Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sathurbot 64


  • This topic is locked This topic is locked
12 replies to this topic

#1 Texlab

Texlab

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 19 May 2015 - 06:11 AM

Hello all.

I am having an issue the above infection. I have updated my Malwarebyte Antimalware and if has picked up several infections.

Is it good enough to leave MBAM managing this? Or would it be better to run through the processess that I have seen on this forum?

I am running the following

OS: Windows 7 Service Pack 1
CPU: x64

 

Many thanks

 



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 19 May 2015 - 04:05 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

Edited by deeprybka, 19 May 2015 - 04:05 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Texlab

Texlab
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 May 2015 - 12:54 AM

Hi Jurgen

Thanks for the quick response. Logs to follow:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Dean (administrator) on DEAN_13 on 20-05-2015 07:46:31
Running from C:\Users\Dean\Desktop
Loaded Profiles: Dean (Available profiles: Dean & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Cell C\Connector\BecHelperService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files (x86)\Cell C\Connector\LoggerServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
( Inlite Research, Inc.) C:\Program Files (x86)\ClearImage\COM\InliteLMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WINZIP32.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-07-19] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [323128 2011-07-06] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {23b6724a-9c9e-11e0-a90f-68a3c4393baa} - D:\AutoRun.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {2802d744-f4a9-11e0-a608-028037ec0200} - D:\AutoRun.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {445ea3e5-bf1c-11e4-9029-68a3c4393baa} - I:\startme.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {5422d11e-ae1c-11e0-8c3b-028037ec0200} - D:\AutoRun.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {641e7f86-f4f5-11e0-985a-001e101f2b52} - D:\AutoRun.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {aab71231-d96a-11e0-8f60-028037ec0200} - D:\AutoRun.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\logon.scr
HKU\S-1-5-18\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-za/?ocid=iehp
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-12] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-12] (Oracle Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-07] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{D7997E2D-410E-4DCE-83C8-7AB08230E616}: [NameServer] 41.50.20.61 41.50.20.29

