB5D64}C:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe] => (Block) C:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe

 

FirewallRules: [UDP Query User{C2B751BB-4455-402E-8B8E-CCF5B9B2A45E}C:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe] => (Block) C:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe

 

==================== Faulty Device Manager Devices =============

 

 

 

==================== Event log errors: =========================

 

Application errors:

 

==================

 

Error: (04/26/2015 10:35:09 AM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: The program FRST64.exe version 24.4.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 2ec

 

Start Time: 01d0802e1d950a11

 

Termination Time: 0

 

Application Path: C:\Users\mom\Downloads\FRST64.exe

 

Report Id: 697f9787-ec21-11e4-9741-78acc0bae5e9

 

Error: (04/26/2015 10:34:21 AM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: The program FRST64.exe version 24.4.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 13f0

 

Start Time: 01d0802ded912c69

 

Termination Time: 10

 

Application Path: C:\Users\mom\Downloads\FRST64.exe

 

Report Id: 4946cb0d-ec21-11e4-9741-78acc0bae5e9

 

Error: (04/18/2015 10:08:20 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 2e8

 

Start Time: 01d07a457d2a4122

 

Termination Time: 15

 

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

 

Report Id: ee9a9470-e638-11e4-9903-78acc0bae5e9

 

Error: (04/18/2015 10:06:42 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: cc4

 

Start Time: 01d07a456dba9cda

 

Termination Time: 16

 

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

 

Report Id: b645e91b-e638-11e4-9903-78acc0bae5e9

 

Error: (04/18/2015 10:06:20 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 298

 

Start Time: 01d07a455e2c83bc

 

Termination Time: 16

 

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

 

Report Id: a3f6dae2-e638-11e4-9903-78acc0bae5e9

 

Error: (04/16/2015 03:04:43 AM) (Source: Windows Search Service) (EventID: 3007) (User: )

 

Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

 

Context: Application, SystemIndex Catalog

 

Error: (04/15/2015 01:09:04 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 9e0

 

Start Time: 01d076fadfc6a2a5

 

Termination Time: 3488

 

Application Path: C:\Windows\Explorer.EXE

 

Report Id: 0852614a-e392-11e4-a9ea-78acc0bae5e9

 

Error: (04/14/2015 08:03:01 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: The program iexplore.exe version 11.0.9600.17689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 3c04

 

Start Time: 01d0770d798f7bc2

 

Termination Time: 0

 

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

 

Report Id:

 

Error: (04/14/2015 11:03:09 AM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4

 

Faulting module name: PhotoAcq.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c955

 

Exception code: 0xc0000005

 

Fault offset: 0x000000000001a3e3

 

Faulting process id: 0xb2c

 

Faulting application start time: 0xExplorer.EXE0

 

Faulting application path: Explorer.EXE1

 

Faulting module path: Explorer.EXE2

 

Report Id: Explorer.EXE3

 

Error: (04/06/2015 03:19:02 AM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: The program msert.exe version 1.195.2073.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: cd8

 

Start Time: 01d07030112f86a1

 

Termination Time: 0

 

Application Path: C:\Users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YCC87VH\msert.exe

 

Report Id: 257a8a75-dc2d-11e4-bcd9-78acc0bae5e9

 

 

 

System errors:

 

=============

 

Error: (04/25/2015 00:28:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

 

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

 

Error: (04/25/2015 07:38:29 AM) (Source: Disk) (EventID: 11) (User: )

 

Description: The driver detected a controller error on \Device\Harddisk2\DR7.

 

Error: (04/25/2015 07:38:28 AM) (Source: Disk) (EventID: 11) (User: )

 

Description: The driver detected a controller error on \Device\Harddisk2\DR7.

 

Error: (04/25/2015 07:38:27 AM) (Source: Disk) (EventID: 11) (User: )

 

Description: The driver detected a controller error on \Device\Harddisk2\DR7.

 

Error: (04/25/2015 07:38:27 AM) (Source: Disk) (EventID: 11) (User: )

 

Description: The driver detected a controller error on \Device\Harddisk2\DR7.

 

Error: (04/24/2015 02:34:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

Error: (04/24/2015 02:34:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

Error: (04/24/2015 02:34:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

Error: (04/24/2015 02:29:55 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

 

Description: The following fatal alert was received: 40.

 

Error: (04/24/2015 01:47:46 PM) (Source: DCOM) (EventID: 10010) (User: )

 

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

 

 

Microsoft Office Sessions:

 

=========================

 

Error: (04/26/2015 10:35:09 AM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: FRST64.exe24.4.2015.02ec01d0802e1d950a110C:\Users\mom\Downloads\FRST64.exe697f9787-ec21-11e4-9741-78acc0bae5e9

 

Error: (04/26/2015 10:34:21 AM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: FRST64.exe24.4.2015.013f001d0802ded912c6910C:\Users\mom\Downloads\FRST64.exe4946cb0d-ec21-11e4-9741-78acc0bae5e9

 

