Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV scans Show no infection but something isn't right


  • This topic is locked This topic is locked
38 replies to this topic

#1 enimen2

enimen2

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 29 April 2015 - 07:03 AM

For one everytime the computer is restarted or shut down and reboots when it gets to the home screen i get this Run Legacy CPL Elevated pop up asking if i want it to make changes to the computer, says its for the realtek camera. I was hitting cancel but started just clicking the X just in case, seemed better then cancel or ok. That kinda popped up outa nowhere, dont really use the camera, havnt updated it or anything so not sure why its asking about it. Computer also doesnt boot up the same. Before when it would boot up it would go to the user screen and after typing in the password a little circle would be circulation while it loaded. Now the circle doesnt rotate, then the screen goes black for less then a second then comes back and eventually loads up to the homescreen. Have also seen some files that i am denied access to as the admin like documents folders or common folders like that, they almost look like duplicates. Sometimes when typing in the user log on password it doesnt work even though it was typed right. When i open up task manager just to check CPU usage it looks normal (CPU Usage on idle about 0-10%) but the computer doesnt seem as fast and sometimes it has unusual sounds. I know computers have normal sounds like the fans kicking on and off or maybe the hard drive making certain sounds but sometimes its almost like gears meshing. Im currently using mcaffee and malewarebytes and ive ran both and constantly run them but they havnt found the problem. Sometimes when it would boot up after loggin in the screen would just be black as well with the mouse cursor, might have been due to a driver issue. Today i uninstalled it and reinstalled but still goes to black every so often. Also been having issues with icons in the task bar, one day mcaffe had 2 icons, then after a reboot the 2nd disappeared. The sound icon also has a habit of disappearing and maybe a few others too. When i click on properties for the task bar it says the audio service isnt running, but the audio is working i just cant use the task bar icon to adjust the volume, i have to manually go in to the start menu and select the sound then adjust the volume. Been running diagnostics and they all show everythings ok, except for i did run a sfc /scannow in command prompt a couple days ago. It found a bunch of bad files and repaired them. Since then the computer does seem to be running better but not like it should.


Edited by enimen2, 29 April 2015 - 08:07 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 04 May 2015 - 07:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/574739 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 04 May 2015 - 10:02 PM

Heres the logs

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 09 May 2015 - 07:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:18 PM

Posted 14 May 2015 - 09:36 AM

Hi enimen2,

 

Welcome here at Bleeping Computer. I'm sorry for the delay in responding to you, we got a lot of logs to handle at the moment. I am Black_Bird and I will be helping you during the malware removal process.

 

An important WARNING to all individuals reading this topic:
All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!
Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.


General rules:
  • From now on, don't use this computer anymore to access your bank account or any other serious business where you have to login for, untill I've told you your computer is clean from malware.
  • Be patient waiting for my answer. I'm doing the best I can to answer to logs as soon as possible, but I'm handling multiple topics at the same time. Please feel free to remind me of your topic by sending a link to it by private message, when I didn't get back to you after 24 hours.
  • Don't change anything on your computer in the period I'm helping you, except when I tell you to do so. So don't add/remove any software (programs, drivers, etc.) and don't change any hardware. If you really need to change something that can't wait, please inform me directly, by posting it in this topic or - if private - send me a private message containing an explanation of the changes made by you. This gives me the possibility to give you good advice.


Rules about advices from me:
  • The Helpers active on this board first got a full training in removing malware and providing support to people who got infected. Also they were trained to resolve any problems caused by malware infections. Please use the programs I provide to you only when under supervision of a trained Helper. This, because using these programs without supervision can cause damage to your computer.
  • It's possible that your virus scanner, anti-spyware program or any other malware protection program or policy tries to block one or more of the programs provided by us. If that is the case, please always allow those programs to run and/or allow the provided changes to be made. If needed to run our tools properly, temporarily disable your anti-malware programs.
  • Always Save tools provided by me to your Desktop, unless I give you other instructions. Don't ever run tools directly from the internet, because this can stop them from working properly. Also never save tools to any other locations than your Desktop.
  • If you have any problems while following my instructions, stop there and tell me the exact nature of the issue.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit.


Rules about posting results:
  • Always copy/paste the logfiles in your replies completely. If a logfile doesn't fit into one post, please add the logfile as an attachment instead. If this still won't work, please inform me.
  • Never change something in the logfiles!! Include them in your posts as they were provided by the tools. This way I'll get a clear view on your system's situation. If you change the logfiles, it will take more time to clean up your computer.
  • Don't post logs using CODE, QUOTE or FONT tags. Just post them as direct text.


Things I want you to do before performing the steps below:
  • Please enable your system to show hidden files: How to see hidden files in Windows.
  • Make sure you're subscribed to this topic. Click on the Follow This Topic button at the top right of this page, make sure that the Receive Notification box is checked and that it is set to Instantly.
  • Even though we do the best we can to help you, removing malware includes risks. Therefor I advise you to back-up all of your important files to a CD/DVD, external drive or flash drive. For instructions/help, take a look here.


-------------------------------------------------------------------------------------------------------------------------------------------------------
Thanks in advance for keeping above rules in mind. :)
Maybe they look like unnecessary rules, but practice teaches us they are needed to help.

Now, let's continue with the steps you need to do:
-------------------------------------------------------------------------------------------------------------------------------------------------------
 

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

 

 

1. We need to uninstall some programs from your computer.

  • Please go to Start > Control Panel.
  • In the window that opens ("Control Panel"), click Uninstall a program. A list containing all installed programs will open.
  • Please delete the following programs because they are malware related:
    • Coupon Printer for Windows
    • MarketResearch
  • I advise you to remove these toolbars as well, as they'll slow down your web browser and sometimes also got potentially unwanted software in them:
    • Google Toolbar for Internet Explorer
    • Microsoft Live Search Toolbar

    • Yahoo! Toolbar
  • When done, please close all windows and reboot your PC.

 

2. Download RKill and save it to your Desktop.

  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.

 

3. Download AdwCleaner and save it to your Desktop.

  • Close all open windows.
  • Right-click AdwCleaner.exe and select Run as Administrator.
  • When the program has started, click the Scan button and wait untill the scan has finished.
  • Make sure everything (on all tabs) is selected, and click the Clean button.
  • It's possible that AdwCleaner asks you to restart the system. It's important that you agree with this.
  • After restart a logfile will appear. Please post the contents of that logfile in your next reply.

 

4. Please download to your Desktop.

  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!


5. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.


6. Please remove fixlist.txt from your PC.

7. Please reboot your PC.

 

8. Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).


9. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.


10. Please give me an update on your PC problems. Also please include the results from the following tools in your next reply:
  • RKill

  • AdwCleaner
  • Farbar Recovery Scan Tool - using fixlist.txt

  • Malwarebytes' Anti-Malware
  • Farbar Recovery Scan Tool - regular scan

 

11. I also see you already ran ComboFix. I really advise you to NOT run this tool without supervision of a trained Malware Removal Team member anymore. This, because this tool can - when misused - mess up your PC and even make it unbootable. The tool was developed by sUBs and has always been meant to be used under supervision.

 

Now as you already did run it, please include the ComboFix-logfile into your next reply. You can locate it as C:\ComboFix.txt.


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#6 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 15 May 2015 - 01:18 AM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/14/2015 10:31:38 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 05/14/2015 10:34:07 PM
Execution time: 0 hours(s), 2 minute(s), and 29 seconds(s)
--------------------------------------------------------------------------------
 
# AdwCleaner v4.203 - Logfile created 14/05/2015 at 22:44:04
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : TRISHA ECKARD - TRISHECKARD-PC
# Running from : C:\Users\TRISHA ECKARD\Desktop\cleaning\adwcleaner_4.203.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\SealePlus
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\TRISHA ECKARD\AppData\Roaming\DriverCure
Folder Found : C:\Users\TRISHA ECKARD\AppData\Roaming\speedypc software
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\speedypc software
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\speedypc software
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\speedypc software
Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Found : HKU\.DEFAULT\Software\AVG Secure Search
Key Found : HKU\.DEFAULT\Software\IGearSettings
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : bmkckgpgekmanipelfidlhmkfcjicion
 
*************************
 
AdwCleaner[R0].txt - [2591 bytes] - [14/05/2015 22:44:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2650 bytes] ##########
--------------------------------------------------------------------------------------------------------------
 
# AdwCleaner v4.203 - Logfile created 14/05/2015 at 22:53:20
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : TRISHA ECKARD - TRISHECKARD-PC
# Running from : C:\Users\TRISHA ECKARD\Desktop\cleaning\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\SealePlus
Folder Deleted : C:\Users\TRISHA ECKARD\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\TRISHA ECKARD\AppData\Roaming\speedypc software
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKU\.DEFAULT\Software\IGearSettings
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bmkckgpgekmanipelfidlhmkfcjicion
 
*************************
 
AdwCleaner[R0].txt - [2737 bytes] - [14/05/2015 22:44:04]
AdwCleaner[S0].txt - [2611 bytes] - [14/05/2015 22:53:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2670  bytes] ##########
------------------------------------------------------------------------------------------------------------------
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 02
Ran by TRISHA ECKARD at 2015-05-14 23:14:46 Run:2
Running from C:\Users\TRISHA ECKARD\Desktop\cleaning
Loaded Profiles: TRISHA ECKARD (Available profiles: TRISHA ECKARD)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:7FAE3E0D
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMQAzAD (the data entry has 109 more characters).
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413104 2015-03-04] (Coupons.com Inc.)
S0 qxuaja; No ImagePath
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
C:\Program Files (x86)\Coupons
 
*****************
 
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\ProgramData\Temp => ":7FAE3E0D" ADS removed successfully.
C:\Program Files (x86)\Coupons\CouponPrinterService.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value deleted successfully.
CouponPrinterService => Service not found.
qxuaja => Service deleted successfully.
PCDSRVC{F36B3A4C-F95654BD-06000000}_0 => Service deleted successfully.
"C:\Program Files (x86)\Coupons" => File/Directory not found.
 
==== End of Fixlog 23:14:47 ====
 
 
now gonna restart and run malewarebytes and frst again then ill post those results along with the combo fix


#7 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:18 PM

Posted 15 May 2015 - 07:38 AM

Hi there,

 

No problem, I'll wait for your other logs/results. Good luck. :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#8 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 15 May 2015 - 07:49 AM

I removed the programs that were listed but i couldnt find the market research one.

 

--------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 5/15/2015 12:02:02 AM, SYSTEM, TRISHECKARD-PC, Scheduler, Malware Database, 2015.5.14.5, 2015.5.15.1, 
Protection, 5/15/2015 12:02:02 AM, SYSTEM, TRISHECKARD-PC, Protection, Refresh, Starting, 
Protection, 5/15/2015 12:02:02 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/15/2015 12:02:02 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/15/2015 12:02:36 AM, SYSTEM, TRISHECKARD-PC, Protection, Refresh, Success, 
Protection, 5/15/2015 12:02:36 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/15/2015 12:02:37 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Started, 
Scan, 5/15/2015 3:54:50 AM, SYSTEM, TRISHECKARD-PC, Manual, Start:5/14/2015 11:22:31 PM, Duration:4 hr 32 min 19 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 5/15/2015 4:01:54 AM, SYSTEM, TRISHECKARD-PC, Scheduler, Malware Database, 2015.5.15.1, 2015.5.15.2, 
Protection, 5/15/2015 4:01:54 AM, SYSTEM, TRISHECKARD-PC, Protection, Refresh, Starting, 
Protection, 5/15/2015 4:01:54 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/15/2015 4:01:54 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/15/2015 4:02:19 AM, SYSTEM, TRISHECKARD-PC, Protection, Refresh, Success, 
Protection, 5/15/2015 4:02:19 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/15/2015 4:02:19 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Started, 
 