FireFox:
========
FF ProfilePath: C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\ir72337j.default-1417003269863
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-12] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll [2011-11-22] (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: PDFShellInfo Class - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\ir72337j.default-1417003269863\Extensions\{98B92EBE-2656-B6BE-80B1-6A3A1573A548} [2015-05-10]
FF Extension: NoScript - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\ir72337j.default-1417003269863\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-04-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-04-08]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-03-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]
R2 BecHelperService; C:\Program Files (x86)\Cell C\Connector\BecHelperService.exe [2036112 2011-04-08] ()
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [24832 2010-04-01] (NewTech Infosystems, Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company)
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [1698360 2011-07-06] (Hewlett-Packard Company)
R2 InliteLM; C:\Program Files (x86)\ClearImage\COM\InliteLMService.exe [709672 2011-11-05] ( Inlite Research, Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-03-03] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-04-08] (Huawei Technologies Co., Ltd.)
R1 FAMv4; C:\Windows\System32\DRIVERS\FAMv4.sys [155160 2009-10-27] (VisionWorks Solutions, Inc)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2010-09-09] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2010-09-09] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2010-09-09] (HSPADataCard Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-22] (Ericsson AB)
S1 cemgiigz; \??\C:\windows\system32\drivers\cemgiigz.sys [X]
S1 gqrgjwiw; \??\C:\windows\system32\drivers\gqrgjwiw.sys [X]
S1 mdwntgyf; \??\C:\windows\system32\drivers\mdwntgyf.sys [X]
S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 07:46 - 2015-05-20 07:47 - 00027022 _____ () C:\Users\Dean\Desktop\FRST.txt
2015-05-20 07:46 - 2015-05-20 07:46 - 00000000 ____D () C:\FRST
2015-05-20 07:42 - 2015-05-20 07:44 - 02107904 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
2015-05-20 07:38 - 2015-05-20 07:41 - 06448912 _____ (Tim Kosse) C:\Users\Dean\Downloads\FileZilla_3.11.0_win64-setup.exe
2015-05-20 07:33 - 2015-05-20 07:33 - 00000056 _____ () C:\windows\setupact.log
2015-05-20 07:33 - 2015-05-20 07:33 - 00000000 _____ () C:\windows\setuperr.log
2015-05-19 12:17 - 2015-05-19 12:17 - 00099462 _____ () C:\Users\Dean\Downloads\MyriadPro-Regular.otf
2015-05-19 11:40 - 2015-05-19 15:33 - 00000000 ____D () C:\Users\Dean\Desktop\June 2015 articles
2015-05-19 11:40 - 2015-05-19 11:41 - 00000000 ____D () C:\Users\Dean\Desktop\June 2015 final illustrations
2015-05-19 10:53 - 2015-05-19 13:35 - 00002220 _____ () C:\Users\Dean\Desktop\mab 19may.txt
2015-05-19 10:46 - 2015-05-19 16:42 - 00010765 _____ () C:\Users\Dean\Desktop\Copy of MCOM 2015 June Graduation- Dissertation Titles- Dean Fourie.xlsx
2015-05-19 10:25 - 2015-05-19 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-19 10:24 - 2015-05-19 13:52 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-19 10:24 - 2015-05-19 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-05-19 10:20 - 2015-05-19 10:22 - 03020968 _____ (Malwarebytes ) C:\Users\Dean\Downloads\mbae-setup-1.06.1.1019.exe
2015-05-19 10:08 - 2015-05-19 10:08 - 00009846 _____ () C:\Users\Dean\Desktop\MCOM 2015 June Graduation- Dissertation Titles- Dean Fourie.xlsx
2015-05-19 08:51 - 2015-05-19 11:16 - 00034304 _____ () C:\Users\Dean\Desktop\EMBA 2015 Dissertation Titles.xls
2015-05-18 13:14 - 2015-05-20 07:36 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0915bdec821ec.job
2015-05-18 13:14 - 2015-05-19 16:19 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0915be01ee814.job
2015-05-18 13:14 - 2015-05-18 13:14 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0915be01ee814
2015-05-18 13:14 - 2015-05-18 13:14 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0915bdec821ec
2015-05-13 14:42 - 2015-05-13 14:42 - 00000000 _____ () C:\windows\SysWOW64\RENE502.tmp
2015-05-13 11:43 - 2015-05-13 11:43 - 00000000 ____D () C:\windows\SysWOW64\NewTech Infosystems
2015-05-13 11:32 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-13 11:32 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-13 11:32 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-13 11:32 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-13 11:32 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-13 11:32 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-13 11:32 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-13 11:32 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-13 11:32 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-13 11:32 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-13 11:32 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-05-13 11:32 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-13 11:32 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-05-13 11:32 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-05-13 11:32 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-05-13 11:32 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-05-13 11:32 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-13 11:32 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-13 11:32 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-13 11:32 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-13 11:32 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-13 11:32 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-13 11:32 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-05-13 11:32 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-13 11:32 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-13 11:32 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-13 11:32 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-13 11:32 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-13 11:32 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 11:31 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-13 11:31 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-13 11:31 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-13 11:31 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-13 09:18 - 2015-05-13 09:20 - 00000000 ____D () C:\aa92de78aecc85725f3cf4
2015-05-13 09:18 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:18 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:12 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 09:12 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-13 09:12 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 09:12 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-13 09:12 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-13 09:12 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-13 09:12 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 09:12 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 09:12 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-13 09:12 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 09:12 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-13 09:12 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-13 09:12 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-13 09:12 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-13 09:12 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 09:12 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-13 09:12 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-13 09:12 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-13 09:12 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 09:12 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-13 09:12 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-13 09:12 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-13 09:12 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-13 09:12 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 09:12 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-13 09:12 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-13 09:12 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-13 09:12 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-13 09:12 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-13 09:12 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 09:12 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-13 09:12 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 09:12 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-13 09:12 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-13 09:12 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-13 09:12 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-13 09:12 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-13 09:12 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-13 09:12 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-13 09:12 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 09:12 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-13 09:12 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-13 09:12 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-13 09:12 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 09:12 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 09:12 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 09:12 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-13 09:12 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-13 09:12 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-13 09:12 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-13 09:12 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 09:12 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-13 09:12 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-13 09:12 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-13 09:12 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-13 09:12 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 09:12 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-13 09:12 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-13 09:12 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-13 09:12 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-13 08:30 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 08:25 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-13 08:25 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-13 08:25 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-13 08:16 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 08:16 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 08:16 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-13 08:16 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-12 17:58 - 2015-05-12 17:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-12 17:46 - 2015-05-12 17:44 - 00110688 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-05-12 06:24 - 2015-05-12 06:24 - 04149784 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athrx.sys
2015-05-11 15:51 - 2015-05-11 15:51 - 00000000 ____D () C:\ProgramData\NewTech Infosystems
2015-05-11 15:51 - 2015-05-11 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now 5
2015-05-11 15:51 - 2015-05-11 15:51 - 00000000 ____D () C:\ProgramData\FAM
2015-05-11 15:50 - 2015-05-12 11:44 - 00001024 ___RH () C:\Users\Public\Documents\NTIOFM4.dll
2015-05-11 15:50 - 2015-05-12 11:38 - 00001024 ___RH () C:\Users\Public\Documents\NTIBUN5.dll
2015-05-10 23:05 - 2015-05-19 11:07 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Panda Security
2015-05-10 23:03 - 2015-05-19 11:18 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-05-10 22:26 - 2015-05-19 11:08 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-10 22:06 - 2015-05-19 07:47 - 00000000 ____D () C:\Users\Dean\AppData\Local\Ewtion
2015-05-10 22:06 - 2015-05-18 11:55 - 00000000 ____D () C:\Users\Dean\AppData\Local\Imsoft
2015-05-05 11:22 - 2015-05-05 11:25 - 00025600 _____ () C:\Users\Dean\Desktop\lets do it Under 300 April 2015 Punch only.xls
2015-05-05 08:22 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-05 08:22 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-05 08:17 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-05 08:17 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-05 08:15 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-05 08:15 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-05 08:15 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-05 08:15 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-05 08:15 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-05 08:15 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-05 08:15 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-05 08:06 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-05 08:06 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-05-05 08:06 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-05-05 08:06 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-05-05 08:06 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-05-05 08:06 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-20 08:30 - 2015-04-20 08:30 - 00000000 _____ () C:\Users\Dean\Sti_Trace.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 07:46 - 2011-06-22 15:09 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\FileZilla
2015-05-20 07:46 - 2011-04-09 13:20 - 01401586 _____ () C:\windows\WindowsUpdate.log
2015-05-20 07:43 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 07:43 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 07:36 - 2015-04-16 09:28 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 07:36 - 2011-03-03 01:01 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-05-20 07:34 - 2012-04-25 10:53 - 00000000 ____D () C:\ProgramData\Kodak
2015-05-20 07:34 - 2009-07-14 06:45 - 05715640 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-20 07:33 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-19 16:42 - 2011-06-21 16:56 - 00000000 ____D () C:\Users\Dean\main
2015-05-19 16:36 - 2011-06-20 21:11 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Skype
2015-05-19 16:06 - 2013-07-17 15:30 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 15:04 - 2011-06-20 19:54 - 00000000 ____D () C:\Users\Dean
2015-05-19 13:43 - 2011-06-20 20:01 - 00176832 _____ () C:\Users\Dean\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 12:40 - 2009-07-14 07:13 - 00796870 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-19 11:58 - 2011-07-05 18:07 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\BitTorrent
2015-05-19 11:58 - 2011-06-25 13:43 - 00000000 ____D () C:\windows\Minidump
2015-05-19 11:58 - 2011-06-21 17:26 - 00000000 ____D () C:\Users\Dean\AppData\Local\CrashDumps
2015-05-19 11:29 - 2011-11-15 09:05 - 00000000 ___RD () C:\Users\Dean\Dropbox
2015-05-19 11:19 - 2014-03-18 08:30 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForDean.job
2015-05-19 11:18 - 2012-05-10 08:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-19 09:37 - 2015-04-08 09:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-19 09:20 - 2015-04-16 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-19 09:20 - 2015-04-16 09:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-19 08:38 - 2011-11-15 09:01 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Dropbox
2015-05-19 08:24 - 2011-07-28 12:07 - 00000000 ____D () C:\Users\Dean\AppData\Local\CutePDF Writer
2015-05-19 08:00 - 2014-03-18 08:30 - 00003180 _____ () C:\windows\System32\Tasks\HPCeeScheduleForDean
2015-05-19 07:49 - 2011-04-09 13:32 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-05-18 14:07 - 2011-03-03 00:28 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-05-14 16:17 - 2011-06-21 03:54 - 00000000 ____D () C:\windows\rescache
2015-05-14 12:27 - 2011-12-14 21:04 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-14 12:17 - 2015-04-15 12:50 - 00025600 _____ () C:\Users\Dean\Desktop\lets do it Under 300 April 2015.xls
2015-05-14 09:12 - 2014-08-19 10:09 - 00000000 ____D () C:\Users\Dean\AppData\Local\Adobe
2015-05-14 09:12 - 2012-04-10 07:49 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-05-14 09:12 - 2011-06-29 13:26 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 14:44 - 2014-05-20 13:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-13 14:40 - 2011-06-22 10:28 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-13 09:45 - 2012-05-09 12:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 09:45 - 2012-05-09 12:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 09:43 - 2009-07-27 16:36 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 09:39 - 2011-06-20 20:52 - 00002155 _____ () C:\windows\epplauncher.mif
2015-05-13 09:39 - 2011-06-20 20:51 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 09:38 - 2012-04-25 08:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 09:38 - 2011-06-20 20:51 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 09:37 - 2011-06-21 17:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 09:36 - 2013-07-11 09:11 - 00000000 ____D () C:\windows\system32\MRT
2015-05-13 09:27 - 2011-06-20 20:42 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-13 09:18 - 2012-05-09 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 17:58 - 2015-02-10 07:33 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-12 17:58 - 2011-06-21 17:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-12 17:43 - 2014-05-22 15:29 - 00000000 ____D () C:\Program Files\Java
2015-05-12 17:38 - 2011-06-29 13:23 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-12 12:04 - 2012-08-21 20:04 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\vlc
2015-05-11 15:51 - 2011-08-19 15:02 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2015-05-11 15:51 - 2011-03-03 00:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-11 15:49 - 2011-06-23 15:42 - 00000000 ____D () C:\Users\Dean\AppData\Local\Downloaded Installations
2015-05-11 14:51 - 2011-03-03 00:28 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-05-11 14:48 - 2011-03-03 00:35 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-05-11 14:45 - 2015-04-15 17:38 - 00000000 ____D () C:\windows\pss
2015-05-11 14:44 - 2013-09-13 13:26 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-05-11 14:40 - 2011-06-25 18:44 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-11 13:32 - 2013-02-07 23:07 - 00007650 _____ () C:\Users\Dean\AppData\Local\Resmon.ResmonCfg
2015-05-10 22:22 - 2011-06-23 17:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-10 17:03 - 2011-11-15 09:01 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-06 13:57 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2015-05-06 09:06 - 2011-06-20 20:03 - 00000000 ____D () C:\Users\Dean\Documents\Bluetooth Folder
2015-05-05 09:20 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-04 18:02 - 2015-01-20 18:17 - 00019030 _____ () C:\Users\Dean\Desktop\LDI Manual Source Prices 19Feb.xlsx
2015-05-04 10:43 - 2015-04-09 10:58 - 00022016 _____ () C:\Users\Dean\Desktop\Greece.xls
2015-05-03 13:28 - 2009-07-14 07:08 - 00032644 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-05-01 13:32 - 2011-06-20 20:11 - 00003216 _____ () C:\windows\System32\Tasks\HPCeeScheduleForDEAN_13$
2015-05-01 13:32 - 2011-06-20 20:11 - 00000340 _____ () C:\windows\Tasks\HPCeeScheduleForDEAN_13$.job
2015-04-30 09:16 - 2014-10-06 12:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-30 09:15 - 2011-06-20 21:11 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2013-01-19 09:44 - 2013-01-19 09:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2012-10-29 15:45 - 2012-10-29 15:47 - 0035641 _____ () C:\Users\Dean\AppData\Roaming\Photo.jpg
2011-10-11 13:11 - 2011-10-11 13:14 - 0098688 _____ () C:\Users\Dean\AppData\Roaming\QWInstall.log
2011-06-22 13:55 - 2015-01-19 16:29 - 0007084 _____ () C:\Users\Dean\AppData\Roaming\Rim.Desktop.Exception.log
2011-06-22 13:54 - 2015-04-13 14:40 - 0003932 _____ () C:\Users\Dean\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-08-19 12:22 - 2015-01-19 16:29 - 0000770 _____ () C:\Users\Dean\AppData\Roaming\Rim.DesktopHelper.Exception.log
2011-08-31 16:08 - 2013-03-01 11:18 - 0014336 _____ () C:\Users\Dean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-01 13:01 - 2013-06-10 09:21 - 0011702 _____ () C:\Users\Dean\AppData\Local\installer.log
2011-11-23 10:50 - 2013-08-01 14:10 - 0004096 ____H () C:\Users\Dean\AppData\Local\keyfile3.drm
2014-12-11 18:38 - 2015-04-08 13:36 - 28579392 _____ (Sony Mobile Communications                                  ) C:\Users\Dean\AppData\Local\pcc.exe
2014-08-11 14:35 - 2014-08-11 14:35 - 0000600 _____ () C:\Users\Dean\AppData\Local\PUTTY.RND
2013-02-07 23:07 - 2015-05-11 13:32 - 0007650 _____ () C:\Users\Dean\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Dean\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiezsxb.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 16:08