Error: (04/18/2015 10:08:20 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: mbam.exe1.75.0.12e801d07a457d2a412215C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeee9a9470-e638-11e4-9903-78acc0bae5e9

 

Error: (04/18/2015 10:06:42 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: mbam.exe1.75.0.1cc401d07a456dba9cda16C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeb645e91b-e638-11e4-9903-78acc0bae5e9

 

Error: (04/18/2015 10:06:20 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: mbam.exe1.75.0.129801d07a455e2c83bc16C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exea3f6dae2-e638-11e4-9903-78acc0bae5e9

 

Error: (04/16/2015 03:04:43 AM) (Source: Windows Search Service) (EventID: 3007) (User: )

 

Description: Context: Application, SystemIndex Catalog

 

Error: (04/15/2015 01:09:04 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: Explorer.EXE6.1.7601.175679e001d076fadfc6a2a53488C:\Windows\Explorer.EXE0852614a-e392-11e4-a9ea-78acc0bae5e9

 

Error: (04/14/2015 08:03:01 PM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: iexplore.exe11.0.9600.176893c0401d0770d798f7bc20C:\Program Files\Internet Explorer\iexplore.exe

 

Error: (04/14/2015 11:03:09 AM) (Source: Application Error) (EventID: 1000) (User: )

 

Description: Explorer.EXE6.1.7601.175674d672ee4PhotoAcq.dll6.1.7601.175144ce7c955c0000005000000000001a3e3b2c01d076aab112fcb3C:\Windows\Explorer.EXEC:\Program Files\Windows Photo Viewer\PhotoAcq.dll5c95d2bd-e2b7-11e4-99ee-78acc0bae5e9

 

Error: (04/06/2015 03:19:02 AM) (Source: Application Hang) (EventID: 1002) (User: )

 

Description: msert.exe1.195.2073.0cd801d07030112f86a10C:\Users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YCC87VH\msert.exe257a8a75-dc2d-11e4-bcd9-78acc0bae5e9

 

 

 

CodeIntegrity Errors:

 

===================================

 

Date: 2015-04-20 14:27:59.692

 

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2015-04-20 14:27:59.661

 

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2015-04-20 14:27:59.629

 

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2015-04-20 14:27:59.583

 

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2015-04-20 05:22:33.019

 

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

Date: 2015-04-20 05:22:32.987

 

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

 

==================== Memory info ===========================

 

Processor: AMD Athlon™ II X2 240 Processor

 

Percentage of memory in use: 43%

 

Total physical RAM: 2815.29 MB

 

Available physical RAM: 1589.64 MB

 

Total Pagefile: 7035.48 MB

 

Available Pagefile: 5411.02 MB

 

Total Virtual: 8192 MB

 

Available Virtual: 8191.86 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:452.46 GB) (Free:367.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]

 

Drive d: (HP_RECOVERY) (Fixed) (Total:13.2 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

 

Disk: 0 (Size: 465.8 GB) (Disk ID: 635DE117)

 

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

 

Partition 2: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

 

Partition 3: (Not Active) - (Size=13.2 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================



#10 mommyofnuts

mommyofnuts
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 26 April 2015 - 09:57 AM

I really appreciate you helping me with this . thank you.



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 AM

Posted 26 April 2015 - 10:04 AM

Hi,

Step 1

Upload File(s) to virustotal.png
I want you to upload the following file(s) to an online virus-scanner to scan.

  • Click the Choose File button.
  • Please copy/paste the following text into the 'File name:' box:
    C:\Users\mom\AppData\Roaming\tyvitsju\tivesen.dll
  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analyzed: click Reanalyse
  • Copy and Paste the link of the result page in your reply;

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 mommyofnuts

mommyofnuts
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 26 April 2015 - 11:06 AM

https://www.virustotal.com/en/file/6aacfb1f5677105bb09e714abcd4096a11e15bfca87892197fbb1870b8089eb6/analysis/1430062591/



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 AM

Posted 26 April 2015 - 12:47 PM

Hi there,

Step 1

frst.pngfrstfix.png
Please download the attached fixlist and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   10.89KB   4 downloads
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 mommyofnuts

mommyofnuts
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 26 April 2015 - 01:24 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015

 

Ran by mom at 2015-04-26 14:00:11 Run:1

 

Running from C:\Users\mom\Downloads

 

Loaded Profiles: mom (Available profiles: mom & TEst)

 

Boot Mode: Normal

 

==============================================

 

 

Content of fixlist:

 

*****************

 

CloseProcesses:

 

HKLM-x32\...\Run: [] => [X]

 

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1

 

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

 

HKU\S-1-5-21-4272652656-438244758-189266899-1000\...\Policies\Explorer: [TaskbarNoNotification] 1

 

HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 1

 

HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1

 

GroupPolicy: Group Policy on Chrome detected

 

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction

 

HKU\S-1-5-21-4272652656-438244758-189266899-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction

 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

 

cmd: type "C:\ComboFix.txt"

 

Task: {00ADB057-7617-4876-8787-470055CF12B2} - \Runner IC No Task File

 