(end)
------------------------------------------------------------------------------------------------------------------------------------------------------
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/14/2015
Scan Time: 11:22:31 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.14.05
Rootkit Database: v2015.05.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TRISHA ECKARD
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 945997
Time Elapsed: 4 hr, 32 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
--------------------------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by TRISHA ECKARD (administrator) on TRISHECKARD-PC on 15-05-2015 05:39:03
Running from C:\Users\TRISHA ECKARD\Desktop\cleaning
Loaded Profiles: TRISHA ECKARD (Available profiles: TRISHA ECKARD)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(深圳市驱动人生软件技术有限公司) C:\Program Files (x86)\DTLSoft\DriveTheLife\DTLService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {E1DDB031-F957-48F5-8AAB-D23BB1456174} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E1DDB031-F957-48F5-8AAB-D23BB1456174} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {547DE213-A994-49C1-935F-BBBF5F1CE3D8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24} URL = http://search.yahoo.com/search?fr=chr-atty&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {8D53B767-6A6F-4927-AED1-A337400AE472} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US91004D20150201&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {E1DDB031-F957-48F5-8AAB-D23BB1456174} URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-11-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-01]
FF HKU\S-1-5-21-4229564678-467282434-3073527574-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> https://mysearch.avg.com?cid={0E8006D4-3DC2-431F-98EE-6A60B7E102D1}&mid=32b0b23c852e03dac7e21469055d5a85-e3ebe072224450a68cde6901bec20a817729cdec&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-04-18 17:30:14&v=18.1.9.799&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "https://www.google.com/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (MEGA) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-05-01]
CHR Extension: (Bookmark Manager) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-24]
CHR Extension: (Skype Click to Call) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-23]
CHR Extension: (Google Wallet) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-01]
CHR HKU\S-1-5-21-4229564678-467282434-3073527574-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TRISHA~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-4229564678-467282434-3073527574-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DTLSvc6; C:\Program Files (x86)\DTLSoft\DriveTheLife\DTLService.exe [155488 2015-04-01] (深圳市驱动人生软件技术有限公司)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-28] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-03-26] (Phoenix Technologies) [File not signed]
R1 DtlDrvProtect; C:\Windows\System32\drivers\DtlDrvProtect64.sys [174832 2015-05-14] (深圳市驱动人生软件技术有限公司)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8222440 2012-04-06] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\TRISHA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-14 22:44 - 2015-05-14 22:53 - 00000000 ____D () C:\AdwCleaner
2015-05-14 22:27 - 2015-05-14 22:27 - 00000000 ____D () C:\Users\TRISHA ECKARD\Downloads\reinstall
2015-05-14 22:25 - 2015-05-15 05:39 - 00000000 ____D () C:\Users\TRISHA ECKARD\Desktop\cleaning
2015-05-13 19:59 - 2015-05-14 19:50 - 00001095 _____ () C:\Users\TRISHA ECKARD\Downloads\install info.txt
2015-05-12 23:14 - 2009-09-11 17:15 - 01002008 _____ (Intel Corporation) C:\Windows\SysWOW64\igxpun.exe
2015-05-12 22:56 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:56 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:15 - 2015-05-04 18:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:15 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:15 - 2015-04-21 19:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:15 - 2015-04-21 18:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:15 - 2015-04-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:15 - 2015-04-21 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:15 - 2015-04-21 09:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:15 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:15 - 2015-04-21 09:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:15 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:15 - 2015-04-21 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:15 - 2015-04-21 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:15 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:15 - 2015-04-21 09:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:15 - 2015-04-21 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:15 - 2015-04-21 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:15 - 2015-04-21 09:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:15 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:15 - 2015-04-21 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:15 - 2015-04-21 09:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:15 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:15 - 2015-04-21 09:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:15 - 2015-04-21 09:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:15 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:15 - 2015-04-21 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:15 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:15 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:15 - 2015-04-21 09:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:15 - 2015-04-21 09:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:15 - 2015-04-21 09:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:15 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:15 - 2015-04-21 08:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:15 - 2015-04-21 08:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:15 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:15 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:15 - 2015-04-21 08:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:15 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:15 - 2015-04-21 08:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:15 - 2015-04-21 08:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:15 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:15 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:15 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:15 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:15 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:15 - 2015-04-21 08:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:15 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:15 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:15 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:15 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:15 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:15 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:15 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:15 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:14 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:14 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:14 - 2015-04-21 09:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:14 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:14 - 2015-04-21 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:14 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:14 - 2015-04-21 09:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:14 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:14 - 2015-04-21 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:14 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:14 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:10 - 2015-04-27 12:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 21:10 - 2015-04-27 12:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:10 - 2015-04-27 12:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 21:10 - 2015-04-27 12:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 21:10 - 2015-04-27 12:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 21:10 - 2015-04-27 12:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 21:10 - 2015-04-27 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 21:10 - 2015-04-27 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 21:10 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 21:10 - 2015-04-27 12:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 21:10 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 21:10 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 21:10 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 21:10 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 21:10 - 2015-04-27 12:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 21:10 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 21:10 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 21:10 - 2015-04-27 10:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 21:10 - 2015-04-27 10:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 21:10 - 2015-04-27 10:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:10 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:10 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:10 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:10 - 2015-04-19 19:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:10 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:09 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:09 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:09 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 21:09 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 21:09 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 21:09 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:09 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 21:09 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 21:09 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 21:09 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 21:09 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 21:09 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:09 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:09 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-10 17:23 - 2015-05-10 17:23 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life 2
2015-05-10 03:14 - 2015-05-10 03:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Steam
2015-05-10 03:05 - 2015-05-10 03:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-07 17:00 - 2015-05-07 17:00 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\uccnobn.sys
2015-05-06 23:58 - 2015-05-07 00:46 - 00000974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Sierra Utilities.lnk
2015-05-06 23:58 - 2015-05-06 23:58 - 00000000 ____D () C:\Windows\solcache
2015-05-06 23:57 - 2015-05-06 23:58 - 00000000 ____D () C:\Program Files (x86)\Sierra On-Line
2015-05-06 23:57 - 1998-10-30 22:21 - 01022976 _____ (Cendant Software) C:\Windows\SysWOW64\SierraNW.dll
2015-05-06 23:57 - 1998-10-30 22:21 - 00231936 _____ (Cendant Software) C:\Windows\SysWOW64\SNWValid.dll
2015-05-06 23:56 - 2015-05-07 00:46 - 00000542 _____ () C:\Windows\SIERRA.INI
2015-05-06 23:54 - 2015-05-06 23:54 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\PowerISO
2015-05-04 19:56 - 2015-05-15 05:39 - 00000000 ____D () C:\FRST
2015-05-04 04:02 - 2015-05-04 04:02 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Steam
2015-05-04 04:00 - 2015-05-11 18:57 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-05-02 05:27 - 2015-05-02 05:27 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-02 05:27 - 2015-05-02 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-02 05:26 - 2015-05-02 05:27 - 00000000 ____D () C:\Program Files\iTunes
2015-05-02 05:26 - 2015-05-02 05:26 - 00000000 ____D () C:\Program Files\iPod
2015-05-02 05:22 - 2015-05-15 04:01 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 05:22 - 2015-05-02 05:22 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-02 05:22 - 2015-05-02 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-02 05:21 - 2015-05-02 05:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-02 05:21 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-02 05:21 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-02 05:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-02 05:06 - 2015-05-02 05:07 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2015-05-01 00:25 - 2015-05-15 01:36 - 00007637 _____ () C:\Users\TRISHA ECKARD\AppData\Local\resmon.resmoncfg
2015-04-30 18:09 - 2015-04-30 18:09 - 00039647 _____ () C:\ComboFix.txt
2015-04-30 17:48 - 2015-04-30 18:09 - 00000000 ____D () C:\ComboFix
2015-04-30 17:48 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-30 17:48 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-30 17:48 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-30 17:47 - 2015-04-30 18:09 - 00000000 ____D () C:\Qoobox
2015-04-30 17:46 - 2015-04-30 18:06 - 00000000 ____D () C:\Windows\erdnt
2015-04-30 05:02 - 2015-04-30 05:02 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\SKIDROW
2015-04-29 19:46 - 2015-04-29 19:47 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix
2015-04-27 18:51 - 2015-04-27 18:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-27 18:49 - 2015-05-13 00:38 - 00000000 ____D () C:\Windows\pss
2015-04-27 00:06 - 2015-04-27 00:06 - 00003410 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4229564678-467282434-3073527574-1000
2015-04-27 00:04 - 2015-04-27 00:04 - 00003190 _____ () C:\Windows\System32\Tasks\RealCreateProcessScheduledTask179632062S-1-5-21-4229564678-467282434-3073527574-1000
2015-04-26 23:56 - 2015-04-30 23:37 - 00003274 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4229564678-467282434-3073527574-1000
2015-04-26 23:56 - 2015-04-26 23:56 - 00003390 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4229564678-467282434-3073527574-1000
2015-04-26 23:51 - 2015-04-28 05:51 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Real
2015-04-26 23:00 - 2015-05-10 17:37 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\HandBrake
2015-04-24 15:04 - 2015-04-24 15:04 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\WinRAR
2015-04-24 14:59 - 2015-04-24 14:59 - 00001137 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2015-04-24 14:59 - 2015-04-24 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-04-24 14:49 - 2015-04-24 14:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-24 14:48 - 2015-04-24 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-24 14:37 - 2015-04-24 14:37 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-24 14:36 - 2015-04-24 14:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-24 14:36 - 2015-04-24 14:36 - 00002049 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-24 14:36 - 2015-04-24 14:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-21 23:49 - 2015-04-21 23:50 - 00000000 ____D () C:\Program Files (x86)\hkSFV
2015-04-21 23:44 - 2015-05-10 21:16 - 00065121 _____ () C:\Windows\DirectX.log
2015-04-21 21:25 - 2015-04-21 21:26 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\AppClient
2015-04-21 06:14 - 2015-04-21 06:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\iFunbox_UserCache
2015-04-21 05:11 - 2015-04-21 05:11 - 00000000 ____D () C:\Users\TRISHA ECKARD\Documents\Monolith Productions
2015-04-20 07:05 - 2015-05-12 14:58 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-20 06:19 - 2015-05-14 23:21 - 00004350 _____ () C:\Windows\setupact.log
2015-04-20 06:19 - 2015-05-14 22:56 - 00140230 _____ () C:\Windows\PFRO.log
2015-04-20 02:27 - 2015-04-20 02:27 - 00002684 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
2015-04-20 01:48 - 2015-04-20 03:49 - 00000000 ____D () C:\Users\Public\Documents\TimeGate Studios
2015-04-19 16:08 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-19 16:08 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-19 16:07 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-19 16:07 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-19 16:07 - 2012-08-23 06:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-19 16:07 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-04-19 16:07 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-04-19 16:07 - 2012-08-23 02:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-18 14:48 - 2015-04-18 14:48 - 00000000 ____D () C:\Users\Public\Documents\Monolith Productions
2015-04-17 23:28 - 2015-04-18 14:21 - 00000525 _____ () C:\Windows\QIII.INI
2015-04-17 23:28 - 2015-04-17 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer.com
2015-04-17 23:27 - 2015-04-17 23:27 - 00000000 ____D () C:\Program Files (x86)\Mplayer
2015-04-17 23:26 - 1999-10-09 17:30 - 00305152 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-04-17 22:34 - 2015-05-14 19:56 - 00000000 ____D () C:\Users\TRISHA ECKARD\Documents\My Games
2015-04-16 19:00 - 2015-04-16 19:18 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\VOS
2015-04-15 03:12 - 2015-04-15 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 05:05 - 2009-09-22 20:31 - 01363771 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 04:46 - 2012-04-23 18:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-15 03:03 - 2015-04-14 14:53 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForTRISHA ECKARD.job
2015-05-14 23:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-14 23:33 - 2015-01-23 05:56 - 00000000 ____D () C:\Users\TRISHA ECKARD\Desktop\mikes
2015-05-14 23:30 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 23:30 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 23:21 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 23:20 - 2015-04-14 05:30 - 00174832 _____ (深圳市驱动人生软件技术有限公司) C:\Windows\system32\Drivers\dtldrvprotect64.sys
2015-05-14 22:56 - 2015-03-25 21:54 - 00000000 ____D () C:\Program Files\Google
2015-05-14 22:56 - 2010-08-26 10:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-14 22:30 - 2009-11-11 15:18 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-05-14 22:29 - 2010-08-26 10:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Google
2015-05-14 22:28 - 2015-03-20 21:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\uTorrent
2015-05-14 06:48 - 2015-02-18 05:41 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\CrashDumps
2015-05-13 05:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 04:51 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-13 04:44 - 2009-07-13 21:45 - 00328656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-12 23:16 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 23:16 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 23:15 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 23:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 23:13 - 2015-02-02 02:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 23:02 - 2015-02-02 02:23 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 22:55 - 2013-03-14 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 18:57 - 2015-03-24 18:23 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-05-11 18:26 - 2009-11-08 17:33 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\VirtualStore
2015-05-10 22:23 - 2010-10-01 19:26 - 00058880 ___SH () C:\Users\TRISHA ECKARD\Documents\Thumbs.db
2015-05-10 18:40 - 2015-03-18 00:51 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-07 17:00 - 2009-11-12 17:26 - 00000000 ____D () C:\Windows\hpojj4500
2015-05-06 21:04 - 2010-02-15 19:33 - 00021538 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\wklnhst.dat
2015-05-06 21:04 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-04 04:02 - 2015-02-20 06:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-02 05:27 - 2010-05-27 12:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-30 23:39 - 2015-02-14 02:39 - 00003048 _____ () C:\Windows\System32\Tasks\{21012C9F-4BA5-4959-A5DE-6A1B09592801}
2015-04-30 18:09 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2015-04-30 18:05 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-30 17:57 - 2009-08-31 17:02 - 00000000 ____D () C:\ProgramData\Temp
2015-04-30 05:39 - 2015-02-01 17:12 - 00001918 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2015-04-29 23:02 - 2009-11-08 17:32 - 00082240 _____ () C:\Users\TRISHA ECKARD\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-29 21:54 - 2009-11-27 10:38 - 00000000 ____D () C:\ProgramData\Recovery
2015-04-29 05:15 - 2009-08-31 17:01 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-04-29 05:15 - 2009-08-31 17:01 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-29 05:15 - 2009-08-31 17:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-29 05:15 - 2009-08-31 16:53 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-04-28 05:50 - 2009-11-08 17:27 - 00000000 ____D () C:\Users\TRISHA ECKARD
2015-04-26 19:10 - 2009-11-11 15:22 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Adobe
2015-04-26 19:09 - 2009-11-26 17:37 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Adobe
2015-04-24 20:59 - 2015-02-01 17:09 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-24 14:48 - 2010-05-23 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-24 14:38 - 2012-04-23 18:04 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-24 14:38 - 2012-04-23 18:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-24 14:38 - 2012-02-11 11:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-24 14:36 - 2009-11-26 17:39 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-22 20:27 - 2015-01-07 21:19 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2015-04-21 23:57 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-21 17:09 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\addins
2015-04-21 15:03 - 2015-04-14 14:53 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTRISHA ECKARD
2015-04-21 01:28 - 2015-01-24 15:32 - 00003706 _____ () C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2015-04-21 00:24 - 2009-11-08 17:35 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\PowerCinema
2015-04-20 06:55 - 2009-08-31 17:51 - 00000000 ____D () C:\hp
2015-04-20 06:55 - 2009-08-31 17:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-04-20 06:55 - 2009-08-31 17:25 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2015-04-20 06:54 - 2009-11-08 17:28 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Hewlett-Packard
2015-04-20 06:46 - 2009-11-11 15:22 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Macromedia
2015-04-20 03:09 - 2009-08-31 17:25 - 00000000 ____D () C:\Program Files (x86)\HP Games
2015-04-20 02:24 - 2009-08-31 17:11 - 00000872 _____ () C:\0
2015-04-20 02:02 - 2015-02-17 01:59 - 00000796 _____ () C:\Users\TRISHA ECKARD\Desktop\My Pictures - Shortcut.lnk
2015-04-19 18:38 - 2015-04-14 05:32 - 00000000 ____D () C:\ProgramData\DriveTheLife2013
2015-04-19 18:33 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-19 18:32 - 2009-07-13 19:34 - 95944704 _____ () C:\Windows\system32\config\software.bak
2015-04-19 18:32 - 2009-07-13 19:34 - 22020096 _____ () C:\Windows\system32\config\system.bak
2015-04-19 18:32 - 2009-07-13 19:34 - 05242880 _____ () C:\Windows\system32\config\default.bak
2015-04-19 18:32 - 2009-07-13 19:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-04-19 18:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 07:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 03:32 - 2014-12-10 04:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 03:32 - 2014-05-08 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 03:14 - 2014-02-25 04:02 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:12 - 2013-11-09 20:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 03:12 - 2013-11-09 20:28 - 00000000 ____D () C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2011-05-24 16:58 - 2011-09-20 16:48 - 0001854 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\GhostObjGAFix.xml
2015-04-20 02:01 - 2015-04-20 02:23 - 0000115 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\LogFile.txt
2015-02-09 04:22 - 2015-04-10 00:50 - 0000600 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\winscp.rnd
2010-02-15 19:33 - 2015-05-06 21:04 - 0021538 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\wklnhst.dat
2015-05-01 00:25 - 2015-05-15 01:36 - 0007637 _____ () C:\Users\TRISHA ECKARD\AppData\Local\resmon.resmoncfg
2015-03-26 03:03 - 2015-03-26 03:04 - 0011834 _____ () C:\Users\TRISHA ECKARD\AppData\Local\Temp-log.txt
2013-10-06 09:21 - 2014-05-04 10:21 - 0194215 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp008.JPG
2013-07-04 11:44 - 2013-07-04 11:44 - 2218189 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp012.JPG
2013-07-04 11:44 - 2013-07-04 11:44 - 0009494 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp012_navi.JPG
2010-01-03 16:50 - 2010-01-03 16:50 - 0012451 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp015_navi.JPG
2013-10-06 09:27 - 2013-10-06 09:27 - 2204350 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp016.JPG
2011-03-05 12:49 - 2011-03-05 12:48 - 0909063 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.1
2011-03-05 12:49 - 2011-03-05 12:49 - 0903830 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.2
2011-03-05 12:49 - 2011-03-05 12:49 - 0930390 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.3
2011-03-05 12:49 - 2011-03-05 12:48 - 2134535 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.4
2011-03-05 12:49 - 2011-03-05 12:49 - 0909068 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.5
2011-03-05 12:49 - 2011-03-05 12:49 - 0915416 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.6
2011-03-05 12:49 - 2011-03-05 12:49 - 0910052 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.7
2011-03-05 12:49 - 2011-03-05 12:49 - 0936358 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.8
2011-03-05 12:50 - 2011-03-05 12:49 - 0910024 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.9
2011-03-02 23:10 - 2011-03-05 12:51 - 0012046 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018_navi.JPG
2011-03-05 12:57 - 2011-03-05 12:56 - 2127311 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp019 - COPY.0
2011-03-05 12:57 - 2011-03-05 12:57 - 0877317 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp019 - COPY.JPG
2011-03-05 12:57 - 2011-03-05 12:57 - 0005990 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp019 - COPY_navi.JPG
2011-03-05 12:52 - 2011-03-05 12:56 - 0006287 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp019_navi.JPG
2010-05-08 20:44 - 2010-05-08 20:44 - 0013987 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp026_navi.JPG
2014-05-08 17:28 - 2014-05-08 17:28 - 0368116 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp036.JPG
2012-04-28 19:39 - 2012-04-28 19:39 - 0265446 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp052.0
2011-06-18 23:10 - 2011-06-18 23:10 - 2282259 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp117.JPG
2011-05-07 18:53 - 2011-05-07 18:53 - 1716413 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp152.0
2011-05-07 18:53 - 2011-05-07 18:53 - 1325954 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp152.JPG
2012-12-01 12:42 - 2012-12-01 12:42 - 0274547 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp196.0
2012-12-01 12:42 - 2012-12-01 12:42 - 0203133 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp196.JPG
2011-12-03 21:08 - 2011-12-03 21:08 - 1899101 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp2011-08-27_20-45-27_331.JPG
2011-12-03 21:06 - 2011-12-03 21:06 - 1897374 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp2011-08-27_20-55-15_804.JPG
2014-05-02 20:30 - 2014-05-02 20:30 - 0238216 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp2014-05-02 20.24.55 (1).0
2014-05-02 20:30 - 2014-05-02 20:30 - 0109769 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp2014-05-02 20.24.55 (1).JPG
2011-12-10 20:47 - 2011-12-10 20:47 - 0474319 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp279.0
2011-12-10 20:47 - 2011-12-10 20:47 - 0398638 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp279.JPG
2011-07-07 09:06 - 2011-07-07 09:06 - 2703998 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp341.0
2011-07-07 09:06 - 2011-07-07 09:06 - 0554882 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp341.JPG
2010-06-05 12:50 - 2010-06-05 12:50 - 2905164 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp46210008[1].0
2010-06-05 12:50 - 2010-06-05 12:50 - 0528415 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp46210008[1].1
2010-06-05 12:50 - 2010-06-05 12:50 - 0525186 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp46210008[1].JPG
2013-10-06 09:25 - 2013-10-06 09:25 - 2285500 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpP6250210.JPG
2009-11-14 15:53 - 2009-11-14 15:50 - 2082134 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010175.0
2009-11-14 15:53 - 2009-11-14 15:53 - 0605267 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010175.JPG
2009-11-14 15:50 - 2009-11-14 15:50 - 0011884 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010175_navi.JPG
2013-10-06 09:58 - 2013-10-06 09:58 - 2259347 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010199.JPG
2012-03-04 10:05 - 2012-03-04 10:05 - 2288153 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpPA030317.JPG
2013-07-15 18:08 - 2013-07-15 18:08 - 0003651 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpSPOU.0
2013-07-15 18:08 - 2013-07-15 18:08 - 0003647 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpSPOU.JPG
 