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by Dean at 2015-05-20 07:48:29
Running from C:\Users\Dean\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1511175656-3640820181-875446686-500 - Administrator - Disabled) => C:\Users\Administrator
Dean (S-1-5-21-1511175656-3640820181-875446686-1001 - Administrator - Enabled) => C:\Users\Dean
Guest (S-1-5-21-1511175656-3640820181-875446686-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.8 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.46.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BitTorrent (HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.55 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.27.0 - Brother Industries, Ltd.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cell C (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Cell C (HKLM-x32\...\Cell C) (Version: 16.001.06.06.368 - Huawei Technologies Co.,Ltd)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connector (HKLM-x32\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 1.0.0 - Cell C)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x32 Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (HKLM-x32\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x32 Version: 16.0 - Corel Corporation) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Descreen 5.1 plug-in for Adobe Photoshop (32 bit) (HKLM-x32\...\{7C6F4422-9D67-43DA-ACBB-390A04876F82}) (Version: 5.1.32 - Sattva)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
e@syFile-employer (HKLM-x32\...\easyFileEmployer.0612E4541602589CA8807A3EA214FDF182FEF49D.1) (Version: 6.6.2 - UNKNOWN)
e@syFile-employer (x32 Version: 6.6.2 - UNKNOWN) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.7.2947 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
FX Fax Printer (HKLM-x32\...\FX Fax Printer) (Version: 1.0.1387 - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{50928788-ED14-4B45-97FF-EC3C4EC7BBC1}) (Version: 4.1.7.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{76997589-A71A-4651-9956-F2F79972A54D}) (Version: 4.0.20.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.5.3 - Ericsson AB)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{50764328-9744-49B2-A08B-C5109F45E2DE}) (Version: 3.3.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
Huawei modem (HKLM-x32\...\Huawei Modems) (Version:  - )
IDREngine (HKLM-x32\...\{73AF6411-151A-4989-BC9B-F827243C9126}) (Version: 1.4 - Panasonic System Networks Co., Ltd.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel® Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java™ 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
KV-S2048C S2046C S2028C S2026C TWAIN Driver (HKLM-x32\...\{57562EDD-4BBA-48DF-9A0A-CDCC34FD7D61}) (Version: 9.1 - Panasonic System Networks Co., Ltd.)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 38.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-GB)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
Nike+ Connect (HKLM-x32\...\Nike+ Connect) (Version: 6.6.32 - Nike)
NTI Backup Now 5 (x32 Version: 5.5.0.116 - NewTech Infosystems, Inc.) Hidden
NTI Backup Now 5.5 (HKLM-x32\...\InstallShield_{B5577A8D-500A-4972-ADC4-E813C94FC510}) (Version: 5.5.0.116 - NewTech Infosystems, Inc.)
NTI Open File Manager (HKLM-x32\...\NTI Open File Manager) (Version:  - NewTech Infosystems, Inc.)
Nuance OmniPage 18 (HKLM-x32\...\{512CF969-1C40-4F8D-8DA4-68CB6E293E5F}) (Version: 18.0.0000 - Nuance Communications, Inc.)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Panasonic High Speed Scanner Device Driver 5.5 (HKLM-x32\...\{A30A17F8-9A2F-4533-AC58-AFB761E16684}) (Version: 5.5 - Panasonic System Networks Co., Ltd.)
Panasonic Scanner User Utility (HKLM-x32\...\{BE4CE0B1-E4B5-45F9-B839-1375A1362020}) (Version: 6.5 - Panasonic System Networks Co., Ltd.)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Quite Imposing Plus (English) (HKLM-x32\...\qiplus32_uninstall.exe) (Version:  - Quite Software Ltd.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
RTIV (HKLM-x32\...\{E3EA1F53-C621-451E-A10D-75FE58F6AD50}) (Version: 5.7 - Panasonic System Networks Co., Ltd.)
Scribus 1.3.3.14 (HKLM-x32\...\Scribus 1.3.3.14) (Version: 1.3.3.14 - The Scribus Team)
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SOTI Pocket Controller for Android (HKLM-x32\...\{27C323C9-C757-44E2-AF70-245586D0F462}) (Version:  - )
SOTI Pocket Controller-Pro For BlackBerry (HKLM-x32\...\{8944B5A2-A948-4BA2-9A14-B094EB23D779}) (Version:  - )
Striata Reader (HKLM-x32\...\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}) (Version: 2.9-1 - Striata Communication Solutions)
SureThing CD Labeler Deluxe (HKLM-x32\...\{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1) (Version: 5.2.647.0 - MicroVision Development, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.33 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.33 - Hewlett-Packard Company) Hidden
Total Immersion D'Fusion @Home Web Plug-In (HKLM-x32\...\D'Fusion @Home Web Plug-In) (Version:  - Total Immersion)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{61D3AB5C-02B5-47FC-906A-C49A0954C7C6}) (Version: 4.3.126.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VueScan (HKLM\...\VueScan) (Version:  - )
VueScan (HKLM-x32\...\VueScan) (Version:  - )
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}) (Version: 14.0.8652 - WinZip Computing, S.L. )
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