Task: {0206CC90-D392-45D8-B52A-4078BEC9674F} - \Microsoft\Windows\SideShow\SessionAgent No Task File

 

Task: {03EDF0DA-6EC2-46FB-8FD7-5A6E99BDA2AF} - \Microsoft\Windows\Media Center\PBDADiscovery No Task File

 

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File

 

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File

 

Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File

 

Task: {13980026-C96F-4528-BF04-7C5C3FF6EB96} - \Microsoft\Windows\Media Center\RecordingRestart No Task File

 

Task: {178FDE67-9DC1-400D-8B52-3DD6280BD032} - \Microsoft\Windows\Media Center\PvrRecoveryTask No Task File

 

Task: {1ACEA5C9-2DA3-4900-9F01-CA45DA2CCAF5} - \Microsoft\Windows\Media Center\ActivateWindowsSearch No Task File

 

Task: {1E4EE1F0-285F-4BCE-88F2-74A67977E747} - \Microsoft\Windows\SideShow\AutoWake No Task File

 

Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive No Task File

 

Task: {21261CCF-BA29-4F4E-84CC-D4ABAB7E6406} - \{448273CE-D309-48C4-84D0-481B35A23B64} No Task File

 

Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File

 

Task: {251DE5CB-6DF6-4978-BB83-A22FA50902C5} - \Microsoft\Windows\Media Center\InstallPlayReady No Task File

 

Task: {28011108-68DF-4C73-B91B-57427D501BBA} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File

 

Task: {2BF072F7-41E0-4360-A67F-254A6FC579C0} - \Microsoft\Windows\SideShow\GadgetManager No Task File

 

Task: {2DBD6EB3-FD63-429A-87E0-DE5C318A737C} - \Hewlett-Packard\HP Support Assistant\PC Tuneup No Task File

 

Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification No Task File

 

Task: {31EC477A-5792-4E21-A65D-F50F57D0F9DB} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService No Task File

 

Task: {362954CD-1443-46A3-861B-5C3A2743FDFA} - \Microsoft\Windows\Media Center\ReindexSearchRoot No Task File

 

Task: {4402013C-4A89-4F58-94BF-FB640B800996} - \Microsoft\Windows\Media Center\RegisterSearch No Task File

 

Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip No Task File

 

Task: {486C1A9B-CCF9-462C-935B-E4F25EE9BB1D} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector No Task File

 

Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration No Task File

 

Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File

 

Task: {4E19B4A4-BE39-4B6D-B11E-A3BFF4D5CB7F} - \{DD176437-0E2A-4047-AB32-224ADBED2401} No Task File

 

Task: {52D6E666-548F-410E-BFF1-92B8C63CA97F} - \Microsoft\Windows\Media Center\OCURActivate No Task File

 

Task: {56D31F25-04BC-471E-AA27-52CB4C3020A5} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks No Task File

 

Task: {578D0CA6-4844-430C-8D2A-BA79E7C01266} - \Microsoft\Windows\MobilePC\HotStart No Task File

 

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File

 

Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File

 

Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File

 

Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File

 

Task: {6271FDC0-C194-43DB-84D2-1233380741CB} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File

 

Task: {67144494-C016-4460-BDE4-2BF8247102BC} - \Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask No Task File

 

Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask No Task File

 

Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck No Task File

 

Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File

 

Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo No Task File

 

Task: {8472E2B4-4982-4C64-B496-4564F8A1352D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File

 

Task: {8C67184E-865A-4D27-82EC-43505B50026E} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task No Task File

 

Task: {8E359152-D8C9-4871-AEA1-9851E769A8F1} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 No Task File

 

Task: {92481A48-26F5-442C-9298-DD713B27E3A4} - \Registration No Task File

 

Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost No Task File

 

Task: {98F6E988-20BB-4E04-B95B-F31E5CB356B2} - \Microsoft\Windows\Wininet\CacheTask No Task File

 

Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File

 

Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File

 

Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader No Task File

 

Task: {A42684B2-6D5E-4EDE-9919-61D64518237D} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary No Task File

 

Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter No Task File

 

Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - \Microsoft\Windows\Location\Notifications No Task File

 

Task: {A70F1A61-D69D-4D02-876F-B399AB64BC35} - \Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events No Task File

 

Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent No Task File

 

Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager No Task File

 

Task: {ADC06EF7-C9A8-49F7-A5A6-C2F6231DA82B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File

 

Task: {AEBA3AC0-F3A7-4FBC-A122-DC734318377B} - \Microsoft\Windows\Media Center\PvrScheduleTask No Task File

 

Task: {B0B73B96-C439-4820-AAB1-3FBB85493C87} - \Hewlett-Packard\HP Support Assistant\PC Health Analysis No Task File

 

Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor No Task File

 

Task: {B76872B0-5B6E-4877-9431-373627D853E7} - \{CE39A8BC-59C4-4FD5-B984-2B0CD994E71E} No Task File

 

Task: {B852AA03-A8A4-490A-B8DC-A7570EFBDEE4} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe

 

C:\Program Files (x86)\OLBPre

 

Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled No Task File

 

Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File

 