Some content of TEMP:
====================
C:\Users\TRISHA ECKARD\AppData\Local\Temp\Quarantine.exe
C:\Users\TRISHA ECKARD\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 01:56
 
==================== End Of Log ============================
 
ComboFix 15-04-28.01 - TRISHA ECKARD 04/30/2015  17:51:10.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5110.2445 [GMT -7:00]
Running from: c:\users\TRISHA ECKARD\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\14262595921041688000
c:\programdata\14262595921041688000\cd5b15e575e1c3d0c676bc1c9e83c3b0.ini
c:\users\TRISHA ECKARD\AppData\Local\wpp.exe
c:\users\TRISHA ECKARD\AppData\Roaming\.#
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\06d24331253c550d.fb
c:\windows\SysWow64\Cache\075884af680ff6dc.fb
c:\windows\SysWow64\Cache\1c05883d506c00d0.fb
c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
c:\windows\SysWow64\Cache\26c630d098e22dd5.fb
c:\windows\SysWow64\Cache\272512937d9e61a4.fb
c:\windows\SysWow64\Cache\287204568329e189.fb
c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
c:\windows\SysWow64\Cache\2c53092c95605355.fb
c:\windows\SysWow64\Cache\30bcad2301eb284d.fb
c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
c:\windows\SysWow64\Cache\3917078cb68ec657.fb
c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
c:\windows\SysWow64\Cache\4da23c6a77a2bd4c.fb
c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
c:\windows\SysWow64\Cache\5948dc9040b8930f.fb
c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
c:\windows\SysWow64\Cache\633a76311867bd11.fb
c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
c:\windows\SysWow64\Cache\691f14230153a9e1.fb
c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
c:\windows\SysWow64\Cache\70f6fb9db9525c0b.fb
c:\windows\SysWow64\Cache\714aea02a2eedac0.fb
c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
c:\windows\SysWow64\Cache\881b3593316772f0.fb
c:\windows\SysWow64\Cache\95f567698be8a182.fb
c:\windows\SysWow64\Cache\98657d0579ae1930.fb
c:\windows\SysWow64\Cache\9fccfb2ab3f16371.fb
c:\windows\SysWow64\Cache\a40c15bb3fb8e688.fb
c:\windows\SysWow64\Cache\a5bbb15bae694a20.fb
c:\windows\SysWow64\Cache\a6b9297464405274.fb
c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
c:\windows\SysWow64\Cache\b5b38459516e8a4c.fb
c:\windows\SysWow64\Cache\c1a394191a94eee4.fb
c:\windows\SysWow64\Cache\c1fa887b03019701.fb
c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
c:\windows\SysWow64\Cache\c4e10d1be905349b.fb
c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
c:\windows\SysWow64\Cache\d2e94710a5708128.fb
c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
c:\windows\SysWow64\Cache\dbb0d4d897c89035.fb
c:\windows\SysWow64\Cache\e0de16f883bea794.fb
c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
c:\windows\SysWow64\Cache\f34d8db84131d925.fb
c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
c:\windows\SysWow64\Cache\fa30064bd5c93a03.fb
c:\windows\SysWow64\system
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-01 to 2015-05-01  )))))))))))))))))))))))))))))))
.
.
2015-05-01 01:04 . 2015-05-01 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-30 12:02 . 2015-04-30 12:02 -------- d-----w- c:\users\TRISHA ECKARD\AppData\Local\SKIDROW
2015-04-30 03:13 . 2015-04-30 03:17 -------- d-----w- C:\FRST
2015-04-30 02:46 . 2015-04-30 02:47 -------- d-----w- c:\program files (x86)\Advanced Fix
2015-04-29 23:32 . 2015-04-30 00:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-29 23:26 . 2015-04-30 10:25 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2015-04-29 23:26 . 2015-04-29 23:26 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
2015-04-27 06:52 . 2015-04-28 12:52 -------- d-----w- c:\program files (x86)\Real
2015-04-27 06:00 . 2015-04-28 01:09 -------- d-----w- c:\users\TRISHA ECKARD\AppData\Roaming\HandBrake
2015-04-24 21:51 . 2015-04-28 01:47 -------- d-----w- c:\program files\WinRAR
2015-04-24 21:49 . 2015-04-24 21:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-24 21:49 . 2015-04-24 21:48 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-22 06:49 . 2015-04-22 06:50 -------- d-----w- c:\program files (x86)\hkSFV
2015-04-22 04:25 . 2015-04-22 04:26 -------- d-----w- c:\users\TRISHA ECKARD\AppData\Roaming\AppClient
2015-04-21 13:14 . 2015-04-21 13:14 -------- d-----w- c:\users\TRISHA ECKARD\AppData\Roaming\iFunbox_UserCache
2015-04-20 09:27 . 2015-04-20 09:27 -------- d-----w- c:\users\TRISHA ECKARD\AppData\Roaming\DriverCure
2015-04-20 09:01 . 2015-04-20 09:01 -------- d-----w- c:\users\TRISHA ECKARD\AppData\Roaming\SpeedyPC Software
2015-04-20 09:00 . 2015-04-20 09:39 -------- d-----w- c:\programdata\SpeedyPC Software
2015-04-19 23:08 . 2013-10-02 00:15 1057280 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-04-19 23:08 . 2013-10-01 23:08 855552 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2015-04-19 23:07 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-04-19 23:07 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-04-19 23:07 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-04-19 23:07 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2015-04-19 23:07 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2015-04-19 23:07 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2015-04-18 21:49 . 2015-04-18 21:49 -------- d-----w- c:\programdata\Trymedia
2015-04-18 06:27 . 2015-04-18 06:27 -------- d-----w- c:\program files (x86)\Mplayer
2015-04-18 06:26 . 1999-10-10 00:30 305152 ----a-w- c:\windows\IsUninst.exe
2015-04-17 02:00 . 2015-04-17 02:18 -------- d-----w- c:\users\TRISHA ECKARD\AppData\Roaming\VOS
2015-04-15 10:12 . 2015-04-15 10:12 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-04-15 05:41 . 2008-10-15 13:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2015-04-15 05:41 . 2008-10-15 13:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2015-04-15 05:41 . 2008-10-15 13:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2015-04-15 05:41 . 2008-10-15 13:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2015-04-15 05:41 . 2008-10-15 13:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2015-04-15 05:41 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2015-04-14 22:12 . 2015-03-25 03:24 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-04-14 22:11 . 2015-03-23 03:25 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-04-14 22:11 . 2015-03-23 03:25 769536 ----a-w- c:\windows\system32\invagent.dll
2015-04-14 22:11 . 2015-03-23 03:24 419840 ----a-w- c:\windows\system32\devinv.dll
2015-04-14 22:11 . 2015-03-23 03:24 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-04-14 22:11 . 2015-03-23 03:24 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-04-14 22:11 . 2015-03-23 03:24 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-04-14 22:11 . 2015-03-23 03:24 192000 ----a-w- c:\windows\system32\aepic.dll
2015-04-14 22:11 . 2015-03-23 03:17 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-04-14 20:50 . 2015-03-05 05:12 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-04-14 20:50 . 2015-03-05 04:05 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-04-14 20:47 . 2015-03-10 03:25 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-04-14 20:47 . 2015-03-10 03:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-04-14 20:47 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-04-14 20:47 . 2015-03-10 03:05 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-04-14 20:43 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-14 20:38 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-14 20:38 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-14 20:38 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-14 13:54 . 2015-04-15 03:52 -------- d-----w- c:\program files (x86)\Common Files\Steam
2015-04-14 12:55 . 2013-11-25 16:00 888536 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2015-04-14 12:55 . 2013-11-25 16:00 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2015-04-14 12:32 . 2015-04-14 12:32 -------- d-----w- c:\users\Public\Thunder Network
2015-04-14 12:32 . 2015-04-14 12:32 -------- d-----w- c:\programdata\Thunder Network
2015-04-14 12:32 . 2015-04-20 01:38 -------- d-----w- c:\programdata\DriveTheLife2013
2015-04-14 12:32 . 2015-04-14 12:32 -------- d-----w- c:\users\TRISHA ECKARD\AppData\Roaming\DriveTheLife2013
2015-04-14 12:30 . 2015-04-30 18:09 174832 ----a-w- c:\windows\system32\drivers\dtldrvprotect64.sys
2015-04-14 12:30 . 2015-04-14 12:32 -------- d-----w- C:\DTLFolder
2015-04-14 12:30 . 2015-04-14 12:30 -------- d-----w- c:\program files (x86)\DTLSoft
2015-04-14 12:07 . 2006-05-31 14:22 354072 ----a-w- c:\windows\system32\xactengine2_2.dll
2015-04-14 12:07 . 2006-03-31 19:39 83664 ----a-w- c:\windows\system32\xinput1_1.dll
2015-04-14 12:07 . 2006-03-31 19:40 352464 ----a-w- c:\windows\system32\xactengine2_1.dll
2015-04-14 12:07 . 2006-03-31 19:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2015-04-13 01:58 . 2015-04-13 01:58 -------- d-----w- C:\debug
2015-04-09 05:24 . 2000-01-04 14:39 212992 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2015-04-07 09:53 . 2015-04-07 09:53 -------- d-sh--w- c:\windows\ftpcache
2015-04-07 06:51 . 2015-04-07 06:51 -------- d-----w- c:\users\TRISHA ECKARD\AppData\Local\Intel
2015-04-04 10:00 . 2015-04-04 10:00 -------- d-s---w- c:\windows\system32\GWX
2015-04-04 10:00 . 2015-04-04 10:00 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-03 04:46 . 2015-04-03 04:46 -------- d-----w- c:\windows\GTA Vice City - Burn
2015-04-02 15:25 . 2004-08-04 07:56 413696 ----a-w- c:\windows\SysWow64\temp.003
2015-04-02 15:24 . 1999-03-02 04:44 266293 ----a-w- c:\windows\SysWow64\temp.002
2015-04-02 15:22 . 2004-10-18 21:04 161280 ----a-w- c:\windows\SysWow64\fmod.dll
2015-04-02 15:22 . 2004-08-06 20:49 265785 ----a-w- c:\windows\SysWow64\pixomatic.dll
2015-04-02 15:22 . 2003-01-30 13:04 1500160 ----a-w- c:\windows\SysWow64\cc3260mt.dll
2015-04-02 15:22 . 2002-02-01 14:00 22016 ----a-w- c:\windows\SysWow64\borlndmm.dll
2015-04-02 15:22 . 2004-08-04 07:56 413696 ----a-w- c:\windows\SysWow64\temp.001
2015-04-02 15:22 . 2004-01-06 17:43 188416 ----a-w- c:\windows\SysWow64\eax.dll
2015-04-02 15:22 . 2002-01-05 10:40 487424 ----a-w- c:\windows\SysWow64\Msvcp70.dll
2015-04-02 15:22 . 2002-01-05 10:38 54784 ----a-w- c:\windows\SysWow64\msvci70.dll
2015-04-02 15:22 . 2001-08-23 22:00 565760 ----a-w- c:\windows\SysWow64\msvcp50.dll
2015-04-02 15:22 . 2004-08-18 19:34 442368 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2015-04-02 15:22 . 2002-01-05 13:37 344064 ----a-w- c:\windows\SysWow64\Msvcr70.dll
2015-04-02 15:22 . 1999-03-02 04:44 266293 ----a-w- c:\windows\SysWow64\temp.000
2015-04-02 08:46 . 2015-04-02 08:46 -------- d-----w- c:\users\TRISHA ECKARD\AppData\Local\Wondershare
2015-04-02 08:46 . 2015-04-02 08:46 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2015-04-02 08:45 . 2015-04-02 08:50 -------- d-----w- c:\program files (x86)\Wondershare
2015-04-02 08:45 . 2015-04-02 08:46 -------- d-----w- c:\programdata\Wondershare
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-01 00:36 . 2015-02-26 04:45 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-24 21:38 . 2012-04-24 01:04 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-24 21:38 . 2012-02-11 18:56 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 16:37 . 2015-02-26 04:44 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 16:37 . 2015-02-26 04:44 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 16:37 . 2015-02-26 04:44 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-01 18:16 . 2015-02-02 09:23 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-03-26 09:39 . 2015-03-26 09:39 13824 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2015-03-26 08:03 . 2015-02-26 11:04 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-17 04:56 . 2015-04-14 21:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-02-26 20:08 . 2014-10-01 21:33 444912 ----a-w- c:\windows\CouponPrinter.ocx
2015-02-26 20:08 . 2014-10-01 21:34 659440 ----a-w- c:\windows\couponprinter_x64.ocx
2015-02-26 03:25 . 2015-03-11 09:38 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-20 04:41 . 2015-03-11 09:39 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 09:39 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 09:39 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 09:39 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 09:39 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 09:39 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 09:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 09:39 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 09:39 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 09:39 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-18 19:55 . 2015-02-23 06:12 372264 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-02-18 19:55 . 2015-02-23 06:12 326240 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
2015-02-13 05:22 . 2015-03-11 09:38 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-04 19:23 . 2015-02-04 19:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 19:13 . 2015-02-04 19:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 09:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 09:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 09:39 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 09:39 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 09:39 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 09:39 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 09:39 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 09:39 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 09:38 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 09:38 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 09:39 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 09:39 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 09:39 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 09:39 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 09:39 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 09:39 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 09:39 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 09:39 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 09:39 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 09:39 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 09:39 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 09:39 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 09:39 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 09:39 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 09:39 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 09:39 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 09:39 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 09:39 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 09:39 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 09:39 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 09:39 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 09:39 82432 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 09:39 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 09:39 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 09:39 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 09:39 680960 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 09:39 296448 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 09:39 440832 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 09:39 32256 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 09:39 58880 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 09:39 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 09:39 9728 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 09:39 11264 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 09:39 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 09:39 126464 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 09:39 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 09:39 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 09:39 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 09:39 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 09:39 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 09:39 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 09:39 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 09:39 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 09:38 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 09:38 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 09:39 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 09:39 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 09:39 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-11 09:39 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-11 09:39 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 09:39 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-11 09:39 504320 ----a-w- c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-11 09:39 265216 ----a-w- c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 09:39 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-03-11 09:39 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2015-02-03 03:12 . 2015-03-11 09:39 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-02-03 03:12 . 2015-03-11 09:39 489984 ----a-w- c:\windows\SysWow64\evr.dll
2015-02-03 03:12 . 2015-03-11 09:39 988160 ----a-w- c:\windows\SysWow64\drmv2clt.dll
2015-02-03 03:12 . 2015-03-11 09:39 406016 ----a-w- c:\windows\SysWow64\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-11 09:39 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-03 03:12 . 2015-03-11 09:39 81408 ----a-w- c:\windows\SysWow64\cryptsp.dll
2015-02-03 03:12 . 2015-03-11 09:39 1005056 ----a-w- c:\windows\SysWow64\cryptui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"uTorrent"="c:\users\TRISHA ECKARD\AppData\Roaming\uTorrent\uTorrent.exe" [2015-04-24 1744976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"mcpltui_exe"="c:\program files\Common~1\McAfee\Platform\mcuicnt.exe" [2014-09-17 643064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-10 335232]
"Realtek Camera Manager"="c:\windows\system32\RunLegacyCPLElevated.exe" [2009-07-14 57856]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2015-04-09 2618680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R0 qxuaja;qxuaja; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz134;cpuz134;c:\users\TRISHA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\TRISHA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R4 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
R4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
R4 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 DtlDrvProtect;DtlDrvProtect;c:\windows\system32\drivers\DtlDrvProtect64.sys;c:\windows\SYSNATIVE\drivers\DtlDrvProtect64.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 DTLSvc6;????;c:\program files (x86)\DTLSoft\DriveTheLife\DTLService.exe;c:\program files (x86)\DTLSoft\DriveTheLife\DTLService.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-24 21:31 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-03-17 08:34 285344 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 21:38]
.
2015-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 01:19]
.
2015-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 01:19]
.
2015-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0403a1bd729bc.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 01:19]
.
2015-04-30 c:\windows\Tasks\HPCeeScheduleForTRISHA ECKARD.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-16 00:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-16 00:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-16 00:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-16 00:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-16 00:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-24 363544]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4229564678-467282434-3073527574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4229564678-467282434-3073527574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-30  18:09:21
ComboFix-quarantined-files.txt  2015-05-01 01:09
.
Pre-Run: 362,073,403,392 bytes free
Post-Run: 361,811,103,744 bytes free
.
- - End Of File - - BE7CD719D825FB819B6A108D362DC1A3
89750024E83C5387C5B5F649AFB20429
 
 
computer seems to be running better but still not where it should be.