11-05-2015 01:20:49 HPSF Restore Point
11-05-2015 08:03:08 HPSF Restore Point
11-05-2015 13:41:04 Removed Apple Mobile Device Support
11-05-2015 14:45:02 Removed HP DayStarter
11-05-2015 15:49:21 Installed NTI Backup Now 5.5
13-05-2015 09:13:32 Windows Update
13-05-2015 11:33:14 Windows Update
18-05-2015 13:21:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {106B797B-B6A3-4870-AE2E-7810D7C98065} - System32\Tasks\HPCeeScheduleForDEAN_13$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {204EFC7C-5235-4441-96B6-6A0B48F446BB} - System32\Tasks\HPCeeScheduleForDean => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {2B1C60B5-A6C0-4734-885B-3AD1DB3FF2C6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {30631CF5-96BB-456B-A4A7-D2827E190BE4} - \{CEEEA21E-BCA8-4C3E-BE89-0113C971791B} No Task File <==== ATTENTION
Task: {386CC096-4F73-45D0-A46B-65FB7382C284} - System32\Tasks\GoogleUpdateTaskMachineUA1d0915be01ee814 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {59FE9A37-B7D7-4963-9D04-667643771A5A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {5B14DA64-21A6-4AC1-99DA-B9B9F9D132E2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5B484707-3C07-4DF8-9279-684F0DC93A7A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5F6E89BC-C9AE-402E-B635-EFAD3DB916F5} - \{CDCDC702-4108-4D93-8894-FA4D3A4A5574} No Task File <==== ATTENTION
Task: {74C6ADBC-6EFD-4B20-884D-1B7CE480F61C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {818B0F5E-0A43-4115-8A6F-5CF5A11BF4F2} - \{316BAB44-006E-441F-B5DC-998F6D7D9ED9} No Task File <==== ATTENTION
Task: {852DBB2A-AA1C-4BB4-95BA-DF0F042BB10E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {98FA36F9-AE33-413F-A198-EF4481ECCE1A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {9F11F52F-803C-4639-A175-4303CEF8FE04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {AB44E6FA-DB61-4E17-853C-7C3EACCA3550} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {C30B9B60-F389-4074-998C-44566C194B02} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C47D7173-B5E8-4B64-B18B-60CB767FE0EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {C9C9F5D0-FBD4-48C8-BD10-EB36EF22C613} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {C9F83128-A661-4776-9CEB-E901382ABA1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {CA308D9F-F82C-4271-A858-FFE6C2CF4C8C} - \{6DE1F1BF-E812-4BD5-8811-5F6AFBF44CDE} No Task File <==== ATTENTION
Task: {D4FF8653-6861-46D8-89C5-880415BA8AD8} - System32\Tasks\GoogleUpdateTaskMachineCore1d0915bdec821ec => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {DE61B5E6-2433-4FC6-94D9-9B73CD7DDAB3} - \{22116563-108C-42c0-A7CE-60161B75E508} No Task File <==== ATTENTION
Task: {E1EFB5B6-9A0B-4C77-8B6C-5C9DAC12C8FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {FBE50C9E-EAB6-47DB-A99C-2C854768F6C0} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {FECBB1DC-0EF6-4B92-A7AA-FFEE6FDFD674} - \{BF16ABF4-CA9F-4AAA-93E7-2473486B65AA} No Task File <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0915bdec821ec.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0915be01ee814.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForDean.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForDEAN_13$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-28 12:03 - 2009-11-05 08:40 - 00085504 _____ () C:\windows\System32\cpwmon64.dll
2011-01-31 21:54 - 2011-01-31 21:54 - 00107008 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-02-09 21:04 - 2011-02-09 21:04 - 02905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2011-02-09 20:27 - 2011-02-09 20:27 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-02-09 20:58 - 2011-02-09 20:58 - 01929728 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcNp64.DLL
2011-09-07 21:28 - 2011-04-08 12:41 - 02036112 _____ () C:\Program Files (x86)\Cell C\Connector\BecHelperService.exe
2011-09-07 21:28 - 2011-04-08 12:37 - 00294400 _____ () C:\Program Files (x86)\Cell C\Connector\LoggerServer.exe
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2011-02-09 20:28 - 2011-02-09 20:28 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2011-02-09 20:51 - 2011-02-09 20:51 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2011-01-27 04:11 - 2011-01-27 04:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-27 04:14 - 2011-01-27 04:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2011-03-03 01:06 - 2011-01-27 03:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2010-04-01 15:36 - 2010-04-01 15:36 - 01066240 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2010-04-01 15:36 - 2010-04-01 15:36 - 00103680 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2010-04-01 15:36 - 2010-04-01 15:36 - 00066816 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2011-02-09 20:48 - 2011-02-09 20:48 - 02637824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-02-09 20:27 - 2011-02-09 20:27 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-02-09 20:51 - 2011-02-09 20:51 - 02650112 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-02-09 20:29 - 2011-02-09 20:29 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-02-09 20:30 - 2011-02-09 20:30 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2011-04-09 13:28 - 2010-02-17 11:20 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-10-16 10:58 - 2014-10-16 10:58 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2011-04-09 13:22 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2009-10-13 14:00 - 2009-10-13 14:00 - 00173384 ____R () C:\Program Files (x86)\WinZip\UNRAR.DLL
2009-10-13 14:00 - 2009-10-13 14:00 - 00131912 ____R () C:\Program Files (x86)\WinZip\LHA.DLL
2012-02-28 04:53 - 2012-02-28 04:53 - 00239504 _____ () C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Programs\Styles.dll
2011-10-31 10:47 - 2011-10-31 10:47 - 00431392 _____ () c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Draw\PsiClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\Users\Dean\Desktop\June 2015 articles:com.dropbox.attributes
AlternateDataStreams: C:\Users\Dean\Desktop\June 2015 cover .JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Dean\Desktop\June 2015 final illustrations:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1511175656-3640820181-875446686-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk => C:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScannerIndicator.lnk => C:\windows\pss\ScannerIndicator.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: Imsoft => regsvr32.exe C:\Users\Dean\AppData\Local\Imsoft\353rss7.dll
MSCONFIG\startupreg: ISsoft => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Dean\AppData\Local\Ewtion\353rss7.dll
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Nike+ Connect => "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
MSCONFIG\startupreg: Nuance OmniPage 18-reminder => "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"
MSCONFIG\startupreg: OmniPage Preload => C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload
MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{82272C6A-B186-4631-83F2-BDFFC17E3D98}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DF4E85C7-E2F5-4289-917B-D0C562151C3B}] => (Allow) LPort=2869
FirewallRules: [{4371DFE8-8B41-4F60-B85C-E827065C609B}] => (Allow) LPort=1900
FirewallRules: [{C42078EA-D211-4BA9-AE30-CA76EDDAB256}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6683BC62-3EF2-4FFA-A45E-89BBB9B83891}C:\program files (x86)\adobe\acrobat 8.0\acrobat\acrobat.exe] => (Allow) C:\program files (x86)\adobe\acrobat 8.0\acrobat\acrobat.exe
FirewallRules: [UDP Query User{57400333-3B85-4FEE-945A-5A7A778D8207}C:\program files (x86)\adobe\acrobat 8.0\acrobat\acrobat.exe] => (Allow) C:\program files (x86)\adobe\acrobat 8.0\acrobat\acrobat.exe
FirewallRules: [{19F8A34B-E783-4384-BF02-199B5A8B3A1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0FDCC367-D53B-4BB0-8D2C-25406621DE7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57C1088C-FE84-45EC-97CE-2CD404D91AB3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19110C78-76D4-4CC7-B220-2717B9E66657}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1EAD5B7D-9194-4F65-9552-CA71E1A61B12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{623B8B9F-3444-4BE9-ABAB-517939245500}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FF30A546-522F-47C0-BD9D-6AABBA36D411}] => (Allow) C:\Users\Dean\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{947DD6E5-AB3C-4C53-8F57-DB74485FF3E2}] => (Allow) C:\Users\Dean\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DEE4C41A-4D0C-4709-8357-C9FADD66094C}] => (Allow) LPort=24654
FirewallRules: [{6FA45996-22F1-4FE7-8897-358FB7186EE7}] => (Allow) LPort=24654
FirewallRules: [{2B04165C-142D-45D0-B40C-34AD4056BF87}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9BC2967B-1FCD-4862-A993-8273EEE5FFDA}] => (Allow) LPort=5353
FirewallRules: [{3DAAE922-D3E8-4EA4-8A3F-8EBEB12232C5}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe
FirewallRules: [{65656E1C-913E-4B2E-9552-15D045F298A7}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe
FirewallRules: [{9D8D3E7B-739C-405D-89F7-FB7431ADED80}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\PPMV.exe
FirewallRules: [{D00103FD-8610-49D4-AE76-BC6AE40BCC6D}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\PPMV.exe
FirewallRules: [{C7A86761-A829-4361-9738-9E60E6A4E2F9}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [{E043C567-CBF8-46BC-B57F-718109D09E88}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [TCP Query User{8095DB14-CC77-4171-B495-71B16D7A01EA}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{4C3F9E43-7410-4383-BE88-9C2F095DBB59}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [{E0A662D7-BB6F-48AD-B6C7-DB1AFC668234}] => (Allow) LPort=9322
FirewallRules: [{C94B8372-0D3F-4C12-8342-EEA9A468AA64}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{7008412E-C365-426F-8FDA-2AF35FC2A98A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{71D8E0C8-5893-4886-A101-6A0629007310}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{B91729BD-4E6D-4D92-BD48-D9A256A90B1F}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{99334CAD-A4A9-435B-8D92-3CB8D4C58518}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{F8226AD3-83C5-4BEC-BB9D-5B130FEDEB56}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{E7640B3C-E169-46C7-A196-FF81952C8E72}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{5FCF0797-10BD-46BC-B664-F2AA16966334}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{21AF74BE-DE50-4AA9-8857-67F78A19E23B}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{FFF7C60B-DB86-448E-B1E3-2827B6006DFA}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [TCP Query User{04D49896-A599-4D38-A96B-ED8C63B7C7A1}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{EE7DED7C-6589-4911-B43A-B5E2ACC6EC12}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [{939BF07A-416B-4915-AF0C-CBB614F45726}] => (Allow) LPort=5353
FirewallRules: [TCP Query User{675977C2-97A2-4C38-A826-E87359A45672}C:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{38B30263-BC58-43A6-8D40-C537A07AB613}C:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{A602CEF8-3C1A-4AB9-8E33-12390D0FB8D8}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{DF944256-B17D-4E77-A14C-AA7AE22FB3F1}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{4C62F170-CEE0-4CEC-B46D-7FEE7BEDBC7F}] => (Allow) C:\Users\Dean\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{525F3A30-58DF-41FB-A021-B7F9E3854EC5}] => (Allow) C:\Users\Dean\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5D4FC816-98E9-4CD3-B3B3-DDA060DC8661}] => (Allow) LPort=4481
FirewallRules: [{C9F40079-66A5-4761-8AFD-D2DA815F5DFF}] => (Allow) LPort=4481
FirewallRules: [{81A48669-8113-44C8-92CC-88DB4A61AD43}] => (Allow) LPort=4482
FirewallRules: [{46A00FC7-2C68-42B8-BB35-9D557470C19A}] => (Allow) LPort=4482
FirewallRules: [{35F31962-DEF5-4D9C-888A-1D2145B30550}] => (Allow) LPort=9322
FirewallRules: [{F9585536-C114-41EB-94B2-7DB468DA5561}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{F2E10938-5FF3-42BB-BA4D-D26370E26D9F}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{B9999964-F31F-4298-9F51-394652687A76}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{899EA7CA-CA9E-4CA9-8A57-A48E393384E5}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{8AA8AFAE-AF09-4FC7-AE81-EA99B54F67CA}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{6EB4724D-A53C-4668-BFF0-601F3CF7ACF3}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{945D6916-5427-4CFD-A27D-19A52C2BF730}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{C1AB11DF-7899-4F97-A1C6-5B3032EB0898}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{18E9E0A5-353A-410E-AD12-929115905B03}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{68562642-21A9-4F83-8BF0-9304FFC495D5}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [0001a4e4-45e1-951d-eac3-02dfffb7380a] => (Block) C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe
FirewallRules: [fedca4e4-45e1-951d-eac3-02dfffb7380a] => (Block) C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe
FirewallRules: [{98649C27-2641-42A3-9F88-CD94FC101C16}] => (Block) C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe
FirewallRules: [{EE9EEBEF-A82E-4F70-AC85-DC6FD17BBABC}] => (Block) C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe
FirewallRules: [{5F0DFEFC-AC8B-4F4C-BA37-0BD06344283D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF4121C2-22EC-4C5C-8ACC-2EAD528D1AFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{546B120E-42F1-46CC-9B21-FDD3AB468477}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC 2014 (32 Bit)\Photoshop.exe
FirewallRules: [{599369B3-9D5C-417E-B5B0-6A1A118B798A}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{724B66AE-246F-44AE-BF5E-C2D4BB9A75C4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4F89A0B7-4D78-4397-8E36-430CD28AC192}] => (Block) %ProgramFiles%\Adobe\Adobe InDesign CC 2014\InDesign.exe
FirewallRules: [{4BF6D60D-74A6-41DC-8F36-DE3635CA0CDA}] => (Block) %ProgramFiles%\Adobe\Adobe InDesign CC 2014\InDesign.exe
FirewallRules: [{3F03B60C-E83E-4231-90B2-8AACDB51374A}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{93DF9ED9-B9F9-46A1-8630-52C63B3E856B}] => (Allow) C:\windows\explorer.exe
FirewallRules: [{BBD8AA7B-BD86-4969-8BEC-B83248FA0CB6}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{B6D4004F-6CB5-4140-9356-2CCFB0A28E6F}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\ShadowSvc.exe
FirewallRules: [{9E33BEB6-6DAB-4923-882B-0D051D5ABBF9}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\ShadowSvc.exe
FirewallRules: [{AE273F1A-E417-422C-A6FF-476028E1908D}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{9248C6AF-1F82-4760-BAB7-07D55A34E83D}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{C72671DD-D1B7-4E57-85EF-9790DA6E617E}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{D6D65D5B-E8DD-464B-B2C5-F04BFF33933E}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{8DE33C7E-E485-4800-AB4D-B51E9720108E}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{2790AC97-41DF-47C4-AD9D-177BFAE51AF9}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Atheros AR3011 Bluetooth 3.0 + HS Adapter
Description: Atheros AR3011 Bluetooth 3.0 + HS Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2015 11:20:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 5.0.0.10.in-addr.arpa. PTR Dean-13.local.