Task: {C0B2AA68-DF9E-400A-B71C-581384C21B8A} - \Hewlett-Packard\HP Support Assistant\Ghost Resign Task No Task File

 

Task: {C57336C0-7423-4250-A8DD-AAE1E77A45DC} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask No Task File

 

Task: {C9780D19-2567-4C8C-B584-369072FD98FE} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 No Task File

 

Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup No Task File

 

Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File

 

Task: {CBFED178-75FE-42F5-BB35-F3E5E50AD33F} - \Microsoft\Windows\Media Center\PeriodicScanRetry No Task File

 

Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File

 

Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File

 

Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - \Microsoft\Windows\Autochk\Proxy No Task File

 

Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - \Microsoft\Windows\Maintenance\WinSAT No Task File

 

Task: {DCCEC452-F4F3-4193-B418-3B352CADD5F6} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File

 

Task: {DD7B370B-7F26-4978-987E-08483B367623} - \Microsoft\Windows\Media Center\mcupdate No Task File

 

Task: {DE3A3F25-99E5-4F0A-9D2F-6321A5602C47} - \Microsoft\Windows\Media Center\StartRecording No Task File

 

Task: {DF0EB2A9-6AB6-4508-B310-E6D1ED383B44} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File

 

Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange No Task File

 

Task: {E3163C33-301D-4730-A266-5518C5ED3967} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File

 

Task: {E4790C4E-756E-414D-87A6-3830EE638044} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask No Task File

 

Task: {EA3B8A34-590B-4F03-969B-766CC1A3C4C8} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask No Task File

 

Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask No Task File

 

Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File

 

Task: {F446D15B-7274-4052-B5BB-24F19B0AD4C7} - \Microsoft\Windows\Media Center\ehDRMInit No Task File

 

Task: {F6734812-A49A-4C93-AA1F-E2D06F27C571} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File

 

Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File

 

Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem No Task File

 

Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask No Task File

 

C:\Users\mom\AppData\Roaming\tyvitsju\

 

AlternateDataStreams: C:\ProgramData\Temp:373E1720

 

DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Regedit32

 

File: C:\Windows\system32\regedit.exe

 

DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tagee

 

C:\Users\mom\AppData\Roaming\Uhbyi

 

EmptyTemp:

 

*****************

 

 

Processes closed successfully.

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully.

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.

 

HKU\S-1-5-21-4272652656-438244758-189266899-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully.

 

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully.

 

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.

 

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

 

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

 

C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.

 

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

 

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

 

"HKU\S-1-5-21-4272652656-438244758-189266899-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

 

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

 

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

 

 

=========  type "C:\ComboFix.txt" =========

 

 

ComboFix 15-04-19.01 - mom 04/24/2015   5:48.3.1 - x64

 

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1833 [GMT -4:00]

 

Running from: c:\users\mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLWE60H9\ComboFix.exe

 

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

.

 

.

 

(((((((((((((((((((((((((   Files Created from 2015-03-24 to 2015-04-24  )))))))))))))))))))))))))))))))

 

.

 

.

 

2015-04-24 09:55 . 2015-04-24 09:55 -------- d-----w- c:\users\TEst\AppData\Local\temp

 

2015-04-24 09:55 . 2015-04-24 09:55 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp

 

2015-04-24 09:55 . 2015-04-24 09:55 -------- d-----w- c:\users\Guest\AppData\Local\temp

 

2015-04-24 09:55 . 2015-04-24 09:55 -------- d-----w- c:\users\Default\AppData\Local\temp

 

2015-04-24 09:55 . 2015-04-24 09:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp

 

2015-04-24 09:35 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AD1007E-B14C-45D6-9091-A577BF989547}\mpengine.dll

 

2015-04-24 09:15 . 2015-04-24 09:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

 

2015-04-24 09:15 . 2015-04-24 09:15 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

 

2015-04-24 09:14 . 2015-04-24 09:14 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

 

2015-04-23 23:49 . 2015-04-23 23:49 -------- d-----w- c:\users\mom\AppData\Local\Secunia PSI

 

2015-04-23 23:49 . 2015-04-23 23:49 -------- d-----w- c:\program files (x86)\Secunia

 

2015-04-22 23:04 . 2015-04-23 22:51 -------- d-----w- c:\programdata\Sophos

 

2015-04-22 22:49 . 2015-04-22 22:49 -------- d-----w- c:\users\mom\AppData\Local\AntiLogger Free

 

2015-04-21 21:35 . 2013-09-28 02:56 285208 ----a-w- c:\windows\system32\drivers\tmcomm.sys

 

2015-04-19 13:23 . 2015-04-19 13:23 -------- d-----w- c:\program files\Enigma Software Group

 

2015-04-19 02:51 . 2015-04-19 02:51 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys

 

2015-04-19 02:51 . 2015-04-19 02:57 -------- d-----w- c:\programdata\RogueKiller

 

2015-04-18 21:26 . 2015-04-18 21:26 264 ----a-w- C:\prefs.js

 