#9 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:18 PM

Posted 15 May 2015 - 08:30 AM

Hi,

 

1. Please download to your Desktop.

  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!


2. Right-click RKill.exe and select Run as Administrator... to launch this program.
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.


3. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.


4. Please remove fixlist.txt from your PC.

5. Please reboot your PC.

6. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.

  • Please make sure Addition.txt is checked.
  • Click Scan.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.


7. Please give me an update on your PC problems. Also please include the results from the following tools in your next reply:
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Farbar Recovery Scan Tool - regular scan


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#10 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 15 May 2015 - 11:18 AM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/15/2015 08:58:50 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 05/15/2015 09:01:22 AM
Execution time: 0 hours(s), 2 minute(s), and 31 seconds(s)
-------------------------------------------------------------------------------------
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 02
Ran by TRISHA ECKARD at 2015-05-15 08:54:37 Run:3
Running from C:\Users\TRISHA ECKARD\Desktop\cleaning
Loaded Profiles: TRISHA ECKARD (Available profiles: TRISHA ECKARD)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\Windows\System32\Tasks\SpeedyPC Registration3
2015-03-26 03:03 - 2015-03-26 03:04 - 0011834 _____ () C:\Users\TRISHA ECKARD\AppData\Local\Temp-log.txt
2013-10-06 09:21 - 2014-05-04 10:21 - 0194215 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp008.JPG
2013-07-04 11:44 - 2013-07-04 11:44 - 2218189 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp012.JPG
2013-07-04 11:44 - 2013-07-04 11:44 - 0009494 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp012_navi.JPG
2010-01-03 16:50 - 2010-01-03 16:50 - 0012451 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp015_navi.JPG
2013-10-06 09:27 - 2013-10-06 09:27 - 2204350 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp016.JPG
2011-03-05 12:49 - 2011-03-05 12:48 - 0909063 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.1
2011-03-05 12:49 - 2011-03-05 12:49 - 0903830 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.2
2011-03-05 12:49 - 2011-03-05 12:49 - 0930390 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.3
2011-03-05 12:49 - 2011-03-05 12:48 - 2134535 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.4
2011-03-05 12:49 - 2011-03-05 12:49 - 0909068 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.5
2011-03-05 12:49 - 2011-03-05 12:49 - 0915416 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.6
2011-03-05 12:49 - 2011-03-05 12:49 - 0910052 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.7
2011-03-05 12:49 - 2011-03-05 12:49 - 0936358 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.8
2011-03-05 12:50 - 2011-03-05 12:49 - 0910024 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018.9
2011-03-02 23:10 - 2011-03-05 12:51 - 0012046 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp018_navi.JPG
2011-03-05 12:57 - 2011-03-05 12:56 - 2127311 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp019 - COPY.0
2011-03-05 12:57 - 2011-03-05 12:57 - 0877317 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp019 - COPY.JPG
2011-03-05 12:57 - 2011-03-05 12:57 - 0005990 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp019 - COPY_navi.JPG
2011-03-05 12:52 - 2011-03-05 12:56 - 0006287 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp019_navi.JPG
2010-05-08 20:44 - 2010-05-08 20:44 - 0013987 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp026_navi.JPG
2014-05-08 17:28 - 2014-05-08 17:28 - 0368116 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp036.JPG
2012-04-28 19:39 - 2012-04-28 19:39 - 0265446 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp052.0
2011-06-18 23:10 - 2011-06-18 23:10 - 2282259 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp117.JPG
2011-05-07 18:53 - 2011-05-07 18:53 - 1716413 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp152.0
2011-05-07 18:53 - 2011-05-07 18:53 - 1325954 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp152.JPG
2012-12-01 12:42 - 2012-12-01 12:42 - 0274547 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp196.0
2012-12-01 12:42 - 2012-12-01 12:42 - 0203133 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp196.JPG
2011-12-03 21:08 - 2011-12-03 21:08 - 1899101 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp2011-08-27_20-45-27_331.JPG
2011-12-03 21:06 - 2011-12-03 21:06 - 1897374 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp2011-08-27_20-55-15_804.JPG
2014-05-02 20:30 - 2014-05-02 20:30 - 0238216 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp2014-05-02 20.24.55 (1).0
2014-05-02 20:30 - 2014-05-02 20:30 - 0109769 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp2014-05-02 20.24.55 (1).JPG
2011-12-10 20:47 - 2011-12-10 20:47 - 0474319 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp279.0
2011-12-10 20:47 - 2011-12-10 20:47 - 0398638 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp279.JPG
2011-07-07 09:06 - 2011-07-07 09:06 - 2703998 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp341.0
2011-07-07 09:06 - 2011-07-07 09:06 - 0554882 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp341.JPG
2010-06-05 12:50 - 2010-06-05 12:50 - 2905164 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp46210008[1].0
2010-06-05 12:50 - 2010-06-05 12:50 - 0528415 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp46210008[1].1
2010-06-05 12:50 - 2010-06-05 12:50 - 0525186 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmp46210008[1].JPG
2013-10-06 09:25 - 2013-10-06 09:25 - 2285500 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpP6250210.JPG
2009-11-14 15:53 - 2009-11-14 15:50 - 2082134 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010175.0
2009-11-14 15:53 - 2009-11-14 15:53 - 0605267 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010175.JPG
2009-11-14 15:50 - 2009-11-14 15:50 - 0011884 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010175_navi.JPG
2013-10-06 09:58 - 2013-10-06 09:58 - 2259347 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010199.JPG
2012-03-04 10:05 - 2012-03-04 10:05 - 2288153 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpPA030317.JPG
2013-07-15 18:08 - 2013-07-15 18:08 - 0003651 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpSPOU.0
2013-07-15 18:08 - 2013-07-15 18:08 - 0003647 _____ () C:\Users\TRISHA ECKARD\AppData\Local\tmpSPOU.JPG
c:\program files (x86)\Advanced Fix
c:\users\TRISHA ECKARD\AppData\Roaming\DriverCure
c:\users\TRISHA ECKARD\AppData\Roaming\SpeedyPC Software
c:\programdata\SpeedyPC Software
c:\programdata\Trymedia
c:\program files (x86)\Mplayer
c:\users\TRISHA ECKARD\AppData\Local\Wondershare
c:\program files (x86)\Common Files\Wondershare
c:\program files (x86)\Wondershare
c:\programdata\Wondershare
c:\windows\CouponPrinter.ocx
c:\windows\couponprinter_x64.ocx
R0 qxuaja; [x]
R4 CouponPrinterService; c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Tasks\SpeedyPC Registration3 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\Temp-log.txt => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp008.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp012.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp012_navi.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp015_navi.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp016.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp018.1 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp018.2 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp018.3 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp018.4 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp018.5 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp018.6 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp018.7 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp018.8 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp018.9 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp018_navi.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp019 - COPY.0 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp019 - COPY.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp019 - COPY_navi.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp019_navi.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp026_navi.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp036.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp052.0 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp117.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp152.0 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp152.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp196.0 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp196.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp2011-08-27_20-45-27_331.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp2011-08-27_20-55-15_804.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp2014-05-02 20.24.55 (1).0 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp2014-05-02 20.24.55 (1).JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp279.0 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp279.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp341.0 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp341.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp46210008[1].0 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp46210008[1].1 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmp46210008[1].JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmpP6250210.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010175.0 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010175.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010175_navi.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmpP8010199.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmpPA030317.JPG => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmpSPOU.0 => Moved successfully.
C:\Users\TRISHA ECKARD\AppData\Local\tmpSPOU.JPG => Moved successfully.
c:\program files (x86)\Advanced Fix => Moved successfully.
"c:\users\TRISHA ECKARD\AppData\Roaming\DriverCure" => File/Directory not found.
"c:\users\TRISHA ECKARD\AppData\Roaming\SpeedyPC Software" => File/Directory not found.
"c:\programdata\SpeedyPC Software" => File/Directory not found.
"c:\programdata\Trymedia" => File/Directory not found.
c:\program files (x86)\Mplayer => Moved successfully.
c:\users\TRISHA ECKARD\AppData\Local\Wondershare => Moved successfully.
"c:\program files (x86)\Common Files\Wondershare" => File/Directory not found.
"c:\program files (x86)\Wondershare" => File/Directory not found.
"c:\programdata\Wondershare" => File/Directory not found.
"c:\windows\CouponPrinter.ocx" => File/Directory not found.
"c:\windows\couponprinter_x64.ocx" => File/Directory not found.
qxuaja => Service not found.
CouponPrinterService => Service not found.
 