Error: (05/19/2015 11:20:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.5:5353   15 5.0.0.10.in-addr.arpa. PTR Dean-88.local.

Error: (05/19/2015 08:15:17 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/19/2015 08:08:57 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (05/19/2015 07:48:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 5.0.0.10.in-addr.arpa. PTR Dean-13.local.

Error: (05/19/2015 07:48:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.5:5353   15 5.0.0.10.in-addr.arpa. PTR Dean-43.local.

Error: (05/19/2015 07:41:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 5.0.0.10.in-addr.arpa. PTR Dean-13.local.

Error: (05/19/2015 07:41:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.5:5353   15 5.0.0.10.in-addr.arpa. PTR Dean-84.local.

Error: (05/18/2015 04:08:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
Exception code: 0xc0000029
Fault offset: 0x00090b0a
Faulting process id: 0x27a8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/18/2015 04:05:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
Exception code: 0x4000001f
Fault offset: 0x000392b5
Faulting process id: 0x2178
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3


System errors:
=============
Error: (05/20/2015 07:43:55 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (05/20/2015 07:43:33 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/20/2015 07:36:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (05/19/2015 11:29:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (05/19/2015 11:29:17 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/19/2015 11:23:56 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/19/2015 11:22:25 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (05/19/2015 11:22:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/19/2015 11:21:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (05/19/2015 11:06:14 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (05/04/2015 02:14:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5106 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (10/07/2014 10:32:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 402 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (10/07/2014 10:22:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2678 seconds with 1320 seconds of active time.  This session ended with a crash.

Error: (07/07/2014 09:11:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 384 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 03:23:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 176 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 03:18:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 926 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 02:59:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10440 seconds with 6180 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 00:03:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4568 seconds with 2220 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 10:45:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 365 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 10:31:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 343 seconds with 180 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 45%
Total physical RAM: 8126.37 MB
Available physical RAM: 4422.06 MB
Total Pagefile: 16250.94 MB
Available Pagefile: 11877.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:444.18 GB) (Free:228.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.29 GB) (Free:2.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:4.97 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6B25F98A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 20 May 2015 - 03:08 AM

Hi there,

warning.gif P2P warning

Going over your logs I noticed that you have BitTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Please do the following:

Uninstall "Ad-Aware Antivirus" and post the Malwarebytes log.

scanlog1.png
scanlog2.png

Then:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\Run: [AdobeBridge] => [X]
    ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  No File
    Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    Task: {30631CF5-96BB-456B-A4A7-D2827E190BE4} - \{CEEEA21E-BCA8-4C3E-BE89-0113C971791B} No Task File 
    Task: {5F6E89BC-C9AE-402E-B635-EFAD3DB916F5} - \{CDCDC702-4108-4D93-8894-FA4D3A4A5574} No Task File 
    Task: {818B0F5E-0A43-4115-8A6F-5CF5A11BF4F2} - \{316BAB44-006E-441F-B5DC-998F6D7D9ED9} No Task File 
    Task: {CA308D9F-F82C-4271-A858-FFE6C2CF4C8C} - \{6DE1F1BF-E812-4BD5-8811-5F6AFBF44CDE} No Task File 
    Task: {DE61B5E6-2433-4FC6-94D9-9B73CD7DDAB3} - \{22116563-108C-42c0-A7CE-60161B75E508} No Task File 
    Task: {FECBB1DC-0EF6-4B92-A7AA-FFEE6FDFD674} - \{BF16ABF4-CA9F-4AAA-93E7-2473486B65AA} No Task File 
    AlternateDataStreams: C:\ProgramData\TEMP:A303874F
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISsoft
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Imsoft
    C:\Users\Dean\AppData\Local\Ewtion
    C:\Users\Dean\AppData\Local\Imsoft
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Edited by deeprybka, 20 May 2015 - 03:16 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Texlab

Texlab
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 May 2015 - 09:29 AM

Hi Jurgen

Thanks for your quick response. I have followed your suggestions.

 

Uninstalled Bitorrent as suggested

 

Uninstall "Ad-Aware Antivirus" and post the Malwarebytes log

 

 

MALWAREBYTES LOG: (This is the one after the cleanup of yesterday)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015/05/20
Scan Time: 11:15:34 AM
Logfile: mab 20may.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.20.02
Rootkit Database: v2015.05.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dean

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 479497
Time Elapsed: 40 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

FIXLOG.TXT (Is it possible that this didnt work - I copied and pasted the text as per the email that was sent to me and NOT from the forum board. I suspect that there are bullets as per the email sent out that shouldnt be there?)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015
Ran by Dean at 2015-05-20 12:00:02 Run:1
Running from C:\Users\Dean\Desktop
Loaded Profiles: Dean (Available profiles: Dean & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
·    CloseProcesses:
·    HKLM\...\Run: [] => [X]
·    HKLM-x32\...\Run: [] => [X]
·    HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\Run: [AdobeBridge] => [X]
·    ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  No File
·    Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name -
·    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
·    Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
·    S1 cemgiigz; \??\C:\windows\system32\drivers\cemgiigz.sys [X]
·    S1 gqrgjwiw; \??\C:\windows\system32\drivers\gqrgjwiw.sys [X]
·    S1 mdwntgyf; \??\C:\windows\system32\drivers\mdwntgyf.sys [X]
·    Task: {30631CF5-96BB-456B-A4A7-D2827E190BE4} - \{CEEEA21E-BCA8-4C3E-BE89-0113C971791B} No Task File
·    Task: {5F6E89BC-C9AE-402E-B635-EFAD3DB916F5} - \{CDCDC702-4108-4D93-8894-FA4D3A4A5574} No Task File
·    Task: {818B0F5E-0A43-4115-8A6F-5CF5A11BF4F2} - \{316BAB44-006E-441F-B5DC-998F6D7D9ED9} No Task File
·    Task: {CA308D9F-F82C-4271-A858-FFE6C2CF4C8C} - \{6DE1F1BF-E812-4BD5-8811-5F6AFBF44CDE} No Task File
·    Task: {DE61B5E6-2433-4FC6-94D9-9B73CD7DDAB3} - \{22116563-108C-42c0-A7CE-60161B75E508} No Task File
·    Task: {FECBB1DC-0EF6-4B92-A7AA-FFEE6FDFD674} - \{BF16ABF4-CA9F-4AAA-93E7-2473486B65AA} No Task File
·    AlternateDataStreams:
·    C:\ProgramData\TEMP:A303874F
·    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISsoft
·    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Imsoft
·    C:\Users\Dean\AppData\Local\Ewtion
·    C:\Users\Dean\AppData\Local\Imsoft

*****************

·    CloseProcesses: => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\·     => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\·     => Value not found.
HKU\·    S-1-5-21-1511175656-3640820181-875446686-1001\Software\Microsoft\Windows\CurrentVersion\Run\\·    AdobeBridge => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\·    0PerformanceMonitor => Key not found.
HKCR\CLSID\·    {3B5B973C-92A4-4855-9D3F-0F3D23332208} => Key not found.
HKU\·    S-1-5-21-1511175656-3640820181-875446686-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\·    Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name - => Value not found.
HKCR\CLSID\·    Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name - => Key not found.
·    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File => Error: No automatic fix found for this entry.
HKU\·    S-1-5-21-1511175656-3640820181-875446686-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
·    S1 cemgiigz; \??\C:\windows\system32\drivers\cemgiigz.sys [X] => Error: No automatic fix found for this entry.
·    S1 gqrgjwiw; \??\C:\windows\system32\drivers\gqrgjwiw.sys [X] => Error: No automatic fix found for this entry.
·    S1 mdwntgyf; \??\C:\windows\system32\drivers\mdwntgyf.sys [X] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\·    {30631CF5-96BB-456B-A4A7-D2827E190BE4} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree·    \{CEEEA21E-BCA8-4C3E-BE89-0113C971791B} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\·    {5F6E89BC-C9AE-402E-B635-EFAD3DB916F5} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree·    \{CDCDC702-4108-4D93-8894-FA4D3A4A5574} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\·    {818B0F5E-0A43-4115-8A6F-5CF5A11BF4F2} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree·    \{316BAB44-006E-441F-B5DC-998F6D7D9ED9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\·    {CA308D9F-F82C-4271-A858-FFE6C2CF4C8C} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree·    \{6DE1F1BF-E812-4BD5-8811-5F6AFBF44CDE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\·    {DE61B5E6-2433-4FC6-94D9-9B73CD7DDAB3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree·    \{22116563-108C-42c0-A7CE-60161B75E508} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\·    {FECBB1DC-0EF6-4B92-A7AA-FFEE6FDFD674} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree·    \{BF16ABF4-CA9F-4AAA-93E7-2473486B65AA} => Key not found.
·    AlternateDataStreams: => Error: No automatic fix found for this entry.
·    C:\ProgramData\TEMP:A303874F => Error: No automatic fix found for this entry.
·    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISsoft => Error: No automatic fix found for this entry.
·    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Imsoft => Error: No automatic fix found for this entry.
·    C:\Users\Dean\AppData\Local\Ewtion => Error: No automatic fix found for this entry.
·    C:\Users\Dean\AppData\Local\Imsoft => Error: No automatic fix found for this entry.