2015-04-18 21:26 . 2015-04-18 21:26 -------- d-----w- C:\searchplugins

 

2015-04-18 21:25 . 2015-03-12 15:59 373864 ----a-w- c:\windows\system32\LavasoftTcpService64.dll

 

2015-04-18 21:25 . 2015-03-12 15:58 326288 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll

 

2015-04-16 07:35 . 2015-04-16 07:35 -------- d-s---w- c:\windows\system32\CompatTel

 

2015-04-16 07:35 . 2015-04-16 07:35 -------- d-----w- c:\windows\system32\appraiser

 

2015-04-15 17:14 . 2015-03-05 05:12 404480 ----a-w- c:\windows\system32\gdi32.dll

 

2015-04-15 17:13 . 2015-04-02 00:17 389808 ----a-w- c:\windows\system32\iedkcs32.dll

 

2015-04-15 17:11 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys

 

2015-04-15 17:11 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll

 

2015-04-15 17:11 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll

 

2015-04-15 09:08 . 2015-04-15 09:08 250672 ----a-w- c:\windows\system32\mfevtps.exe

 

2015-04-15 09:08 . 2015-04-15 09:08 864072 ----a-w- c:\windows\system32\drivers\mfehidk.sys

 

2015-04-15 09:08 . 2015-04-15 09:08 106120 ----a-w- c:\windows\system32\drivers\mferkdet.sys

 

2015-04-15 09:06 . 2015-04-15 09:06 -------- d-----w- c:\program files\McAfee

 

2015-04-15 08:51 . 2015-04-15 08:51 -------- d-----w- c:\programdata\McAfee

 

2015-04-04 07:01 . 2015-04-04 07:01 -------- d-s---w- c:\windows\SysWow64\GWX

 

2015-04-04 07:01 . 2015-04-04 07:01 -------- d-s---w- c:\windows\system32\GWX

 

2015-04-02 23:50 . 2015-02-24 02:32 815272 ----a-w- c:\program files (x86)\Internet Explorer\iexplore - Copy.exe

 

2015-03-31 10:21 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll

 

2015-03-31 10:21 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll

 

2015-03-31 10:21 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll

 

2015-03-31 10:21 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll

 

2015-03-31 10:18 . 2015-01-31 03:48 3179520 ----a-w- c:\windows\system32\rdpcorets.dll

 

2015-03-31 10:18 . 2015-01-31 03:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

 

2015-03-31 10:18 . 2015-01-30 23:56 243200 ----a-w- c:\windows\system32\rdpudd.dll

 

2015-03-31 10:17 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll

 

2015-03-31 10:17 . 2015-02-03 03:12 171520 ----a-w- c:\windows\SysWow64\ubpm.dll

 

2015-03-31 10:17 . 2015-02-13 05:22 14177280 ----a-w- c:\windows\system32\shell32.dll

 

2015-03-31 10:17 . 2015-01-30 23:56 459336 ----a-w- c:\windows\system32\drivers\cng.sys

 

2015-03-31 10:17 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll

 

2015-03-31 10:17 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

 

2015-03-31 10:17 . 2015-01-17 02:48 1067520 ----a-w- c:\windows\system32\msctf.dll

 

2015-03-31 10:17 . 2015-01-17 02:30 828928 ----a-w- c:\windows\SysWow64\msctf.dll

 

2015-03-31 10:17 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll

 

2015-03-31 10:17 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

 

2015-03-31 10:16 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys

 

2015-03-31 10:13 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll

 

2015-03-31 10:13 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll

 

2015-03-31 10:08 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll

 

2015-03-31 10:08 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

 

2015-03-31 08:26 . 2015-03-31 08:28 -------- d-----w- C:\7446898937202c09aea58bc4e3

 

2015-03-31 01:44 . 2015-03-31 08:25 -------- d-----w- C:\1b691eef31c319cce6fafc4e

 

2015-03-25 11:58 . 2015-03-25 21:52 -------- d-----w- c:\program files\Google

 

2015-03-25 10:37 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe

 

2015-03-25 10:37 . 2015-04-19 01:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

 

.

 

.

 

.

 

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

2015-04-21 23:08 . 2013-11-08 03:46 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

 

2015-04-21 23:08 . 2013-11-08 03:46 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

 

2015-04-01 15:16 . 2014-10-28 09:35 128913832 ----a-w- c:\windows\system32\MRT.exe

 

2015-03-17 04:56 . 2015-04-15 17:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll

 

2015-03-01 09:10 . 2015-03-01 09:10 189912 ----a-w- c:\windows\system32\mfevtps.exe.78bb.deleteme

 

2015-02-28 22:36 . 2015-02-28 22:36 189912 ----a-w- c:\windows\system32\mfevtps.exe.a3ca.deleteme

 

2015-02-24 08:17 . 2013-12-17 03:49 295552 ------w- c:\windows\system32\MpSigStub.exe

 

2015-02-04 16:23 . 2015-02-04 16:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll

 

2015-02-04 16:13 . 2015-02-04 16:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll

 

.

 

.