==== End of Fixlog 08:54:39 ====
---------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by TRISHA ECKARD (administrator) on TRISHECKARD-PC on 15-05-2015 09:10:19
Running from C:\Users\TRISHA ECKARD\Desktop\cleaning
Loaded Profiles: TRISHA ECKARD (Available profiles: TRISHA ECKARD)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(深圳市驱动人生软件技术有限公司) C:\Program Files (x86)\DTLSoft\DriveTheLife\DTLService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {E1DDB031-F957-48F5-8AAB-D23BB1456174} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E1DDB031-F957-48F5-8AAB-D23BB1456174} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {547DE213-A994-49C1-935F-BBBF5F1CE3D8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24} URL = http://search.yahoo.com/search?fr=chr-atty&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {8D53B767-6A6F-4927-AED1-A337400AE472} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US91004D20150201&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {E1DDB031-F957-48F5-8AAB-D23BB1456174} URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-11-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-01]
FF HKU\S-1-5-21-4229564678-467282434-3073527574-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> https://mysearch.avg.com?cid={0E8006D4-3DC2-431F-98EE-6A60B7E102D1}&mid=32b0b23c852e03dac7e21469055d5a85-e3ebe072224450a68cde6901bec20a817729cdec&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-04-18 17:30:14&v=18.1.9.799&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "https://www.google.com/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (MEGA) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-05-01]
CHR Extension: (Bookmark Manager) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-24]
CHR Extension: (Skype Click to Call) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-23]
CHR Extension: (Google Wallet) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-01]
CHR HKU\S-1-5-21-4229564678-467282434-3073527574-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TRISHA~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-4229564678-467282434-3073527574-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DTLSvc6; C:\Program Files (x86)\DTLSoft\DriveTheLife\DTLService.exe [155488 2015-04-01] (深圳市驱动人生软件技术有限公司)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-28] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-03-26] (Phoenix Technologies) [File not signed]
R1 DtlDrvProtect; C:\Windows\System32\drivers\DtlDrvProtect64.sys [174832 2015-05-15] (深圳市驱动人生软件技术有限公司)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8222440 2012-04-06] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\TRISHA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-14 22:44 - 2015-05-14 22:53 - 00000000 ____D () C:\AdwCleaner
2015-05-14 22:27 - 2015-05-14 22:27 - 00000000 ____D () C:\Users\TRISHA ECKARD\Downloads\reinstall
2015-05-14 22:25 - 2015-05-15 09:09 - 00000000 ____D () C:\Users\TRISHA ECKARD\Desktop\cleaning
2015-05-13 19:59 - 2015-05-14 19:50 - 00001095 _____ () C:\Users\TRISHA ECKARD\Downloads\install info.txt
2015-05-12 23:14 - 2009-09-11 17:15 - 01002008 _____ (Intel Corporation) C:\Windows\SysWOW64\igxpun.exe
2015-05-12 22:56 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:56 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:15 - 2015-05-04 18:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:15 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:15 - 2015-04-21 19:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:15 - 2015-04-21 18:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:15 - 2015-04-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:15 - 2015-04-21 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:15 - 2015-04-21 09:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:15 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:15 - 2015-04-21 09:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:15 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:15 - 2015-04-21 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:15 - 2015-04-21 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:15 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:15 - 2015-04-21 09:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:15 - 2015-04-21 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:15 - 2015-04-21 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:15 - 2015-04-21 09:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:15 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:15 - 2015-04-21 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:15 - 2015-04-21 09:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:15 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:15 - 2015-04-21 09:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:15 - 2015-04-21 09:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:15 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:15 - 2015-04-21 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:15 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:15 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:15 - 2015-04-21 09:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:15 - 2015-04-21 09:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:15 - 2015-04-21 09:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:15 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:15 - 2015-04-21 08:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:15 - 2015-04-21 08:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:15 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:15 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:15 - 2015-04-21 08:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:15 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:15 - 2015-04-21 08:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:15 - 2015-04-21 08:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:15 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:15 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:15 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:15 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:15 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:15 - 2015-04-21 08:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:15 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:15 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:15 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:15 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:15 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:15 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:15 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:15 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:14 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:14 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:14 - 2015-04-21 09:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:14 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:14 - 2015-04-21 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:14 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:14 - 2015-04-21 09:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:14 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:14 - 2015-04-21 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:14 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:14 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:10 - 2015-04-27 12:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 21:10 - 2015-04-27 12:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:10 - 2015-04-27 12:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 21:10 - 2015-04-27 12:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 21:10 - 2015-04-27 12:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 21:10 - 2015-04-27 12:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 21:10 - 2015-04-27 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 21:10 - 2015-04-27 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 21:10 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 21:10 - 2015-04-27 12:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 21:10 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 21:10 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 21:10 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 21:10 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 21:10 - 2015-04-27 12:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 21:10 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 21:10 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 21:10 - 2015-04-27 10:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 21:10 - 2015-04-27 10:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 21:10 - 2015-04-27 10:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:10 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:10 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:10 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:10 - 2015-04-19 19:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:10 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:09 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:09 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:09 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 21:09 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 21:09 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 21:09 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:09 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 21:09 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 21:09 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 21:09 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 21:09 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 21:09 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:09 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:09 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-10 17:23 - 2015-05-10 17:23 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life 2
2015-05-10 03:14 - 2015-05-10 03:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Steam
2015-05-10 03:05 - 2015-05-10 03:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-07 17:00 - 2015-05-07 17:00 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\uccnobn.sys
2015-05-06 23:58 - 2015-05-07 00:46 - 00000974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Sierra Utilities.lnk
2015-05-06 23:58 - 2015-05-06 23:58 - 00000000 ____D () C:\Windows\solcache
2015-05-06 23:57 - 2015-05-06 23:58 - 00000000 ____D () C:\Program Files (x86)\Sierra On-Line
2015-05-06 23:57 - 1998-10-30 22:21 - 01022976 _____ (Cendant Software) C:\Windows\SysWOW64\SierraNW.dll
2015-05-06 23:57 - 1998-10-30 22:21 - 00231936 _____ (Cendant Software) C:\Windows\SysWOW64\SNWValid.dll
2015-05-06 23:56 - 2015-05-07 00:46 - 00000542 _____ () C:\Windows\SIERRA.INI
2015-05-06 23:54 - 2015-05-06 23:54 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\PowerISO
2015-05-04 19:56 - 2015-05-15 09:10 - 00000000 ____D () C:\FRST
2015-05-04 04:02 - 2015-05-04 04:02 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Steam
2015-05-04 04:00 - 2015-05-11 18:57 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-05-02 05:27 - 2015-05-02 05:27 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-02 05:27 - 2015-05-02 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-02 05:26 - 2015-05-02 05:27 - 00000000 ____D () C:\Program Files\iTunes
2015-05-02 05:26 - 2015-05-02 05:26 - 00000000 ____D () C:\Program Files\iPod
2015-05-02 05:22 - 2015-05-15 09:05 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 05:22 - 2015-05-02 05:22 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-02 05:22 - 2015-05-02 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-02 05:21 - 2015-05-02 05:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-02 05:21 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-02 05:21 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-02 05:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-02 05:06 - 2015-05-02 05:07 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2015-05-01 00:25 - 2015-05-15 01:36 - 00007637 _____ () C:\Users\TRISHA ECKARD\AppData\Local\resmon.resmoncfg
2015-04-30 18:09 - 2015-04-30 18:09 - 00039647 _____ () C:\ComboFix.txt
2015-04-30 17:48 - 2015-04-30 18:09 - 00000000 ____D () C:\ComboFix
2015-04-30 17:48 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-30 17:48 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-30 17:48 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-30 17:47 - 2015-04-30 18:09 - 00000000 ____D () C:\Qoobox
2015-04-30 17:46 - 2015-04-30 18:06 - 00000000 ____D () C:\Windows\erdnt
2015-04-30 05:02 - 2015-04-30 05:02 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\SKIDROW
2015-04-27 18:51 - 2015-04-27 18:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-27 18:49 - 2015-05-13 00:38 - 00000000 ____D () C:\Windows\pss
2015-04-27 00:06 - 2015-04-27 00:06 - 00003410 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4229564678-467282434-3073527574-1000
2015-04-27 00:04 - 2015-04-27 00:04 - 00003190 _____ () C:\Windows\System32\Tasks\RealCreateProcessScheduledTask179632062S-1-5-21-4229564678-467282434-3073527574-1000
2015-04-26 23:56 - 2015-04-30 23:37 - 00003274 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4229564678-467282434-3073527574-1000
2015-04-26 23:56 - 2015-04-26 23:56 - 00003390 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4229564678-467282434-3073527574-1000
2015-04-26 23:51 - 2015-04-28 05:51 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Real
2015-04-26 23:00 - 2015-05-10 17:37 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\HandBrake
2015-04-24 15:04 - 2015-04-24 15:04 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\WinRAR
2015-04-24 14:59 - 2015-04-24 14:59 - 00001137 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2015-04-24 14:59 - 2015-04-24 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-04-24 14:49 - 2015-04-24 14:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-24 14:48 - 2015-04-24 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-24 14:37 - 2015-04-24 14:37 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-24 14:36 - 2015-04-24 14:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-24 14:36 - 2015-04-24 14:36 - 00002049 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-24 14:36 - 2015-04-24 14:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-21 23:49 - 2015-04-21 23:50 - 00000000 ____D () C:\Program Files (x86)\hkSFV
2015-04-21 23:44 - 2015-05-10 21:16 - 00065121 _____ () C:\Windows\DirectX.log
2015-04-21 21:25 - 2015-04-21 21:26 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\AppClient
2015-04-21 06:14 - 2015-04-21 06:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\iFunbox_UserCache
2015-04-21 05:11 - 2015-04-21 05:11 - 00000000 ____D () C:\Users\TRISHA ECKARD\Documents\Monolith Productions
2015-04-20 07:05 - 2015-05-12 14:58 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-20 06:19 - 2015-05-15 09:04 - 00004406 _____ () C:\Windows\setupact.log
2015-04-20 06:19 - 2015-05-14 22:56 - 00140230 _____ () C:\Windows\PFRO.log
2015-04-20 01:48 - 2015-04-20 03:49 - 00000000 ____D () C:\Users\Public\Documents\TimeGate Studios
2015-04-19 16:08 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-19 16:08 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-19 16:07 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-19 16:07 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-19 16:07 - 2012-08-23 06:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-19 16:07 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-04-19 16:07 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-04-19 16:07 - 2012-08-23 02:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-18 14:48 - 2015-04-18 14:48 - 00000000 ____D () C:\Users\Public\Documents\Monolith Productions
2015-04-17 23:28 - 2015-04-18 14:21 - 00000525 _____ () C:\Windows\QIII.INI
2015-04-17 23:28 - 2015-04-17 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer.com
2015-04-17 23:26 - 1999-10-09 17:30 - 00305152 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-04-17 22:34 - 2015-05-14 19:56 - 00000000 ____D () C:\Users\TRISHA ECKARD\Documents\My Games
2015-04-16 19:00 - 2015-04-16 19:18 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\VOS
2015-04-15 03:12 - 2015-04-15 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 09:08 - 2009-09-22 20:31 - 01403086 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 09:04 - 2015-04-14 05:30 - 00174832 _____ (深圳市驱动人生软件技术有限公司) C:\Windows\system32\Drivers\dtldrvprotect64.sys
2015-05-15 09:04 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-15 09:03 - 2015-04-14 14:53 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForTRISHA ECKARD.job
2015-05-15 08:46 - 2012-04-23 18:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-14 23:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-14 23:33 - 2015-01-23 05:56 - 00000000 ____D () C:\Users\TRISHA ECKARD\Desktop\mikes
2015-05-14 23:30 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 23:30 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 22:56 - 2015-03-25 21:54 - 00000000 ____D () C:\Program Files\Google
2015-05-14 22:56 - 2010-08-26 10:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-14 22:30 - 2009-11-11 15:18 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-05-14 22:29 - 2010-08-26 10:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Google
2015-05-14 22:28 - 2015-03-20 21:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\uTorrent
2015-05-14 06:48 - 2015-02-18 05:41 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\CrashDumps
2015-05-13 05:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 04:51 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-13 04:44 - 2009-07-13 21:45 - 00328656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-12 23:16 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 23:16 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 23:15 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 23:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 23:13 - 2015-02-02 02:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 23:02 - 2015-02-02 02:23 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 22:55 - 2013-03-14 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 18:57 - 2015-03-24 18:23 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-05-11 18:26 - 2009-11-08 17:33 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\VirtualStore
2015-05-10 22:23 - 2010-10-01 19:26 - 00058880 ___SH () C:\Users\TRISHA ECKARD\Documents\Thumbs.db
2015-05-10 18:40 - 2015-03-18 00:51 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-07 17:00 - 2009-11-12 17:26 - 00000000 ____D () C:\Windows\hpojj4500
2015-05-06 21:04 - 2010-02-15 19:33 - 00021538 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\wklnhst.dat
2015-05-06 21:04 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-04 04:02 - 2015-02-20 06:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-02 05:27 - 2010-05-27 12:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-30 23:39 - 2015-02-14 02:39 - 00003048 _____ () C:\Windows\System32\Tasks\{21012C9F-4BA5-4959-A5DE-6A1B09592801}
2015-04-30 18:09 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2015-04-30 18:05 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-30 17:57 - 2009-08-31 17:02 - 00000000 ____D () C:\ProgramData\Temp
2015-04-30 05:39 - 2015-02-01 17:12 - 00001918 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2015-04-29 23:02 - 2009-11-08 17:32 - 00082240 _____ () C:\Users\TRISHA ECKARD\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-29 21:54 - 2009-11-27 10:38 - 00000000 ____D () C:\ProgramData\Recovery
2015-04-29 05:15 - 2009-08-31 17:01 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-04-29 05:15 - 2009-08-31 17:01 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-29 05:15 - 2009-08-31 17:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-29 05:15 - 2009-08-31 16:53 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-04-28 05:50 - 2009-11-08 17:27 - 00000000 ____D () C:\Users\TRISHA ECKARD
2015-04-26 19:10 - 2009-11-11 15:22 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Adobe
2015-04-26 19:09 - 2009-11-26 17:37 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Adobe
2015-04-24 20:59 - 2015-02-01 17:09 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-24 14:48 - 2010-05-23 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-24 14:38 - 2012-04-23 18:04 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-24 14:38 - 2012-04-23 18:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-24 14:38 - 2012-02-11 11:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-24 14:36 - 2009-11-26 17:39 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-22 20:27 - 2015-01-07 21:19 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2015-04-21 23:57 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-21 17:09 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\addins
2015-04-21 15:03 - 2015-04-14 14:53 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTRISHA ECKARD
2015-04-21 01:28 - 2015-01-24 15:32 - 00003706 _____ () C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2015-04-21 00:24 - 2009-11-08 17:35 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\PowerCinema
2015-04-20 06:55 - 2009-08-31 17:51 - 00000000 ____D () C:\hp
2015-04-20 06:55 - 2009-08-31 17:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-04-20 06:55 - 2009-08-31 17:25 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2015-04-20 06:54 - 2009-11-08 17:28 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Hewlett-Packard
2015-04-20 06:46 - 2009-11-11 15:22 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Macromedia
2015-04-20 03:09 - 2009-08-31 17:25 - 00000000 ____D () C:\Program Files (x86)\HP Games
2015-04-20 02:24 - 2009-08-31 17:11 - 00000872 _____ () C:\0
2015-04-20 02:02 - 2015-02-17 01:59 - 00000796 _____ () C:\Users\TRISHA ECKARD\Desktop\My Pictures - Shortcut.lnk
2015-04-19 18:38 - 2015-04-14 05:32 - 00000000 ____D () C:\ProgramData\DriveTheLife2013
2015-04-19 18:33 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-19 18:32 - 2009-07-13 19:34 - 95944704 _____ () C:\Windows\system32\config\software.bak
2015-04-19 18:32 - 2009-07-13 19:34 - 22020096 _____ () C:\Windows\system32\config\system.bak
2015-04-19 18:32 - 2009-07-13 19:34 - 05242880 _____ () C:\Windows\system32\config\default.bak
2015-04-19 18:32 - 2009-07-13 19:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-04-19 18:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 07:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 03:32 - 2014-12-10 04:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 03:32 - 2014-05-08 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 03:14 - 2014-02-25 04:02 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:12 - 2013-11-09 20:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 03:12 - 2013-11-09 20:28 - 00000000 ____D () C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2011-05-24 16:58 - 2011-09-20 16:48 - 0001854 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\GhostObjGAFix.xml
2015-04-20 02:01 - 2015-04-20 02:23 - 0000115 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\LogFile.txt
2015-02-09 04:22 - 2015-04-10 00:50 - 0000600 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\winscp.rnd
2010-02-15 19:33 - 2015-05-06 21:04 - 0021538 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\wklnhst.dat
2015-05-01 00:25 - 2015-05-15 01:36 - 0007637 _____ () C:\Users\TRISHA ECKARD\AppData\Local\resmon.resmoncfg
 
Some content of TEMP:
====================
C:\Users\TRISHA ECKARD\AppData\Local\Temp\Quarantine.exe
C:\Users\TRISHA ECKARD\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 01:56
 
==================== End Of Log ============================
 
booting up still is slow, the icon thats supposed to rotate doesnt rotate, screen will still go blank then reappear while logging in. Mcaffee doesnt seem to load/ run during bootup when its supposed to be (sometimes it loads late), sometimes windows action center will have the icon showing issues, that defender is turned off and the computer is vulnerable. It does seem to be getting better though.


#11 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:18 PM

Posted 15 May 2015 - 01:00 PM

Hi,

 

- Since when do these problems occur? Did you install something or changed something in the windows configuration for example?

- I'd advise you to re-install McAfee. Please follow-up these instructions from McAfee to completely remove McAfee from your computer. When done, please re-install McAfee and reboot the system.

- Did you disable Windows Defender yourself?

 

1. Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).

 

2. Start Farbar Recovery Scan Tool

  • If asked, click Yes at the Disclaimer window.

  • Please make sure Addition.txt is enabled.
  • Click Scan.
  • It will create 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste both into your reply.


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#12 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 18 May 2015 - 06:14 AM

Hey sorry it took me a few days. Well the computer is my moms computer. Her, me and my sister both use it. When i first started using it my mom only had Avg which was expired for probably sometime and may or may not have been updated like it should or set on a schedule. So i set it up to update regularly along with a daily scan. I also download a handfull of AV programs to run to make sure nothing was infected then deleted them. I then installed Malewarebytes as a helper. After that i wasnt supposed to be downloading anything but i was. Started with just movies and small things and eventually some pirated programs and some games. One of the pirated programs was hitmanpro, great program but the free version only last i think a month, so i looked for a cracked version and found one. when i ran it or installed it it was acting wierd. The computer froze up or something and it either rebooted or i had to reboot it. When i rebooted it didnt boot normally. It looked like ms-dos all black background with white script running. One of the things i saw in there was hitmanpro and it had some other writing with it. It looked like a virus. so i deleted it and started running scans but nothing came up. After that while trying to download some games i clicked on the wrong download link and instead of getting the .rar file i got a setup.exe of the game which i know now is a bogus link to install PUP's or other software. It happened a few times, sometimes i caught it in the middle of install and canceled sometimes it didnt work. Sometimes after install i would try and look for it in the installed programs section but couldnt find it. Ive been trying to keep up with maintenance with her computer, updating drives and all that. There were maybe 2 or 3 games i installed that said to disable the AV, lol i know how bad its sounds. And how dumb that would be. But since they were cracked games it kinda made sense in a way i guess, since the cracked games do kinda act like a virus in sense. I think those may have also contributed to the problem. I got rid of those too. 

 

This probably started a few months ago at least 4. Wasnt that bad until recently, seemed like something has infected mcaffee, it doesnt start normal or act normal along with windows. Deleting files like say under 10 gigs takes alot longer then usual as well as copy a file under 10 gigs. Used to go really fast like you could just watch the bar shoot to the right, now its like watching a snail run track. Honestly it feels like the computer was hacked. I reinstalled malewarebytes to make sure that wasnt corrupted, but it still doesnt find anything. I was getting ready to do mcaffee but my moms friend installed it for her. I found the cd key and the setup.exe but when i tried to install it it said the key was already in use. I didnt uninstall the mcaffee prior to tryin to install, i just wanted to make sure i had the right key before uninstalling it. So now im gonna have to get a hold of her friend to get the key or figure out how to reinstall it. Ill have those malewarebytes logs as well as the other for you in a few hours. Usually takes about 4 for a deep scan. As far as disabling windows defender no i didnt disable it, i figured mcaffee did.


Edited by enimen2, 18 May 2015 - 06:14 AM.


#13 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 18 May 2015 - 06:58 AM

Hey say theres a questionable file that AV keeps sending to quarantine and you upload it to virus total or metascan what kinda ratio range would be ok. I got this one thats questionable that i uploaded to both and to me the ratio was pretty good, not as good as 0 tho lol. for virus total it was 6/57 detection ratio and on metascan it was 3/44 which is so much better then 50/50. its a .dat file. With most games i get they dont usually get the AV going off but i got one pack that when i launch it, it makes a .dat file and mcaffee keeps sending it to quarantine saying its an artemis trojan (which i clicked on the more info button that took me to mcaffee's site and it said not found and couldnt give me any info). Everytime mcaffe grabs it, the program makes a new one then mcaffee will grab that one. it usually stops making them after maybe 5. They are only made when you launch the game too. If i scan the directory without a launch its fine, but as soon as i launch it mcaffee grabs it. Only thing visible i noticed was that without the file the game loads up really slow. It is a cracked game and i checked the sites that had it and no one mentioned a virus or anything. Which sometimes they do. Was just wondering as far as a ratio because i know they have false positives. 



#14 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:18 PM

Posted 18 May 2015 - 10:29 AM

Hi,

 

1. About the .dat file: Please go to VirusTotal and upload the .dat-file there. Allow this website to scan the file and post all scan results into your next reply.

 

2. If we ever can clean-up your PC, I really need you to uninstall all illegal software (no exceptions) from this computer. A lot of cracked/patched software (illegal downloads for example) installs malware or installs potentially unwanted programs (PUP's).