==== End of Fixlog 12:00:12 ====

 

ESET SCAN LOG:

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9206fac488e3a74dbad2628aed98010c
# engine=23933
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-20 02:14:18
# local_time=2015-05-20 04:14:18 (+0200, South Africa Standard Time)
# country="South Africa"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 628540 126312468 0 0
# scanned=392220
# found=7
# cleaned=0
# scan_time=14099
sh=B2B0C7CCE6833CE23F5049FB674EF3E173E83AAB ft=1 fh=9b193689eaf6a41a vn="a variant of Generik.NLGYDBH trojan" ac=I fn="C:\Users\Dean\AppData\Local\Ewtion\353rss7.dll"
sh=CDBD21971FD6D66FAA7C43C9F805CB60852A958D ft=1 fh=02106733eaf6a41a vn="a variant of Generik.NLGYDBH trojan" ac=I fn="C:\Users\Dean\AppData\Local\Imsoft\353rss7.dll"
sh=B876F5F15137EF8A1680C2AC04DC786D2A191DC9 ft=1 fh=850ac12ce80cbbb1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Dean\main\Pastel Backup\Mom Backup\Dean\software\ccsetup322.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Dean\main\Pastel Backup\Mom Backup\Dean\software\ccsetup400.exe"
sh=B876F5F15137EF8A1680C2AC04DC786D2A191DC9 ft=1 fh=850ac12ce80cbbb1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Dean\main\shirley backup\Dean\software\ccsetup322.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 20 May 2015 - 12:03 PM

I copied and pasted the text as per the email that was sent to me and NOT from the forum board.

 
Why?
Please follow my instructions!
 

Copy the entire content of the codebox below

 
Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\Run: [AdobeBridge] => [X]
    ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
    Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Task: {30631CF5-96BB-456B-A4A7-D2827E190BE4} - \{CEEEA21E-BCA8-4C3E-BE89-0113C971791B} No Task File 
    Task: {5F6E89BC-C9AE-402E-B635-EFAD3DB916F5} - \{CDCDC702-4108-4D93-8894-FA4D3A4A5574} No Task File 
    Task: {818B0F5E-0A43-4115-8A6F-5CF5A11BF4F2} - \{316BAB44-006E-441F-B5DC-998F6D7D9ED9} No Task File 
    Task: {CA308D9F-F82C-4271-A858-FFE6C2CF4C8C} - \{6DE1F1BF-E812-4BD5-8811-5F6AFBF44CDE} No Task File 
    Task: {DE61B5E6-2433-4FC6-94D9-9B73CD7DDAB3} - \{22116563-108C-42c0-A7CE-60161B75E508} No Task File 
    Task: {FECBB1DC-0EF6-4B92-A7AA-FFEE6FDFD674} - \{BF16ABF4-CA9F-4AAA-93E7-2473486B65AA} No Task File 
    AlternateDataStreams: C:\ProgramData\TEMP:A303874F
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISsoft
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Imsoft
    C:\Users\Dean\AppData\Local\Ewtion
    C:\Users\Dean\AppData\Local\Imsoft
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

After the Reboot:

 

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Texlab

Texlab
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 May 2015 - 12:34 PM

Hi

Sorry about that. I just assumed that the email would be the same.

Here are the new scans!

Thanks again

 

FIXLOG.TXT

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015
Ran by Dean at 2015-05-20 19:18:22 Run:2
Running from C:\Users\Dean\Desktop
Loaded Profiles: Dean (Available profiles: Dean & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1511175656-3640820181-875446686-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Task: {30631CF5-96BB-456B-A4A7-D2827E190BE4} - \{CEEEA21E-BCA8-4C3E-BE89-0113C971791B} No Task File
Task: {5F6E89BC-C9AE-402E-B635-EFAD3DB916F5} - \{CDCDC702-4108-4D93-8894-FA4D3A4A5574} No Task File
Task: {818B0F5E-0A43-4115-8A6F-5CF5A11BF4F2} - \{316BAB44-006E-441F-B5DC-998F6D7D9ED9} No Task File
Task: {CA308D9F-F82C-4271-A858-FFE6C2CF4C8C} - \{6DE1F1BF-E812-4BD5-8811-5F6AFBF44CDE} No Task File
Task: {DE61B5E6-2433-4FC6-94D9-9B73CD7DDAB3} - \{22116563-108C-42c0-A7CE-60161B75E508} No Task File
Task: {FECBB1DC-0EF6-4B92-A7AA-FFEE6FDFD674} - \{BF16ABF4-CA9F-4AAA-93E7-2473486B65AA} No Task File
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISsoft
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Imsoft
C:\Users\Dean\AppData\Local\Ewtion
C:\Users\Dean\AppData\Local\Imsoft
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => Key deleted successfully.
HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => Key not found.
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30631CF5-96BB-456B-A4A7-D2827E190BE4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30631CF5-96BB-456B-A4A7-D2827E190BE4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CEEEA21E-BCA8-4C3E-BE89-0113C971791B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F6E89BC-C9AE-402E-B635-EFAD3DB916F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F6E89BC-C9AE-402E-B635-EFAD3DB916F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CDCDC702-4108-4D93-8894-FA4D3A4A5574}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{818B0F5E-0A43-4115-8A6F-5CF5A11BF4F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{818B0F5E-0A43-4115-8A6F-5CF5A11BF4F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{316BAB44-006E-441F-B5DC-998F6D7D9ED9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA308D9F-F82C-4271-A858-FFE6C2CF4C8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA308D9F-F82C-4271-A858-FFE6C2CF4C8C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6DE1F1BF-E812-4BD5-8811-5F6AFBF44CDE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE61B5E6-2433-4FC6-94D9-9B73CD7DDAB3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE61B5E6-2433-4FC6-94D9-9B73CD7DDAB3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{22116563-108C-42c0-A7CE-60161B75E508}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FECBB1DC-0EF6-4B92-A7AA-FFEE6FDFD674}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FECBB1DC-0EF6-4B92-A7AA-FFEE6FDFD674}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BF16ABF4-CA9F-4AAA-93E7-2473486B65AA}" => Key deleted successfully.
C:\ProgramData\TEMP => ":A303874F" ADS removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISsoft => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Imsoft => Key Deleted successfully.
C:\Users\Dean\AppData\Local\Ewtion => Moved successfully.
C:\Users\Dean\AppData\Local\Imsoft => Moved successfully.
EmptyTemp: => Removed 485.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:20:13 ====

 

 