 

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

*Note* empty entries & legit default entries are not shown

 

REGEDIT4

 

.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-02-19 7416088]

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

 

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

 

"ConsentPromptBehaviorAdmin"= 5 (0x5)

 

"ConsentPromptBehaviorUser"= 3 (0x3)

 

"EnableUIADesktopToggle"= 0 (0x0)

 

"SoftwareSASGeneration"= 1 (0x1)

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

 

"TaskbarNoNotification"= 1 (0x1)

 

"HideSCAHealth"= 1 (0x1)

 

.

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

 

"TaskbarNoNotification"= 1 (0x1)

 

.

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

 

"TaskbarNoNotification"= 1 (0x1)

 

"HideSCAHealth"= 1 (0x1)

 

.

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

 

"LoadAppInit_DLLs"=1 (0x1)

 

.

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

 

"aux1"=wdmaud.drv

 

.

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

 

BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

 

@="Service"

 

.

 

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

 

R3 GSVDRIVE;GSVDRIVE Driver;c:\windows\system32\DRIVERS\GSVDRIVE.sys;c:\windows\SYSNATIVE\DRIVERS\GSVDRIVE.sys [x]

 

R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]

 

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

 

R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]

 

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

 

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

 

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]

 

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

 

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

 

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

 

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

 

R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

 

R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

 

R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

 

R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

 

R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

 

R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]

 

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

 

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

 

S1 DVDHelp;DVD Video Region CSS free Filter Driver;c:\windows\system32\drivers\DVDHelp.sys;c:\windows\SYSNATIVE\drivers\DVDHelp.sys [x]

 

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

 

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

 

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

 

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

 

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

 

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

 

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

 

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

 

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

 

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

 

.

 

.

 

Contents of the 'Scheduled Tasks' folder

 

.

 

2015-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job

 

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-08 23:08]

 

.

 

2015-04-22 c:\windows\Tasks\HPCeeScheduleFormom.job

 

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

 

.

 

.

 

--------- X64 Entries -----------

 

.

 

.

 

------- Supplementary Scan -------

 

.

 

uLocal Page = c:\windows\system32\blank.htm

 

uStart Page = hxxp://msn.com/

 

mStart Page = www.google.com

 

mDefault_Search_URL = www.google.com

 

mDefault_Page_URL = www.google.com

 

mLocal Page = c:\windows\SysWOW64\blank.htm

 

mSearch Page = www.google.com

 

TCP: DhcpNameServer = 192.168.0.1

 

.

 

- - - - ORPHANS REMOVED - - - -

 

.

 

Toolbar-Locked - (no file)

 

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

 

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

 

AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe

 

AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe

 

.

 

.

 

.

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

 

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

 

.

 

--------------------- LOCKED REGISTRY KEYS ---------------------

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

 

@Denied: (A 2) (Everyone)

 

@="FlashBroker"

 

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

 

"Enabled"=dword:00000001

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

 

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

 

@Denied: (A 2) (Everyone)

 

@="IFlashBroker6"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

 

@="{00020424-0000-0000-C000-000000000046}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

"Version"="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

 

@Denied: (A 2) (Everyone)

 

@="FlashBroker"

 

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

 

"Enabled"=dword:00000001

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

 

@Denied: (A 2) (Everyone)

 

@="Shockwave Flash Object"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"

 

"ThreadingModel"="Apartment"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

 

@="0"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

 

@="ShockwaveFlash.ShockwaveFlash.17"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

 

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

 

@="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

 

@="ShockwaveFlash.ShockwaveFlash"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

 

@Denied: (A 2) (Everyone)

 

@="Macromedia Flash Factory Object"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"

 

"ThreadingModel"="Apartment"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

 

@="FlashFactory.FlashFactory.1"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

 

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

 

@="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

 

@="FlashFactory.FlashFactory"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

 

@Denied: (A 2) (Everyone)

 

@="IFlashBroker6"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

 

@="{00020424-0000-0000-C000-000000000046}"

 

.

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

"Version"="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

 

@Denied: (Full) (Everyone)

 

.

 

Completion time: 2015-04-24  05:56:57

 

ComboFix-quarantined-files.txt  2015-04-24 09:56

 

ComboFix2.txt  2015-04-20 18:30

 

ComboFix3.txt  2015-04-20 09:25

 

.

 

Pre-Run: 398,736,343,040 bytes free

 

Post-Run: 398,612,230,144 bytes free

 

.