 

3. Once you've done that, please follow up all steps given in my previous reply.


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#15 enimen2

enimen2
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 18 May 2015 - 11:09 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 5/18/2015 3:26:17 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Starting, 
Protection, 5/18/2015 3:26:17 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Started, 
Protection, 5/18/2015 3:26:17 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/18/2015 3:26:17 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Started, 
Update, 5/18/2015 3:26:38 AM, SYSTEM, TRISHECKARD-PC, Manual, Remediation Database, 2013.10.16.1, 2015.5.13.1, 
Update, 5/18/2015 3:26:39 AM, SYSTEM, TRISHECKARD-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.5.16.1, 
Update, 5/18/2015 3:28:41 AM, SYSTEM, TRISHECKARD-PC, Manual, Malware Database, 2014.11.20.6, 2015.5.18.1, 
Update, 5/18/2015 3:28:56 AM, SYSTEM, TRISHECKARD-PC, Manual, program, 2.0.4.1028, 2.1.6.1022, 
Protection, 5/18/2015 3:29:26 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/18/2015 3:29:26 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/18/2015 3:29:26 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Stopping, 
Protection, 5/18/2015 3:29:27 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Stopped, 
Protection, 5/18/2015 3:29:55 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Starting, 
Protection, 5/18/2015 3:29:55 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Started, 
Protection, 5/18/2015 3:29:55 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/18/2015 3:29:55 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Started, 
Update, 5/18/2015 3:29:57 AM, SYSTEM, TRISHECKARD-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.5.16.1, 
Update, 5/18/2015 3:29:57 AM, SYSTEM, TRISHECKARD-PC, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1, 
Update, 5/18/2015 3:34:34 AM, SYSTEM, TRISHECKARD-PC, Manual, Malware Database, 2015.3.9.5, 2015.5.18.1, 
Protection, 5/18/2015 3:34:34 AM, SYSTEM, TRISHECKARD-PC, Protection, Refresh, Starting, 
Protection, 5/18/2015 3:34:34 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/18/2015 3:34:34 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/18/2015 3:34:43 AM, SYSTEM, TRISHECKARD-PC, Protection, Refresh, Success, 
Protection, 5/18/2015 3:34:43 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/18/2015 3:34:43 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Started, 
Protection, 5/18/2015 3:36:34 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/18/2015 3:36:34 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/18/2015 3:36:34 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Stopping, 
Protection, 5/18/2015 3:36:34 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Stopped, 
Protection, 5/18/2015 3:36:52 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Starting, 
Protection, 5/18/2015 3:36:52 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Started, 
Protection, 5/18/2015 3:37:03 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/18/2015 3:37:03 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Started, 
Scan, 5/18/2015 3:42:27 AM, SYSTEM, TRISHECKARD-PC, Manual, Start:5/18/2015 3:38:37 AM, Duration:3 min 49 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Protection, 5/18/2015 3:49:09 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Starting, 
Protection, 5/18/2015 3:49:09 AM, SYSTEM, TRISHECKARD-PC, Protection, Malware Protection, Started, 
Protection, 5/18/2015 3:49:09 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/18/2015 3:49:12 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Started, 
Update, 5/18/2015 6:29:30 AM, SYSTEM, TRISHECKARD-PC, Scheduler, Malware Database, 2015.5.18.1, 2015.5.18.3, 
Protection, 5/18/2015 6:29:30 AM, SYSTEM, TRISHECKARD-PC, Protection, Refresh, Starting, 
Protection, 5/18/2015 6:29:30 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/18/2015 6:29:31 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/18/2015 6:30:11 AM, SYSTEM, TRISHECKARD-PC, Protection, Refresh, Success, 
Protection, 5/18/2015 6:30:11 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/18/2015 6:30:12 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Started, 
Update, 5/18/2015 8:17:07 AM, SYSTEM, TRISHECKARD-PC, Scheduler, Malware Database, 2015.5.18.3, 2015.5.18.4, 
Protection, 5/18/2015 8:17:08 AM, SYSTEM, TRISHECKARD-PC, Protection, Refresh, Starting, 
Protection, 5/18/2015 8:17:08 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/18/2015 8:17:08 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/18/2015 8:17:42 AM, SYSTEM, TRISHECKARD-PC, Protection, Refresh, Success, 
Protection, 5/18/2015 8:17:42 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/18/2015 8:17:43 AM, SYSTEM, TRISHECKARD-PC, Protection, Malicious Website Protection, Started, 
Scan, 5/18/2015 8:50:24 AM, SYSTEM, TRISHECKARD-PC, Manual, Start:5/18/2015 4:16:44 AM, Duration:4 hr 33 min 38 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)
--------------------------------------------------------------------------------------------------------------------------
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/18/2015
Scan Time: 4:16:44 AM
Logfile: 1.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.18.01
Rootkit Database: v2015.05.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TRISHA ECKARD
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 855086
Time Elapsed: 4 hr, 33 min, 38 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
-----------------------------------------------------------------------------------
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by TRISHA ECKARD at 2015-05-18 09:03:12
Running from C:\Users\TRISHA ECKARD\Desktop\cleaning
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4229564678-467282434-3073527574-500 - Administrator - Disabled)
Guest (S-1-5-21-4229564678-467282434-3073527574-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4229564678-467282434-3073527574-1002 - Limited - Enabled)
TRISHA ECKARD (S-1-5-21-4229564678-467282434-3073527574-1000 - Administrator - Enabled) => C:\Users\TRISHA ECKARD
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Yahoo! Browser Configuration (HKLM-x32\...\AT&T Yahoo! Browser Configuration) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKU\S-1-5-21-4229564678-467282434-3073527574-1000\...\Half-Life 2) (Version:  - )
Half-Life Decay PC 1.0 (HKLM-x32\...\Half-Life Decay PC_is1) (Version:  - Vyacheslav Dzhura and Denys Zhatov)
Half-Life: Before (HKLM-x32\...\Steam App 261980) (Version:  - Andrii Vintsevych)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.140 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6461 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.154 - Realtek Semiconductor Corp.)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VoiceOver Kit (HKLM-x32\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
16-05-2015 03:00:15 Windows Update
18-05-2015 03:02:08 Removed Windows Live Toolbar
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-04-30 18:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05E9029A-9DC9-452B-BE3D-2EE68FF81140} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {0B394261-B1DE-4DC3-B9AA-8633885F7C89} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {0D7163B2-B32D-4FC6-83AD-0DD9D1D3539D} - System32\Tasks\{C40B9F13-CC71-42CA-9DF8-9EA68BB50FCA} => C:\Users\TRISHA ECKARD\Desktop\mikes\games\hitman 4\HitmanBloodMoney.exe
Task: {0FA735BB-5BCD-4CD3-8A27-4901438414EF} - System32\Tasks\{73D74106-4B1D-4A83-9A1F-D99ED12F8FC1} => pcalua.exe -a "C:\Users\TRISHA ECKARD\Desktop\mikes\games\Hitman Codename 47 - (Www.ApunKaGames.Net)\Setup.exe" -d "C:\Users\TRISHA ECKARD\Desktop\mikes\games\Hitman Codename 47 - (Www.ApunKaGames.Net)"
Task: {15E1CF4F-F755-4182-B111-D747CFC55CCB} - \RealPlayer Cloud (32-bit)  No Task File <==== ATTENTION
Task: {24CB1803-2420-4D68-B8E0-EF2892580D50} - System32\Tasks\{121745B1-63AD-4960-BE72-597C818BDB05} => C:\Users\TRISHA ECKARD\Desktop\mikes\games\hitman 4\HitmanBloodMoney.exe
Task: {298C6870-7FEE-4D98-97BC-4D8F53C98F4B} - System32\Tasks\{26B84521-195E-4536-BC73-BE7107EBBA0B} => C:\Users\TRISHA ECKARD\Desktop\mikes\games\Hitman 4\Hitman 4 Blood Money\HitmanBloodMoney.exe
Task: {2A50ED63-61D8-4C78-A951-803F15CB827E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {35202B0B-48D8-48FE-84FD-676D6B4630DA} - System32\Tasks\{BF6911CA-F8BA-41E6-9B78-11AA1B112436} => pcalua.exe -a "C:\Users\TRISHA ECKARD\Downloads\Install_CopyTransControlCenter.exe" -d "C:\Users\TRISHA ECKARD\Downloads"
Task: {3574FD53-92C0-48FF-B1EF-9FC240BC74BC} - System32\Tasks\GoogleUpdateTaskMachineUA1d0403a1bd729bc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {3A9FD1BF-8E89-46F3-87E0-8C75A75B9085} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4229564678-467282434-3073527574-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {3C209098-522C-40DA-B43F-15A0FF6B1793} - System32\Tasks\RealCreateProcessScheduledTask179632062S-1-5-21-4229564678-467282434-3073527574-1000 => C:\Program Files (x86)\Real\RealPlayer\realplay.exe
Task: {4E98C7A0-3F65-42F8-876C-A0E38635304E} - \SpeedyPC Registration3 No Task File <==== ATTENTION
Task: {5B1CD536-B66B-43A8-8E77-EFA523ED776C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6D44D03D-1170-43DB-9837-416BF393D141} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-15] (Adobe Systems Incorporated)
Task: {71F2329C-3FD6-4353-928D-1C6FAFA0B8CE} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: {72E415AB-1CE8-41B9-AFE2-9B338557A06F} - System32\Tasks\HPCeeScheduleForTRISHA ECKARD => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {811D7FB7-DF63-4A9F-B730-D4385B0B1B06} - System32\Tasks\{AAF22062-42F5-4A2C-8ABE-54CBAB097AF0} => C:\Users\TRISHA ECKARD\Desktop\mikes\games\hitman 4\HitmanBloodMoney.exe
Task: {82F3BD3C-9C8D-4EDB-AE19-8AB327FE1527} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {83536DA4-2ADB-4BB3-AC17-F25EA5B4D010} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {8B2AB6B5-9394-4217-9A8C-044EABCF72C8} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {982DB9C2-E5BE-48AA-B820-89DFD882E0CC} - System32\Tasks\{91FE2DD9-D98F-49FC-9602-FE860B31F21D} => C:\Users\TRISHA ECKARD\Desktop\mikes\games\hitman 4\HitmanBloodMoney.exe
Task: {983C3797-26C4-4BEE-A825-FDCFBD059D4F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4229564678-467282434-3073527574-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {9E07D2DC-4E32-4174-9482-49FBA1D91181} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {A1C54B90-F589-4C47-82B4-6CA5510B26F6} - System32\Tasks\{F10550B6-B491-44D3-87E4-B3C295C16040} => C:\Users\TRISHA ECKARD\Desktop\mikes\games\Hitman 4\Hitman 4 Blood Money\HitmanBloodMoney.exe
Task: {A5D8A447-36FA-43E9-B770-8EA0E9D760B0} - System32\Tasks\{212384A3-2CC9-408A-B2DC-84376ABB1B16} => C:\Users\TRISHA ECKARD\Desktop\mikes\games\hitman 4\HitmanBloodMoney.exe
Task: {BE7D68E3-678C-4374-9601-4FC690C45126} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {C20CD5DA-9AB0-45AD-99C8-D75A1C6C220E} - System32\Tasks\{21012C9F-4BA5-4959-A5DE-6A1B09592801} => C:\Program Files (x86)\VOWSoft iPod Software\plist Editor Pro\plistEditor.exe
Task: {C32199D8-88D6-491A-AE5A-541590E0559C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4229564678-467282434-3073527574-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {C4085AED-EAD4-4FE7-A3FC-801215EF5A15} - System32\Tasks\{25181C64-3A38-4C32-A021-7B7991E90F20} => C:\Users\TRISHA ECKARD\Desktop\mikes\games\hitman 4\HitmanBloodMoney.exe
Task: {C45C84AC-C76B-4F08-B9D3-BD189DA5C730} - System32\Tasks\{EEB3DF33-B4DA-47B1-B682-B53AFBA32033} => C:\Users\TRISHA ECKARD\Desktop\mikes\games\hitman 4\HitmanBloodMoney.exe
Task: {CB6FC83A-95DF-4C9A-8B01-4F21D50BCF5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D560DE41-86F5-4C55-BAEB-B199FDC100B4} - System32\Tasks\{3B2734DD-FA4F-44F7-8C4B-8613505ED37B} => pcalua.exe -a "C:\Users\TRISHA ECKARD\Desktop\cydia\cydiainstaller.exe" -d "C:\Users\TRISHA ECKARD\Desktop\cydia"
Task: {DA8AE8C5-3A71-4600-AB82-CFD5C99E1CC2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DF5B5705-0FFA-4521-8BCC-C44298F96372} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10] (Oracle Corporation)
Task: {E9F6E875-C89F-4906-99A4-39C70473303D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EEC94780-DACA-4A48-BD84-34F6CE4C9C08} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FB7F9470-B2C8-45CB-923A-CDA14C8B2502} - System32\Tasks\{0FA5E3DC-B6F4-4BE5-91B2-BCEC2E827E0C} => C:\Users\TRISHA ECKARD\Desktop\mikes\games\hitman 4\HitmanBloodMoney.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0403a1bd729bc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTRISHA ECKARD.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-10 22:09 - 2010-12-06 13:28 - 00103760 _____ () C:\Users\TRISHA ECKARD\Desktop\mikes\games\Half Lifa Saga testing\HL2\Half-Life 2\hl2.exe
2012-05-30 21:06 - 2012-05-30 21:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 21:06 - 2012-05-30 21:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-05 13:45 - 2009-08-05 13:45 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-04-24 15:22 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-04-24 15:22 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-04-24 14:31 - 2015-04-13 14:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00173400 _____ () C:\Users\TRISHA ECKARD\Desktop\mikes\games\Half Lifa Saga testing\HL2\Half-Life 2\bin\launcher.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00234832 _____ () C:\Users\TRISHA ECKARD\Desktop\mikes\games\Half Lifa Saga testing\HL2\Half-Life 2\bin\tier0.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00177496 _____ () C:\Users\TRISHA ECKARD\Desktop\mikes\games\Half Lifa Saga testing\HL2\Half-Life 2\bin\vstdlib.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00288104 _____ () C:\Users\TRISHA ECKARD\Desktop\mikes\games\Half Lifa Saga testing\HL2\Half-Life 2\bin\filesystem_steam.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 03962192 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\engine.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00116064 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\inputsystem.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 01017184 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\materialsystem.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00243032 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\datacache.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00460128 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\studiorender.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00931160 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\vphysics.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00120152 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\valve_avi.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 01234272 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\vguimatsurface.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 11213288 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\libcef.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00349520 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\vgui2.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 01500512 _____ () C:\Users\TRISHA ECKARD\Desktop\mikes\games\Half Lifa Saga testing\HL2\Half-Life 2\bin\shaderapidx9.dll
2015-05-10 22:09 - 2010-09-18 12:31 - 00512000 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\steamclient.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00169312 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\stdshader_dbg.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00243040 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\stdshader_dx6.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00181600 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\stdshader_dx7.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00365920 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\stdshader_dx8.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00550240 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\stdshader_dx9.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00083288 _____ () C:\Users\TRISHA ECKARD\Desktop\mikes\games\Half Lifa Saga testing\HL2\Half-Life 2\bin\unicode.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 04556112 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\hl2\bin\client.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 07165264 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\hl2\bin\server.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00132456 _____ () C:\Users\TRISHA ECKARD\Desktop\mikes\games\Half Lifa Saga testing\HL2\Half-Life 2\bin\soundemittersystem.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00087392 _____ () C:\Users\TRISHA ECKARD\Desktop\mikes\games\Half Lifa Saga testing\HL2\Half-Life 2\bin\scenefilecache.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 01791312 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\gameui.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00083296 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\vaudio_miles.dll
2015-05-10 22:09 - 2010-12-06 13:28 - 00372736 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\mss32.dll
2015-05-10 22:02 - 2010-12-06 13:28 - 00149504 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\mssmp3.asi
2015-05-10 22:02 - 2010-12-06 13:28 - 00214528 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\mssvoice.asi
2015-05-10 22:09 - 2010-12-06 13:28 - 00845152 _____ () c:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\bin\serverbrowser.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TRISHA ECKARD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: Steam => "C:\Users\TRISHA ECKARD\Desktop\mikes\games\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\TRISHA ECKARD\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{F9D73D0B-8EE4-4252-913C-111FF235A3AF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{B5275937-045E-4614-86BC-D6BF9CB63979}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{35819E7A-373A-4974-A9D1-5FD017F01604}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{F1F2231F-C868-4998-86C5-B9002BF912FE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{2E261653-1D09-4083-9773-DEC2E477DD07}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{0988B318-A9E6-4101-879B-1A3CE28DBBAB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{49AF44C2-08DC-405C-821D-B58D85941C62}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{EAB7A3EF-805B-4683-AEA8-7281F7E36E8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{7CEE8348-5FA3-449D-82D0-B56EAA0CCAF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{EAE541BA-8446-4539-AD2C-8AD5445666EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9D2F75FF-9F02-4A23-8469-C00695F63AC0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C433F235-5267-4B73-AD51-F6ECF6793BF3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{F5A8793D-F9B9-47E2-9656-311FFD0AB430}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{ED2ECC05-A565-440A-BACC-9CDDE5A384F8}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{C88182FE-F8D6-488F-AF9D-813E247BD0BC}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{7E4A0F44-43FC-42BC-A602-FE3D689C7EDF}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{DF8B2F66-15EC-4BB6-AD5F-322105BF0649}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{13FA4D10-8732-4AB4-BD13-B7F73A05EB5D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9460C841-4E0D-49D3-8064-26887350FC50}] => (Allow) LPort=2869
FirewallRules: [{9503EBF3-4572-486B-B3E2-530690DB9325}] => (Allow) LPort=1900
FirewallRules: [{71054222-A2E5-407A-8185-B9E242BC9606}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0D38E734-C379-424C-9A62-1136E64F8EA4}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{4D15BC22-777C-4785-9EED-4C8107728B68}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{5CE9381D-9981-4921-B0DC-DA7ACD5148CC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{82BD2086-8DCF-479D-B0CA-C89AD9E5EB69}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{10595244-50A6-495D-8343-EF208420AA9A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{C351341A-15F7-4330-B7E3-5F0E7D331339}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{A8D90898-CC99-4239-8BE0-5B742E1FC140}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [TCP Query User{DF8D4E23-A252-4F21-8459-42BB22159737}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Allow) C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe
FirewallRules: [UDP Query User{2555FA83-B74B-4B56-89EB-6402DD3F5177}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Allow) C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe
FirewallRules: [{47C58B32-38E9-4A51-B18C-2C9B71F4CBAE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{79CCFC21-877B-4E3C-B91F-4CEFB3A62558}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{54834E86-A8FC-4D96-9B10-677BE05BAD5C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1544137E-587D-4261-A990-335E450DFE11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{512D9FA2-8C74-4349-96F4-265F63591BA5}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Block) C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe
FirewallRules: [UDP Query User{8E80D19C-1087-4BC8-8FD1-D10A5D0CF57B}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Block) C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe
FirewallRules: [TCP Query User{3AE96A13-27EE-454C-A525-C9B2ACD7AC7E}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe] => (Block) C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe
FirewallRules: [UDP Query User{1D603A16-76F3-4574-9841-E3ED904ACC98}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe] => (Block) C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe
FirewallRules: [{7D1F5E83-F996-4D4A-AC52-7228C8EE10EE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{CB178B71-1F27-4FC3-B49A-654125A08BBC}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{BA07D0DB-1521-4653-9C73-1CD1D1860EC1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{7B506F71-E5AE-420E-8AFB-0377D515419F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E533D03C-C6FA-430D-B8A3-FABC44E06626}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{53EC04FA-F41F-4071-B512-85A904AF1EFC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{48C3AC95-77C5-43A4-8549-337534290907}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42A55082-1548-4496-96DA-540494B944AF}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DriveTheLife.exe
FirewallRules: [{95B19F0B-F9D0-453A-84BA-23666FF0D190}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DTLService.exe
FirewallRules: [{58D40F3F-091C-4288-9051-540980DFCB12}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe
FirewallRules: [{63CF94A5-4DFD-4279-BA6C-7DDBCB111B04}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2B8FE71E-94D2-4B32-B2FD-D5337E1FE1D2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{ADB78C91-29AF-43C5-9CDD-EB6F65FCB526}] => (Allow) C:\Users\TRISHA ECKARD\Desktop\mikes\games\Steam\Steam.exe
FirewallRules: [{5340F0E7-DCEC-43AA-9105-CE7E627A6EBC}] => (Allow) C:\Users\TRISHA ECKARD\Desktop\mikes\games\Steam\Steam.exe
FirewallRules: [{FD6AA63B-061A-4D4F-B6AC-FBC35CAC8FAE}] => (Allow) C:\Users\TRISHA ECKARD\Desktop\mikes\games\Steam\bin\steamwebhelper.exe
FirewallRules: [{B2B4BEE6-0BBF-435D-81C0-C63B73B4D2ED}] => (Allow) C:\Users\TRISHA ECKARD\Desktop\mikes\games\Steam\bin\steamwebhelper.exe
FirewallRules: [{C8EF76F1-3FDB-447B-B713-C7F7C5BA4ED7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{FEF5604D-A364-4876-B05B-061FE6E9E53B}] => (Allow) C:\Users\TRISHA ECKARD\Desktop\mikes\games\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{033C0D57-F1E6-4CCC-9E85-469B002AA3DB}] => (Allow) C:\Users\TRISHA ECKARD\Desktop\mikes\games\Steam\steamapps\common\Half-Life\hl.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/18/2015 07:23:49 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (05/18/2015 03:03:38 AM) (Source: MsiInstaller) (EventID: 11303) (User: TRISHECKARD-PC)
Description: Product: Windows Live Toolbar -- Error 1303. The installer has insufficient privileges to access this directory: C:\Config.Msi.  The installation cannot continue.  Log on as administrator or contact your system administrator.
 