And the addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by Dean at 2015-05-20 19:30:48
Running from C:\Users\Dean\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1511175656-3640820181-875446686-500 - Administrator - Disabled) => C:\Users\Administrator
Dean (S-1-5-21-1511175656-3640820181-875446686-1001 - Administrator - Enabled) => C:\Users\Dean
Guest (S-1-5-21-1511175656-3640820181-875446686-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.8 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.46.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.55 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.27.0 - Brother Industries, Ltd.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cell C (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Cell C (HKLM-x32\...\Cell C) (Version: 16.001.06.06.368 - Huawei Technologies Co.,Ltd)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connector (HKLM-x32\...\{A899DA1F-D626-401C-8651-F2921E3B4CB3}) (Version: 1.0.0 - Cell C)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Descreen 5.1 plug-in for Adobe Photoshop (32 bit) (HKLM-x32\...\{7C6F4422-9D67-43DA-ACBB-390A04876F82}) (Version: 5.1.32 - Sattva)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
e@syFile-employer (HKLM-x32\...\easyFileEmployer.0612E4541602589CA8807A3EA214FDF182FEF49D.1) (Version: 6.6.2 - UNKNOWN)
e@syFile-employer (x32 Version: 6.6.2 - UNKNOWN) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.7.2947 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
FX Fax Printer (HKLM-x32\...\FX Fax Printer) (Version: 1.0.1387 - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{50928788-ED14-4B45-97FF-EC3C4EC7BBC1}) (Version: 4.1.7.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{76997589-A71A-4651-9956-F2F79972A54D}) (Version: 4.0.20.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.5.3 - Ericsson AB)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{50764328-9744-49B2-A08B-C5109F45E2DE}) (Version: 3.3.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
Huawei modem (HKLM-x32\...\Huawei Modems) (Version:  - )
IDREngine (HKLM-x32\...\{73AF6411-151A-4989-BC9B-F827243C9126}) (Version: 1.4 - Panasonic System Networks Co., Ltd.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java™ 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
KV-S2048C S2046C S2028C S2026C TWAIN Driver (HKLM-x32\...\{57562EDD-4BBA-48DF-9A0A-CDCC34FD7D61}) (Version: 9.1 - Panasonic System Networks Co., Ltd.)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 38.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-GB)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
Nike+ Connect (HKLM-x32\...\Nike+ Connect) (Version: 6.6.32 - Nike)
NTI Backup Now 5 (x32 Version: 5.5.0.116 - NewTech Infosystems, Inc.) Hidden
NTI Backup Now 5.5 (HKLM-x32\...\InstallShield_{B5577A8D-500A-4972-ADC4-E813C94FC510}) (Version: 5.5.0.116 - NewTech Infosystems, Inc.)
NTI Open File Manager (HKLM-x32\...\NTI Open File Manager) (Version:  - NewTech Infosystems, Inc.)
Nuance OmniPage 18 (HKLM-x32\...\{512CF969-1C40-4F8D-8DA4-68CB6E293E5F}) (Version: 18.0.0000 - Nuance Communications, Inc.)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Panasonic High Speed Scanner Device Driver 5.5 (HKLM-x32\...\{A30A17F8-9A2F-4533-AC58-AFB761E16684}) (Version: 5.5 - Panasonic System Networks Co., Ltd.)
Panasonic Scanner User Utility (HKLM-x32\...\{BE4CE0B1-E4B5-45F9-B839-1375A1362020}) (Version: 6.5 - Panasonic System Networks Co., Ltd.)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Quite Imposing Plus (English) (HKLM-x32\...\qiplus32_uninstall.exe) (Version:  - Quite Software Ltd.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
RTIV (HKLM-x32\...\{E3EA1F53-C621-451E-A10D-75FE58F6AD50}) (Version: 5.7 - Panasonic System Networks Co., Ltd.)
Scribus 1.3.3.14 (HKLM-x32\...\Scribus 1.3.3.14) (Version: 1.3.3.14 - The Scribus Team)
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SOTI Pocket Controller for Android (HKLM-x32\...\{27C323C9-C757-44E2-AF70-245586D0F462}) (Version:  - )
SOTI Pocket Controller-Pro For BlackBerry (HKLM-x32\...\{8944B5A2-A948-4BA2-9A14-B094EB23D779}) (Version:  - )
Striata Reader (HKLM-x32\...\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}) (Version: 2.9-1 - Striata Communication Solutions)
SureThing CD Labeler Deluxe (HKLM-x32\...\{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1) (Version: 5.2.647.0 - MicroVision Development, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.33 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.33 - Hewlett-Packard Company) Hidden
Total Immersion D'Fusion @Home Web Plug-In (HKLM-x32\...\D'Fusion @Home Web Plug-In) (Version:  - Total Immersion)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{61D3AB5C-02B5-47FC-906A-C49A0954C7C6}) (Version: 4.3.126.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VueScan (HKLM\...\VueScan) (Version:  - )
VueScan (HKLM-x32\...\VueScan) (Version:  - )
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}) (Version: 14.0.8652 - WinZip Computing, S.L. )
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1511175656-3640820181-875446686-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-05-2015 13:21:46 Windows Update
20-05-2015 10:50:27 AA11
20-05-2015 11:00:22 Windows Update
20-05-2015 17:23:22 Removed Corel Graphics - Windows Shell Extension.
20-05-2015 17:23:55 Removed Corel Graphics - Windows Shell Extension 64 Bit.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {106B797B-B6A3-4870-AE2E-7810D7C98065} - System32\Tasks\HPCeeScheduleForDEAN_13$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {204EFC7C-5235-4441-96B6-6A0B48F446BB} - System32\Tasks\HPCeeScheduleForDean => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {386CC096-4F73-45D0-A46B-65FB7382C284} - System32\Tasks\GoogleUpdateTaskMachineUA1d0915be01ee814 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {587A28AC-24C8-4284-A514-C6778DEAD83D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {59FE9A37-B7D7-4963-9D04-667643771A5A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {74C6ADBC-6EFD-4B20-884D-1B7CE480F61C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {852DBB2A-AA1C-4BB4-95BA-DF0F042BB10E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {98FA36F9-AE33-413F-A198-EF4481ECCE1A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {9F11F52F-803C-4639-A175-4303CEF8FE04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {AB44E6FA-DB61-4E17-853C-7C3EACCA3550} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {C47D7173-B5E8-4B64-B18B-60CB767FE0EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {C9C9F5D0-FBD4-48C8-BD10-EB36EF22C613} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {C9F83128-A661-4776-9CEB-E901382ABA1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {D4FF8653-6861-46D8-89C5-880415BA8AD8} - System32\Tasks\GoogleUpdateTaskMachineCore1d0915bdec821ec => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {E1EFB5B6-9A0B-4C77-8B6C-5C9DAC12C8FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {EC61FE9F-22F1-409E-8694-56D545576A05} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {FBE50C9E-EAB6-47DB-A99C-2C854768F6C0} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0915bdec821ec.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0915be01ee814.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForDean.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForDEAN_13$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-28 12:03 - 2009-11-05 08:40 - 00085504 _____ () C:\windows\System32\cpwmon64.dll
2011-01-31 21:54 - 2011-01-31 21:54 - 00107008 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-02-09 21:04 - 2011-02-09 21:04 - 02905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2011-02-09 20:27 - 2011-02-09 20:27 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2011-02-09 20:58 - 2011-02-09 20:58 - 01929728 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcNp64.DLL
2011-09-07 21:28 - 2011-04-08 12:41 - 02036112 _____ () C:\Program Files (x86)\Cell C\Connector\BecHelperService.exe
2011-09-07 21:28 - 2011-04-08 12:37 - 00294400 _____ () C:\Program Files (x86)\Cell C\Connector\LoggerServer.exe
2011-02-09 20:28 - 2011-02-09 20:28 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2011-02-09 20:51 - 2011-02-09 20:51 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2011-01-27 04:11 - 2011-01-27 04:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-27 04:14 - 2011-01-27 04:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2011-04-08 09:57 - 2011-04-08 09:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2011-03-03 01:06 - 2011-01-27 03:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2010-04-01 15:36 - 2010-04-01 15:36 - 01066240 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2010-04-01 15:36 - 2010-04-01 15:36 - 00103680 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2010-04-01 15:36 - 2010-04-01 15:36 - 00066816 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2011-02-09 20:48 - 2011-02-09 20:48 - 02637824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-02-09 20:27 - 2011-02-09 20:27 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-02-09 20:51 - 2011-02-09 20:51 - 02650112 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-02-09 20:29 - 2011-02-09 20:29 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-02-09 20:30 - 2011-02-09 20:30 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2011-04-09 13:28 - 2010-02-17 11:20 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2011-04-08 09:57 - 2011-04-08 09:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-10-16 10:58 - 2014-10-16 10:58 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2011-04-09 13:22 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1511175656-3640820181-875446686-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 41.50.20.61 - 41.50.20.29