 

- - End Of File - - D3BE130D1CA45DD4BF473348329C0FD3

 

7541DF0913E7AE43E43FCEEBA0C537DA

 

 

========= End of CMD: =========

 

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00ADB057-7617-4876-8787-470055CF12B2}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00ADB057-7617-4876-8787-470055CF12B2}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Runner IC" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0206CC90-D392-45D8-B52A-4078BEC9674F}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0206CC90-D392-45D8-B52A-4078BEC9674F}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03EDF0DA-6EC2-46FB-8FD7-5A6E99BDA2AF}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03EDF0DA-6EC2-46FB-8FD7-5A6E99BDA2AF}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Time Synchronization\SynchronizeTime" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{13980026-C96F-4528-BF04-7C5C3FF6EB96}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13980026-C96F-4528-BF04-7C5C3FF6EB96}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{178FDE67-9DC1-400D-8B52-3DD6280BD032}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{178FDE67-9DC1-400D-8B52-3DD6280BD032}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ACEA5C9-2DA3-4900-9F01-CA45DA2CCAF5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ACEA5C9-2DA3-4900-9F01-CA45DA2CCAF5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1E4EE1F0-285F-4BCE-88F2-74A67977E747}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E4EE1F0-285F-4BCE-88F2-74A67977E747}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Task Manager\Interactive" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21261CCF-BA29-4F4E-84CC-D4ABAB7E6406}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21261CCF-BA29-4F4E-84CC-D4ABAB7E6406}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{448273CE-D309-48C4-84D0-481B35A23B64}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2470470F-2634-478E-B181-571E98A789BB}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2470470F-2634-478E-B181-571E98A789BB}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SystemSoundsService" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{251DE5CB-6DF6-4978-BB83-A22FA50902C5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{251DE5CB-6DF6-4978-BB83-A22FA50902C5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{28011108-68DF-4C73-B91B-57427D501BBA}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28011108-68DF-4C73-B91B-57427D501BBA}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BF072F7-41E0-4360-A67F-254A6FC579C0}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BF072F7-41E0-4360-A67F-254A6FC579C0}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DBD6EB3-FD63-429A-87E0-DE5C318A737C}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DBD6EB3-FD63-429A-87E0-DE5C318A737C}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\PC Tuneup" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31EC477A-5792-4E21-A65D-F50F57D0F9DB}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31EC477A-5792-4E21-A65D-F50F57D0F9DB}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{362954CD-1443-46A3-861B-5C3A2743FDFA}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{362954CD-1443-46A3-861B-5C3A2743FDFA}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4402013C-4A89-4F58-94BF-FB640B800996}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4402013C-4A89-4F58-94BF-FB640B800996}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{486C1A9B-CCF9-462C-935B-E4F25EE9BB1D}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486C1A9B-CCF9-462C-935B-E4F25EE9BB1D}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework\MsCtfMonitor" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E19B4A4-BE39-4B6D-B11E-A3BFF4D5CB7F}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E19B4A4-BE39-4B6D-B11E-A3BFF4D5CB7F}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DD176437-0E2A-4047-AB32-224ADBED2401}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52D6E666-548F-410E-BFF1-92B8C63CA97F}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52D6E666-548F-410E-BFF1-92B8C63CA97F}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56D31F25-04BC-471E-AA27-52CB4C3020A5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56D31F25-04BC-471E-AA27-52CB4C3020A5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{578D0CA6-4844-430C-8D2A-BA79E7C01266}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{578D0CA6-4844-430C-8D2A-BA79E7C01266}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A40E926-9E86-4B89-9CFD-B12311724371}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A40E926-9E86-4B89-9CFD-B12311724371}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControls" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5F5A18EB-DC73-4E45-A11C-B59043598412}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5A18EB-DC73-4E45-A11C-B59043598412}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\SystemTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{613612BA-897D-44CE-8DC1-8FC283F9FD51}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613612BA-897D-44CE-8DC1-8FC283F9FD51}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6271FDC0-C194-43DB-84D2-1233380741CB}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6271FDC0-C194-43DB-84D2-1233380741CB}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67144494-C016-4460-BDE4-2BF8247102BC}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67144494-C016-4460-BDE4-2BF8247102BC}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\User Profile Service\HiveUploadTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{72DB7465-BC54-491B-A92A-4637A28C9BBF}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72DB7465-BC54-491B-A92A-4637A28C9BBF}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetTrace\GatherNetworkInfo" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8472E2B4-4982-4C64-B496-4564F8A1352D}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8472E2B4-4982-4C64-B496-4564F8A1352D}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C67184E-865A-4D27-82EC-43505B50026E}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C67184E-865A-4D27-82EC-43505B50026E}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E359152-D8C9-4871-AEA1-9851E769A8F1}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E359152-D8C9-4871-AEA1-9851E769A8F1}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92481A48-26F5-442C-9298-DD713B27E3A4}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92481A48-26F5-442C-9298-DD713B27E3A4}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registration" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9435F817-FED2-454E-88CD-7F78FDA62C48}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{98F6E988-20BB-4E04-B95B-F31E5CB356B2}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98F6E988-20BB-4E04-B95B-F31E5CB356B2}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\CacheTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{994C86AD-A929-4B2C-88A0-4E25A107A029}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{994C86AD-A929-4B2C-88A0-4E25A107A029}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore\SR" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9979CB83-103A-4105-9E5D-C74B0AF6D198}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9979CB83-103A-4105-9E5D-C74B0AF6D198}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask-Roam" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsColorSystem\Calibration Loader" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A42684B2-6D5E-4EDE-9919-61D64518237D}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A42684B2-6D5E-4EDE-9919-61D64518237D}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A48CABBF-24C8-4B87-B00F-9261807C3B43}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A48CABBF-24C8-4B87-B00F-9261807C3B43}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppID\PolicyConverter" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A70F1A61-D69D-4D02-876F-B399AB64BC35}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A70F1A61-D69D-4D02-876F-B399AB64BC35}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC668097-4D6B-4093-AC14-014C09DBF820}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC668097-4D6B-4093-AC14-014C09DBF820}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Ras\MobilityManager" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADC06EF7-C9A8-49F7-A5A6-C2F6231DA82B}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADC06EF7-C9A8-49F7-A5A6-C2F6231DA82B}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEBA3AC0-F3A7-4FBC-A122-DC734318377B}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEBA3AC0-F3A7-4FBC-A122-DC734318377B}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0B73B96-C439-4820-AAB1-3FBB85493C87}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0B73B96-C439-4820-AAB1-3FBB85493C87}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\PC Health Analysis" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B76872B0-5B6E-4877-9431-373627D853E7}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B76872B0-5B6E-4877-9431-373627D853E7}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CE39A8BC-59C4-4FD5-B984-2B0CD994E71E}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B852AA03-A8A4-490A-B8DC-A7570EFBDEE4}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B852AA03-A8A4-490A-B8DC-A7570EFBDEE4}" => Key deleted successfully.