Error: (05/18/2015 03:02:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: MSI8C28.tmp_unloaded, version: 0.0.0.0, time stamp: 0x451b1b47
Exception code: 0xc0000005
Fault offset: 0x007dadbf
Faulting process id: 0x1fe0
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3
 
Error: (05/17/2015 05:13:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x521fab2e
Faulting module name: client.dll_unloaded, version: 0.0.0.0, time stamp: 0x47f297aa
Exception code: 0xc0000005
Fault offset: 0x08da2d00
Faulting process id: 0x5e4
Faulting application start time: 0xhl.exe0
Faulting application path: hl.exe1
Faulting module path: hl.exe2
Report Id: hl.exe3
 
Error: (05/17/2015 05:00:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x521fab2e
Faulting module name: client.dll_unloaded, version: 0.0.0.0, time stamp: 0x47f297aa
Exception code: 0xc0000005
Fault offset: 0x07472d00
Faulting process id: 0xce4
Faulting application start time: 0xhl.exe0
Faulting application path: hl.exe1
Faulting module path: hl.exe2
Report Id: hl.exe3
 
Error: (05/17/2015 04:40:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl.exe, version: 1.1.1.1, time stamp: 0x521fab2e
Faulting module name: client.dll_unloaded, version: 0.0.0.0, time stamp: 0x47f297aa
Exception code: 0xc0000005
Fault offset: 0x09cc2d00
Faulting process id: 0xa80
Faulting application start time: 0xhl.exe0
Faulting application path: hl.exe1
Faulting module path: hl.exe2
Report Id: hl.exe3
 
Error: (05/17/2015 04:22:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4445c334
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7493e4e4
Faulting process id: 0x1308
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3
 
Error: (05/17/2015 03:14:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x4c525184
Faulting module name: client.dll, version: 0.0.0.0, time stamp: 0x4c630d60
Exception code: 0xc0000005
Fault offset: 0x001b247f
Faulting process id: 0x1bd8
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3
 
Error: (05/14/2015 06:48:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x470c11ae
Faulting module name: client.dll, version: 0.0.0.0, time stamp: 0x504ecc4f
Exception code: 0xc0000005
Fault offset: 0x00362edd
Faulting process id: 0x19a0
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3
 
Error: (05/14/2015 06:30:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hl2.exe, version: 0.0.0.0, time stamp: 0x470c11ae
Faulting module name: client.dll, version: 0.0.0.0, time stamp: 0x504ecc4f
Exception code: 0xc0000005
Fault offset: 0x00362edd
Faulting process id: 0x1cec
Faulting application start time: 0xhl2.exe0
Faulting application path: hl2.exe1
Faulting module path: hl2.exe2
Report Id: hl2.exe3
 
 
System errors:
=============
Error: (05/18/2015 03:55:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (05/18/2015 03:55:01 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/18/2015 03:51:07 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/18/2015 03:48:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: 
%%1058
 
Error: (05/18/2015 03:36:44 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error: 
%%5
 
Error: (05/18/2015 03:36:44 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (05/18/2015 03:36:43 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error: 
%%5
 
Error: (05/18/2015 03:36:43 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (05/18/2015 03:36:42 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DelayedAutostart with the following error: 
%%5
 
Error: (05/18/2015 03:36:42 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (05/18/2015 07:23:49 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 
 
Error: (05/18/2015 03:03:38 AM) (Source: MsiInstaller) (EventID: 11303) (User: TRISHECKARD-PC)
Description: Product: Windows Live Toolbar -- Error 1303. The installer has insufficient privileges to access this directory: C:\Config.Msi.  The installation cannot continue.  Log on as administrator or contact your system administrator.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/18/2015 03:02:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsiExec.exe5.0.7601.175144ce792c4MSI8C28.tmp_unloaded0.0.0.0451b1b47c0000005007dadbf1fe001d09151c4814155C:\Windows\syswow64\MsiExec.exeMSI8C28.tmp0cd789f6-fd45-11e4-8cb4-90e6ba1ce441
 
Error: (05/17/2015 05:13:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hl.exe1.1.1.1521fab2eclient.dll_unloaded0.0.0.047f297aac000000508da2d005e401d090ff195ab96cC:\Users\TRISHA ECKARD\Desktop\mikes\games\Steam\steamapps\common\Half-Life\hl.execlient.dllc2ee0dd9-fcf2-11e4-8cb4-90e6ba1ce441
 
Error: (05/17/2015 05:00:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hl.exe1.1.1.1521fab2eclient.dll_unloaded0.0.0.047f297aac000000507472d00ce401d090fd8a3d7419C:\Users\TRISHA ECKARD\Desktop\mikes\games\Steam\steamapps\common\Half-Life\hl.execlient.dlle8f81840-fcf0-11e4-8cb4-90e6ba1ce441
 
Error: (05/17/2015 04:40:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hl.exe1.1.1.1521fab2eclient.dll_unloaded0.0.0.047f297aac000000509cc2d00a8001d090fa9c7ccac9C:\Users\TRISHA ECKARD\Desktop\mikes\work2\Half-Life\hl.execlient.dll1df1550d-fcee-11e4-8cb4-90e6ba1ce441
 
Error: (05/17/2015 04:22:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hl2.exe0.0.0.04445c334unknown0.0.0.000000000c00000057493e4e4130801d090f84e22d51dC:\Users\TRISHA ECKARD\Desktop\mikes\games\hl2 test\hl2.exeunknowna73968a9-fceb-11e4-8cb4-90e6ba1ce441
 
Error: (05/17/2015 03:14:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hl2.exe0.0.0.04c525184client.dll0.0.0.04c630d60c0000005001b247f1bd801d090720feb47b8C:\Users\TRISHA ECKARD\Desktop\mikes\games\Half Lifa Saga testing\HL2\Half-Life 2\hl2.exec:\users\trisha eckard\desktop\mikes\games\half lifa saga testing\hl2\half-life 2\hl2\bin\client.dll8b566412-fc7d-11e4-8b77-90e6ba1ce441
 
Error: (05/14/2015 06:48:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hl2.exe0.0.0.0470c11aeclient.dll0.0.0.0504ecc4fc000000500362edd19a001d08e4a4dff2b46C:\Users\TRISHA ECKARD\Desktop\mikes\games\Steam\steamapps\common\Source SDK Base 2007\hl2.exec:\users\trisha eckard\desktop\mikes\games\steam\steamapps\sourcemods\bms\bin\client.dllf0b74d35-fa3f-11e4-a8c2-90e6ba1ce441
 