 

C:\Windows\System32\Tasks\LaunchPreSignup => Moved successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => Key deleted successfully.

 

"C:\Program Files (x86)\OLBPre" => File/Directory not found.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE669C13-8165-4536-96D0-6D6C39292AAE}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE669C13-8165-4536-96D0-6D6C39292AAE}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Diagnosis\Scheduled" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C016366B-7126-46CA-B36B-592A3D95A60B}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C016366B-7126-46CA-B36B-592A3D95A60B}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0B2AA68-DF9E-400A-B71C-581384C21B8A}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0B2AA68-DF9E-400A-B71C-581384C21B8A}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\Ghost Resign Task" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C57336C0-7423-4250-A8DD-AAE1E77A45DC}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C57336C0-7423-4250-A8DD-AAE1E77A45DC}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9780D19-2567-4C8C-B584-369072FD98FE}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9780D19-2567-4C8C-B584-369072FD98FE}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Registry\RegIdleBackup" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBFED178-75FE-42F5-BB35-F3E5E50AD33F}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBFED178-75FE-42F5-BB35-F3E5E50AD33F}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D0250F3F-6480-484F-B719-42F659AC64D5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0250F3F-6480-484F-B719-42F659AC64D5}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\QueueReporting" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D7B6E81D-3CF4-432C-84D2-24213F4316E6}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7B6E81D-3CF4-432C-84D2-24213F4316E6}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Autochk\Proxy" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\WinSAT" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCCEC452-F4F3-4193-B418-3B352CADD5F6}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCCEC452-F4F3-4193-B418-3B352CADD5F6}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD7B370B-7F26-4978-987E-08483B367623}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD7B370B-7F26-4978-987E-08483B367623}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE3A3F25-99E5-4F0A-9D2F-6321A5602C47}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE3A3F25-99E5-4F0A-9D2F-6321A5602C47}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF0EB2A9-6AB6-4508-B310-E6D1ED383B44}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF0EB2A9-6AB6-4508-B310-E6D1ED383B44}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3163C33-301D-4730-A266-5518C5ED3967}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3163C33-301D-4730-A266-5518C5ED3967}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetooth\UninstallDeviceTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4790C4E-756E-414D-87A6-3830EE638044}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4790C4E-756E-414D-87A6-3830EE638044}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA3B8A34-590B-4F03-969B-766CC1A3C4C8}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA3B8A34-590B-4F03-969B-766CC1A3C4C8}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RacTask" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F446D15B-7274-4052-B5BB-24F19B0AD4C7}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F446D15B-7274-4052-B5BB-24F19B0AD4C7}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6734812-A49A-4C93-AA1F-E2D06F27C571}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6734812-A49A-4C93-AA1F-E2D06F27C571}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB3C354D-297A-4EB2-9B58-090F6361906B}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB3C354D-297A-4EB2-9B58-090F6361906B}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}" => Key deleted successfully.

 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" => Key deleted successfully.

 

C:\Users\mom\AppData\Roaming\tyvitsju => Moved successfully.

 

C:\ProgramData\Temp => ":373E1720" ADS removed successfully.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Regedit32 => Key Deleted successfully.

 

 

========================= File: C:\Windows\system32\regedit.exe ========================

 

 

"C:\Windows\system32\regedit.exe" not found.

 

====== End Of File: ======

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tagee => Key Deleted successfully.

 

C:\Users\mom\AppData\Roaming\Uhbyi => Moved successfully.

 

EmptyTemp: => Removed 3.4 GB temporary data.

 

 

 

The system needed a reboot.

 

 

==== End of Fixlog 14:01:00 ====



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:18 AM

Posted 26 April 2015 - 01:30 PM

:thumbup2:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users