Error: (05/14/2015 06:30:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hl2.exe0.0.0.0470c11aeclient.dll0.0.0.0504ecc4fc000000500362edd1cec01d08e3b30e94bd4C:\Users\TRISHA ECKARD\Desktop\mikes\games\Steam\steamapps\common\Source SDK Base 2007\hl2.exec:\users\trisha eckard\desktop\mikes\games\steam\steamapps\sourcemods\bms\bin\client.dll6e3ed708-fa3d-11e4-a8c2-90e6ba1ce441
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-30 18:03:44.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-30 18:03:44.647
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:23.272
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:23.131
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.991
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.882
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.676
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.540
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.337
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-26 02:53:22.228
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 69%
Total physical RAM: 5110.23 MB
Available physical RAM: 1550.87 MB
Total Pagefile: 10218.66 MB
Available Pagefile: 6358.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:453.76 GB) (Free:330.4 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.9 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (OJ_J4500) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
-----------------------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by TRISHA ECKARD (administrator) on TRISHECKARD-PC on 18-05-2015 09:01:54
Running from C:\Users\TRISHA ECKARD\Desktop\cleaning
Loaded Profiles: TRISHA ECKARD (Available profiles: TRISHA ECKARD)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
() C:\Users\TRISHA ECKARD\Desktop\mikes\games\Half Lifa Saga testing\HL2\Half-Life 2\hl2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\3.0.291.1\mcupdatemgr.exe
Failed to access process -> dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4229564678-467282434-3073527574-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {E1DDB031-F957-48F5-8AAB-D23BB1456174} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E1DDB031-F957-48F5-8AAB-D23BB1456174} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {547DE213-A994-49C1-935F-BBBF5F1CE3D8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24} URL = http://search.yahoo.com/search?fr=chr-atty&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {8D53B767-6A6F-4927-AED1-A337400AE472} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US91004D20150201&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> {E1DDB031-F957-48F5-8AAB-D23BB1456174} URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {236FE2ED-19AA-4392-A880-DA19F61AE10C} ->  No File
BHO-x32: No Name -> {236FE2ED-19AA-4392-A880-DA19F61AE10C} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4229564678-467282434-3073527574-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-20] (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-11-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-01]
FF HKU\S-1-5-21-4229564678-467282434-3073527574-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> https://mysearch.avg.com?cid={0E8006D4-3DC2-431F-98EE-6A60B7E102D1}&mid=32b0b23c852e03dac7e21469055d5a85-e3ebe072224450a68cde6901bec20a817729cdec&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-04-18 17:30:14&v=18.1.9.799&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "https://www.google.com/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (MEGA) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-05-01]
CHR Extension: (Bookmark Manager) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-24]
CHR Extension: (Skype Click to Call) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-23]
CHR Extension: (Google Wallet) - C:\Users\TRISHA ECKARD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-01]
CHR HKU\S-1-5-21-4229564678-467282434-3073527574-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TRISHA~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-4229564678-467282434-3073527574-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-28] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-03-26] (Phoenix Technologies) [File not signed]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8222440 2012-04-06] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\TRISHA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-18 08:58 - 2015-05-18 08:58 - 00005848 _____ () C:\Users\TRISHA ECKARD\Desktop\2.txt
2015-05-18 08:58 - 2015-05-18 08:58 - 00001061 _____ () C:\Users\TRISHA ECKARD\Desktop\1.txt
2015-05-18 04:42 - 2015-05-18 04:43 - 00002815 _____ () C:\Users\TRISHA ECKARD\Downloads\Metascan.txt
2015-05-18 04:42 - 2015-05-18 04:43 - 00001559 _____ () C:\Users\TRISHA ECKARD\Downloads\virus total.txt
2015-05-18 03:26 - 2015-05-18 03:54 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 03:24 - 2015-05-18 03:29 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-18 03:24 - 2015-05-18 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-18 03:24 - 2015-05-18 03:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-18 03:24 - 2015-05-18 03:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-18 03:24 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 03:24 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 03:24 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-18 03:02 - 2015-05-18 03:03 - 00000370 _____ () C:\Windows\SysWOW64\UnInstall.log
2015-05-18 02:46 - 2015-05-18 02:46 - 00000066 _____ () C:\Windows\wininit.ini
2015-05-17 15:06 - 2015-05-17 15:06 - 00750280 _____ () C:\Windows\Minidump\051715-69248-01.dmp
2015-05-17 15:05 - 2015-05-17 15:05 - 583277543 _____ () C:\Windows\MEMORY.DMP
2015-05-15 18:47 - 2015-05-15 18:50 - 00000696 _____ () C:\Users\TRISHA ECKARD\Downloads\install info.txt
2015-05-15 17:57 - 2015-05-15 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Half-Life Decay
2015-05-15 15:29 - 2015-05-15 15:29 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Yahoo!
2015-05-15 15:29 - 2015-05-15 15:29 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\NanoService
2015-05-15 15:29 - 2015-05-15 15:29 - 00000000 ____D () C:\Program Files\Yahoo!
2015-05-15 15:27 - 2015-05-15 15:48 - 06103040 _____ () C:\Program Files (x86)\GUT1BA2.tmp
2015-05-15 15:27 - 2015-05-15 15:27 - 00000000 ____D () C:\Program Files (x86)\GUM1B92.tmp
2015-05-14 22:44 - 2015-05-18 03:19 - 00000000 ____D () C:\AdwCleaner
2015-05-14 22:25 - 2015-05-18 04:15 - 00000000 ____D () C:\Users\TRISHA ECKARD\Desktop\cleaning
2015-05-12 23:14 - 2009-09-11 17:15 - 01002008 _____ (Intel Corporation) C:\Windows\SysWOW64\igxpun.exe
2015-05-12 22:56 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:56 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:15 - 2015-05-04 18:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:15 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:15 - 2015-04-21 19:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:15 - 2015-04-21 18:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:15 - 2015-04-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:15 - 2015-04-21 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:15 - 2015-04-21 09:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:15 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:15 - 2015-04-21 09:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:15 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:15 - 2015-04-21 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:15 - 2015-04-21 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:15 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:15 - 2015-04-21 09:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:15 - 2015-04-21 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:15 - 2015-04-21 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:15 - 2015-04-21 09:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:15 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:15 - 2015-04-21 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:15 - 2015-04-21 09:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:15 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:15 - 2015-04-21 09:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:15 - 2015-04-21 09:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:15 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:15 - 2015-04-21 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:15 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:15 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:15 - 2015-04-21 09:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:15 - 2015-04-21 09:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:15 - 2015-04-21 09:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:15 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:15 - 2015-04-21 08:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:15 - 2015-04-21 08:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:15 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:15 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:15 - 2015-04-21 08:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:15 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:15 - 2015-04-21 08:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:15 - 2015-04-21 08:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:15 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:15 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:15 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:15 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:15 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:15 - 2015-04-21 08:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:15 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:15 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:15 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:15 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:15 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:15 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:15 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:15 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:14 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:14 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:14 - 2015-04-21 09:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:14 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:14 - 2015-04-21 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:14 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:14 - 2015-04-21 09:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:14 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:14 - 2015-04-21 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:14 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:14 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:10 - 2015-04-27 12:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 21:10 - 2015-04-27 12:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:10 - 2015-04-27 12:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 21:10 - 2015-04-27 12:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 21:10 - 2015-04-27 12:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 21:10 - 2015-04-27 12:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 21:10 - 2015-04-27 12:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 21:10 - 2015-04-27 12:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 21:10 - 2015-04-27 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 21:10 - 2015-04-27 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 21:10 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 21:10 - 2015-04-27 12:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 21:10 - 2015-04-27 12:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 21:10 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 21:10 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 21:10 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 21:10 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 21:10 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 21:10 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 21:10 - 2015-04-27 12:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 21:10 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 21:10 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 11:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 21:10 - 2015-04-27 10:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 21:10 - 2015-04-27 10:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 21:10 - 2015-04-27 10:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:10 - 2015-04-27 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:10 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:10 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:10 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:10 - 2015-04-19 19:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:10 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:09 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:09 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:09 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 21:09 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 21:09 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 21:09 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:09 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 21:09 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 21:09 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 21:09 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 21:09 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 21:09 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:09 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:09 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-10 17:23 - 2015-05-10 17:23 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life 2
2015-05-10 03:14 - 2015-05-10 03:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Steam
2015-05-10 03:05 - 2015-05-10 03:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-07 17:00 - 2015-05-07 17:00 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\uccnobn.sys
2015-05-06 23:58 - 2015-05-06 23:58 - 00000000 ____D () C:\Windows\solcache
2015-05-06 23:57 - 1998-10-30 22:21 - 01022976 _____ (Cendant Software) C:\Windows\SysWOW64\SierraNW.dll
2015-05-06 23:57 - 1998-10-30 22:21 - 00231936 _____ (Cendant Software) C:\Windows\SysWOW64\SNWValid.dll
2015-05-06 23:56 - 2015-05-07 00:46 - 00000542 _____ () C:\Windows\SIERRA.INI
2015-05-06 23:54 - 2015-05-06 23:54 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\PowerISO
2015-05-04 19:56 - 2015-05-18 09:02 - 00000000 ____D () C:\FRST
2015-05-04 04:02 - 2015-05-04 04:02 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Steam
2015-05-04 04:00 - 2015-05-11 18:57 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-05-02 05:27 - 2015-05-02 05:27 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-02 05:27 - 2015-05-02 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-02 05:26 - 2015-05-02 05:27 - 00000000 ____D () C:\Program Files\iTunes
2015-05-02 05:26 - 2015-05-02 05:26 - 00000000 ____D () C:\Program Files\iPod
2015-05-02 05:06 - 2015-05-02 05:07 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2015-05-01 00:25 - 2015-05-15 01:36 - 00007637 _____ () C:\Users\TRISHA ECKARD\AppData\Local\resmon.resmoncfg
2015-04-30 18:09 - 2015-04-30 18:09 - 00039647 _____ () C:\ComboFix.txt
2015-04-30 17:48 - 2015-04-30 18:09 - 00000000 ____D () C:\ComboFix
2015-04-30 17:48 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-30 17:48 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-30 17:48 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-30 17:48 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-30 17:47 - 2015-04-30 18:09 - 00000000 ____D () C:\Qoobox
2015-04-30 17:46 - 2015-04-30 18:06 - 00000000 ____D () C:\Windows\erdnt
2015-04-30 05:02 - 2015-04-30 05:02 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\SKIDROW
2015-04-27 18:51 - 2015-04-27 18:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-27 18:49 - 2015-05-13 00:38 - 00000000 ____D () C:\Windows\pss
2015-04-27 00:06 - 2015-04-27 00:06 - 00003410 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4229564678-467282434-3073527574-1000
2015-04-27 00:04 - 2015-04-27 00:04 - 00003190 _____ () C:\Windows\System32\Tasks\RealCreateProcessScheduledTask179632062S-1-5-21-4229564678-467282434-3073527574-1000
2015-04-26 23:56 - 2015-04-30 23:37 - 00003274 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4229564678-467282434-3073527574-1000
2015-04-26 23:56 - 2015-04-26 23:56 - 00003390 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4229564678-467282434-3073527574-1000
2015-04-26 23:51 - 2015-04-28 05:51 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Real
2015-04-26 23:00 - 2015-05-10 17:37 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\HandBrake
2015-04-24 15:04 - 2015-04-24 15:04 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\WinRAR
2015-04-24 14:59 - 2015-04-24 14:59 - 00001137 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2015-04-24 14:59 - 2015-04-24 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-04-24 14:49 - 2015-04-24 14:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-24 14:48 - 2015-04-24 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-24 14:37 - 2015-04-24 14:37 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-24 14:36 - 2015-04-24 14:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-24 14:36 - 2015-04-24 14:36 - 00002049 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-24 14:36 - 2015-04-24 14:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-21 23:49 - 2015-04-21 23:50 - 00000000 ____D () C:\Program Files (x86)\hkSFV
2015-04-21 23:44 - 2015-05-10 21:16 - 00065121 _____ () C:\Windows\DirectX.log
2015-04-21 21:25 - 2015-04-21 21:26 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\AppClient
2015-04-21 06:14 - 2015-04-21 06:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\iFunbox_UserCache
2015-04-21 05:11 - 2015-04-21 05:11 - 00000000 ____D () C:\Users\TRISHA ECKARD\Documents\Monolith Productions
2015-04-20 07:05 - 2015-05-12 14:58 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-20 06:19 - 2015-05-18 03:48 - 00160926 _____ () C:\Windows\PFRO.log
2015-04-20 06:19 - 2015-05-18 03:48 - 00004686 _____ () C:\Windows\setupact.log
2015-04-20 01:48 - 2015-04-20 03:49 - 00000000 ____D () C:\Users\Public\Documents\TimeGate Studios
2015-04-19 16:08 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-19 16:08 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-19 16:07 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-19 16:07 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-19 16:07 - 2012-08-23 06:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-19 16:07 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-04-19 16:07 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-04-19 16:07 - 2012-08-23 02:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-18 14:48 - 2015-04-18 14:48 - 00000000 ____D () C:\Users\Public\Documents\Monolith Productions
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-18 09:03 - 2015-04-14 14:53 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForTRISHA ECKARD.job
2015-05-18 08:46 - 2012-04-23 18:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-18 03:56 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-18 03:56 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-18 03:52 - 2009-09-22 20:31 - 01555438 _____ () C:\Windows\WindowsUpdate.log
2015-05-18 03:48 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-18 03:27 - 2015-01-23 05:56 - 00000000 ____D () C:\Users\TRISHA ECKARD\Desktop\mikes
2015-05-18 03:11 - 2015-03-25 21:54 - 00000000 ____D () C:\Program Files\Google
2015-05-18 03:11 - 2010-08-26 10:14 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-18 03:03 - 2015-02-18 05:41 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\CrashDumps
2015-05-18 02:54 - 2010-08-26 10:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Google
2015-05-18 02:45 - 2009-11-29 21:38 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-05-18 02:45 - 2009-11-11 15:18 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-05-18 02:41 - 2015-03-20 21:14 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\uTorrent
2015-05-17 15:26 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-17 15:06 - 2012-11-24 11:17 - 00000000 ____D () C:\Windows\Minidump
2015-05-16 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-16 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-15 15:55 - 2012-04-23 18:04 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-15 15:55 - 2012-04-23 18:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-15 15:55 - 2012-02-11 11:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-15 15:55 - 2009-11-26 17:37 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Adobe
2015-05-15 15:46 - 2015-02-20 06:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-15 15:45 - 2015-04-14 05:30 - 00000000 ____D () C:\Program Files (x86)\DTLSoft
2015-05-14 23:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-14 19:56 - 2015-04-17 22:34 - 00000000 ____D () C:\Users\TRISHA ECKARD\Documents\My Games
2015-05-13 05:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 04:51 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-13 04:44 - 2009-07-13 21:45 - 00328656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-12 23:15 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 23:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 23:13 - 2015-02-02 02:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 23:02 - 2015-02-02 02:23 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-11 18:57 - 2015-03-24 18:23 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-05-11 18:26 - 2009-11-08 17:33 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\VirtualStore
2015-05-10 22:23 - 2010-10-01 19:26 - 00058880 ___SH () C:\Users\TRISHA ECKARD\Documents\Thumbs.db
2015-05-10 18:40 - 2015-03-18 00:51 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-07 17:00 - 2009-11-12 17:26 - 00000000 ____D () C:\Windows\hpojj4500
2015-05-06 21:04 - 2010-02-15 19:33 - 00021538 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\wklnhst.dat
2015-05-02 05:27 - 2010-05-27 12:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-30 23:39 - 2015-02-14 02:39 - 00003048 _____ () C:\Windows\System32\Tasks\{21012C9F-4BA5-4959-A5DE-6A1B09592801}
2015-04-30 18:09 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2015-04-30 18:05 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-30 17:57 - 2009-08-31 17:02 - 00000000 ____D () C:\ProgramData\Temp
2015-04-30 05:39 - 2015-02-01 17:12 - 00001918 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2015-04-29 23:02 - 2009-11-08 17:32 - 00082240 _____ () C:\Users\TRISHA ECKARD\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-29 21:54 - 2009-11-27 10:38 - 00000000 ____D () C:\ProgramData\Recovery
2015-04-29 05:15 - 2009-08-31 17:01 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-04-29 05:15 - 2009-08-31 17:01 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-29 05:15 - 2009-08-31 17:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-29 05:15 - 2009-08-31 16:53 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-04-28 05:50 - 2009-11-08 17:27 - 00000000 ____D () C:\Users\TRISHA ECKARD
2015-04-26 19:10 - 2009-11-11 15:22 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Adobe
2015-04-24 20:59 - 2015-02-01 17:09 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-24 14:48 - 2010-05-23 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-24 14:36 - 2009-11-26 17:39 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-22 20:27 - 2015-01-07 21:19 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2015-04-21 23:57 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-21 17:09 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\addins
2015-04-21 15:03 - 2015-04-14 14:53 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTRISHA ECKARD
2015-04-21 01:28 - 2015-01-24 15:32 - 00003706 _____ () C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2015-04-21 00:24 - 2009-11-08 17:35 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\PowerCinema
2015-04-20 06:55 - 2009-08-31 17:51 - 00000000 ____D () C:\hp
2015-04-20 06:55 - 2009-08-31 17:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-04-20 06:55 - 2009-08-31 17:25 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2015-04-20 06:54 - 2009-11-08 17:28 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Local\Hewlett-Packard
2015-04-20 06:46 - 2009-11-11 15:22 - 00000000 ____D () C:\Users\TRISHA ECKARD\AppData\Roaming\Macromedia
2015-04-20 03:09 - 2009-08-31 17:25 - 00000000 ____D () C:\Program Files (x86)\HP Games
2015-04-20 02:24 - 2009-08-31 17:11 - 00000872 _____ () C:\0
2015-04-20 02:02 - 2015-02-17 01:59 - 00000796 _____ () C:\Users\TRISHA ECKARD\Desktop\My Pictures - Shortcut.lnk
2015-04-19 18:38 - 2015-04-14 05:32 - 00000000 ____D () C:\ProgramData\DriveTheLife2013
2015-04-19 18:33 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-19 18:32 - 2009-07-13 19:34 - 95944704 _____ () C:\Windows\system32\config\software.bak
2015-04-19 18:32 - 2009-07-13 19:34 - 22020096 _____ () C:\Windows\system32\config\system.bak
2015-04-19 18:32 - 2009-07-13 19:34 - 05242880 _____ () C:\Windows\system32\config\default.bak
2015-04-19 18:32 - 2009-07-13 19:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-04-19 18:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-18 14:21 - 2015-04-17 23:28 - 00000525 _____ () C:\Windows\QIII.INI
 
==================== Files in the root of some directories =======
 
2015-05-15 15:27 - 2015-05-15 15:48 - 6103040 _____ () C:\Program Files (x86)\GUT1BA2.tmp
2011-05-24 16:58 - 2011-09-20 16:48 - 0001854 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\GhostObjGAFix.xml
2015-04-20 02:01 - 2015-04-20 02:23 - 0000115 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\LogFile.txt
2015-02-09 04:22 - 2015-04-10 00:50 - 0000600 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\winscp.rnd
2010-02-15 19:33 - 2015-05-06 21:04 - 0021538 _____ () C:\Users\TRISHA ECKARD\AppData\Roaming\wklnhst.dat
2015-05-01 00:25 - 2015-05-15 01:36 - 0007637 _____ () C:\Users\TRISHA ECKARD\AppData\Local\resmon.resmoncfg
 
Some content of TEMP:
====================
C:\Users\TRISHA ECKARD\AppData\Local\Temp\pozzqqid.dll
C:\Users\TRISHA ECKARD\AppData\Local\Temp\Quarantine.exe
C:\Users\TRISHA ECKARD\AppData\Local\Temp\sqlite3.dll
C:\Users\TRISHA ECKARD\AppData\Local\Temp\utildel.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 01:56
 
==================== End Of Log ============================
 
SHA256: bbbbe4e428de60fe59cc3501b8bf600bbbc132711fa7fe69457fb7bc5e7139fb
File name: YMdmGp3Y - Copy.dat
Detection ratio: 6 / 57
Analysis date: 2015-05-12 13:44:28 UTC ( 0 minutes ago ) 
0 13
 Analysis
 File detail
 Additional information
 Comments
 Votes
Antivirus Result Update
 
AVware Backdoor.Graybird 20150512
Jiangmin Trojan/Swisyn.mko 20150511
McAfee RDN/Generic BackDoor!b2r 20150512
McAfee-GW-Edition RDN/Generic BackDoor!b2r 20150511
Norman Suspicious_Gen2.dam 20150512
VIPRE Backdoor.Graybird 20150512
ALYac 20150512
AVG 20150512
Ad-Aware 20150512
AegisLab 20150512
Agnitum 20150511
AhnLab-V3 20150512
Alibaba 20150512
Antiy-AVL 20150512
Avast 20150512
Avira 20150512
Baidu-International 20150512
BitDefender 20150512
Bkav 20150512
ByteHero 20150512
CAT-QuickHeal 20150512
CMC 20150508
ClamAV 20150512
Comodo 20150512
Cyren 20150512
DrWeb 20150512
ESET-NOD32 20150512
Emsisoft 20150512
F-Prot 20150512
F-Secure 20150512
Fortinet 20150512
GData 20150512
Ikarus 20150512
K7AntiVirus 20150512
K7GW 20150512
Kaspersky 20150512
Kingsoft 20150512
Malwarebytes 20150512
MicroWorld-eScan 20150512
Microsoft 20150512
NANO-Antivirus 20150512
Panda 20150512
Qihoo-360 20150512
Rising 20150512
SUPERAntiSpyware 20150512
Sophos 20150512
Symantec 20150512
Tencent 20150512
TheHacker 20150511
TotalDefense 20150512
TrendMicro 20150512
TrendMicro-HouseCall 20150512
VBA32 20150511
ViRobot 20150512
Zillya 20150510
Zoner 20150511
nProtect 20150512





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users