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk => C:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScannerIndicator.lnk => C:\windows\pss\ScannerIndicator.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Nike+ Connect => "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
MSCONFIG\startupreg: Nuance OmniPage 18-reminder => "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"
MSCONFIG\startupreg: OmniPage Preload => C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload
MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{82272C6A-B186-4631-83F2-BDFFC17E3D98}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DF4E85C7-E2F5-4289-917B-D0C562151C3B}] => (Allow) LPort=2869
FirewallRules: [{4371DFE8-8B41-4F60-B85C-E827065C609B}] => (Allow) LPort=1900
FirewallRules: [{C42078EA-D211-4BA9-AE30-CA76EDDAB256}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6683BC62-3EF2-4FFA-A45E-89BBB9B83891}C:\program files (x86)\adobe\acrobat 8.0\acrobat\acrobat.exe] => (Allow) C:\program files (x86)\adobe\acrobat 8.0\acrobat\acrobat.exe
FirewallRules: [UDP Query User{57400333-3B85-4FEE-945A-5A7A778D8207}C:\program files (x86)\adobe\acrobat 8.0\acrobat\acrobat.exe] => (Allow) C:\program files (x86)\adobe\acrobat 8.0\acrobat\acrobat.exe
FirewallRules: [{19F8A34B-E783-4384-BF02-199B5A8B3A1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0FDCC367-D53B-4BB0-8D2C-25406621DE7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57C1088C-FE84-45EC-97CE-2CD404D91AB3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19110C78-76D4-4CC7-B220-2717B9E66657}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1EAD5B7D-9194-4F65-9552-CA71E1A61B12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{623B8B9F-3444-4BE9-ABAB-517939245500}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FF30A546-522F-47C0-BD9D-6AABBA36D411}] => (Allow) C:\Users\Dean\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{947DD6E5-AB3C-4C53-8F57-DB74485FF3E2}] => (Allow) C:\Users\Dean\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DEE4C41A-4D0C-4709-8357-C9FADD66094C}] => (Allow) LPort=24654
FirewallRules: [{6FA45996-22F1-4FE7-8897-358FB7186EE7}] => (Allow) LPort=24654
FirewallRules: [{2B04165C-142D-45D0-B40C-34AD4056BF87}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9BC2967B-1FCD-4862-A993-8273EEE5FFDA}] => (Allow) LPort=5353
FirewallRules: [{3DAAE922-D3E8-4EA4-8A3F-8EBEB12232C5}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe
FirewallRules: [{65656E1C-913E-4B2E-9552-15D045F298A7}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe
FirewallRules: [{9D8D3E7B-739C-405D-89F7-FB7431ADED80}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\PPMV.exe
FirewallRules: [{D00103FD-8610-49D4-AE76-BC6AE40BCC6D}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\PPMV.exe
FirewallRules: [{C7A86761-A829-4361-9738-9E60E6A4E2F9}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [{E043C567-CBF8-46BC-B57F-718109D09E88}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [TCP Query User{8095DB14-CC77-4171-B495-71B16D7A01EA}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{4C3F9E43-7410-4383-BE88-9C2F095DBB59}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [{E0A662D7-BB6F-48AD-B6C7-DB1AFC668234}] => (Allow) LPort=9322
FirewallRules: [{C94B8372-0D3F-4C12-8342-EEA9A468AA64}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{7008412E-C365-426F-8FDA-2AF35FC2A98A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{71D8E0C8-5893-4886-A101-6A0629007310}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{B91729BD-4E6D-4D92-BD48-D9A256A90B1F}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{99334CAD-A4A9-435B-8D92-3CB8D4C58518}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{F8226AD3-83C5-4BEC-BB9D-5B130FEDEB56}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{E7640B3C-E169-46C7-A196-FF81952C8E72}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{5FCF0797-10BD-46BC-B664-F2AA16966334}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{21AF74BE-DE50-4AA9-8857-67F78A19E23B}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{FFF7C60B-DB86-448E-B1E3-2827B6006DFA}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [TCP Query User{04D49896-A599-4D38-A96B-ED8C63B7C7A1}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{EE7DED7C-6589-4911-B43A-B5E2ACC6EC12}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [{939BF07A-416B-4915-AF0C-CBB614F45726}] => (Allow) LPort=5353
FirewallRules: [TCP Query User{675977C2-97A2-4C38-A826-E87359A45672}C:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{38B30263-BC58-43A6-8D40-C537A07AB613}C:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dean\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{A602CEF8-3C1A-4AB9-8E33-12390D0FB8D8}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{DF944256-B17D-4E77-A14C-AA7AE22FB3F1}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{4C62F170-CEE0-4CEC-B46D-7FEE7BEDBC7F}] => (Allow) C:\Users\Dean\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{525F3A30-58DF-41FB-A021-B7F9E3854EC5}] => (Allow) C:\Users\Dean\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5D4FC816-98E9-4CD3-B3B3-DDA060DC8661}] => (Allow) LPort=4481
FirewallRules: [{C9F40079-66A5-4761-8AFD-D2DA815F5DFF}] => (Allow) LPort=4481
FirewallRules: [{81A48669-8113-44C8-92CC-88DB4A61AD43}] => (Allow) LPort=4482
FirewallRules: [{46A00FC7-2C68-42B8-BB35-9D557470C19A}] => (Allow) LPort=4482
FirewallRules: [{35F31962-DEF5-4D9C-888A-1D2145B30550}] => (Allow) LPort=9322
FirewallRules: [{F9585536-C114-41EB-94B2-7DB468DA5561}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{F2E10938-5FF3-42BB-BA4D-D26370E26D9F}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{B9999964-F31F-4298-9F51-394652687A76}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{899EA7CA-CA9E-4CA9-8A57-A48E393384E5}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{8AA8AFAE-AF09-4FC7-AE81-EA99B54F67CA}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{6EB4724D-A53C-4668-BFF0-601F3CF7ACF3}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{945D6916-5427-4CFD-A27D-19A52C2BF730}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{C1AB11DF-7899-4F97-A1C6-5B3032EB0898}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{18E9E0A5-353A-410E-AD12-929115905B03}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{68562642-21A9-4F83-8BF0-9304FFC495D5}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [0001a4e4-45e1-951d-eac3-02dfffb7380a] => (Block) C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe
FirewallRules: [fedca4e4-45e1-951d-eac3-02dfffb7380a] => (Block) C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe
FirewallRules: [{98649C27-2641-42A3-9F88-CD94FC101C16}] => (Block) C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe
FirewallRules: [{EE9EEBEF-A82E-4F70-AC85-DC6FD17BBABC}] => (Block) C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe
FirewallRules: [{5F0DFEFC-AC8B-4F4C-BA37-0BD06344283D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF4121C2-22EC-4C5C-8ACC-2EAD528D1AFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{546B120E-42F1-46CC-9B21-FDD3AB468477}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC 2014 (32 Bit)\Photoshop.exe
FirewallRules: [{599369B3-9D5C-417E-B5B0-6A1A118B798A}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{724B66AE-246F-44AE-BF5E-C2D4BB9A75C4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4F89A0B7-4D78-4397-8E36-430CD28AC192}] => (Block) %ProgramFiles%\Adobe\Adobe InDesign CC 2014\InDesign.exe
FirewallRules: [{4BF6D60D-74A6-41DC-8F36-DE3635CA0CDA}] => (Block) %ProgramFiles%\Adobe\Adobe InDesign CC 2014\InDesign.exe
FirewallRules: [{3F03B60C-E83E-4231-90B2-8AACDB51374A}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{93DF9ED9-B9F9-46A1-8630-52C63B3E856B}] => (Allow) C:\windows\explorer.exe
FirewallRules: [{BBD8AA7B-BD86-4969-8BEC-B83248FA0CB6}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{B6D4004F-6CB5-4140-9356-2CCFB0A28E6F}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\ShadowSvc.exe
FirewallRules: [{9E33BEB6-6DAB-4923-882B-0D051D5ABBF9}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\ShadowSvc.exe
FirewallRules: [{AE273F1A-E417-422C-A6FF-476028E1908D}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{9248C6AF-1F82-4760-BAB7-07D55A34E83D}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{C72671DD-D1B7-4E57-85EF-9790DA6E617E}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{D6D65D5B-E8DD-464B-B2C5-F04BFF33933E}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{8DE33C7E-E485-4800-AB4D-B51E9720108E}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{2790AC97-41DF-47C4-AD9D-177BFAE51AF9}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Atheros AR3011 Bluetooth 3.0 + HS Adapter
Description: Atheros AR3011 Bluetooth 3.0 + HS Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 04:19:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/20/2015 00:00:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/20/2015 00:00:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/20/2015 00:00:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/20/2015 11:41:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/20/2015 11:41:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/20/2015 11:04:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 5.0.0.10.in-addr.arpa. PTR Dean-13.local.

Error: (05/20/2015 11:04:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.5:5353   15 5.0.0.10.in-addr.arpa. PTR Dean-63.local.

Error: (05/19/2015 11:20:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 5.0.0.10.in-addr.arpa. PTR Dean-13.local.

Error: (05/19/2015 11:20:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.5:5353   15 5.0.0.10.in-addr.arpa. PTR Dean-88.local.


System errors:
=============
Error: (05/20/2015 07:24:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (05/20/2015 07:24:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (05/20/2015 07:24:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/20/2015 07:23:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Network Inspection service failed to start due to the following error:
%%1053

Error: (05/20/2015 07:23:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.

Error: (05/20/2015 07:23:55 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x8007041d

    Error description: The service did not respond to the start or control request in a timely fashion.

    Reason: %%892

Error: (05/20/2015 07:23:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (05/20/2015 07:21:37 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (05/20/2015 07:21:37 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (05/20/2015 07:21:37 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942523.


Microsoft Office Sessions:
=========================
Error: (05/04/2015 02:14:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5106 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (10/07/2014 10:32:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 402 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (10/07/2014 10:22:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2678 seconds with 1320 seconds of active time.  This session ended with a crash.

Error: (07/07/2014 09:11:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 384 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 03:23:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 176 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 03:18:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 926 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 02:59:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10440 seconds with 6180 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 00:03:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4568 seconds with 2220 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 10:45:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 365 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (06/02/2014 10:31:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 343 seconds with 180 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 40%
Total physical RAM: 8126.37 MB
Available physical RAM: 4869.24 MB
Total Pagefile: 16250.94 MB
Available Pagefile: 12472.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:444.18 GB) (Free:232.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.29 GB) (Free:2.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:4.97 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6B25F98A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End Of Log ============================



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 20 May 2015 - 01:00 PM

FRST.txt is missing.

Edited by deeprybka, 20 May 2015 - 01:01 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Texlab

Texlab
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 May 2015 - 01:28 PM

Sorry mate!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Dean (administrator) on DEAN_13 on 20-05-2015 19:28:03
Running from C:\Users\Dean\Desktop
Loaded Profiles: Dean (Available profiles: Dean & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Cell C\Connector\BecHelperService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files (x86)\Cell C\Connector\LoggerServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
( Inlite Research, Inc.) C:\Program Files (x86)\ClearImage\COM\InliteLMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-07-19] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [323128 2011-07-06] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {23b6724a-9c9e-11e0-a90f-68a3c4393baa} - D:\AutoRun.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {2802d744-f4a9-11e0-a608-028037ec0200} - D:\AutoRun.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {445ea3e5-bf1c-11e4-9029-68a3c4393baa} - I:\startme.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {5422d11e-ae1c-11e0-8c3b-028037ec0200} - D:\AutoRun.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {641e7f86-f4f5-11e0-985a-001e101f2b52} - D:\AutoRun.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\...\MountPoints2: {aab71231-d96a-11e0-8f60-028037ec0200} - D:\AutoRun.exe
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\logon.scr
HKU\S-1-5-18\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dean\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-za/?ocid=iehp
HKU\S-1-5-21-1511175656-3640820181-875446686-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-12] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-12] (Oracle Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-07] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{D7997E2D-410E-4DCE-83C8-7AB08230E616}: [NameServer] 41.50.20.61 41.50.20.29

FireFox:
========
FF ProfilePath: C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\ir72337j.default-1417003269863
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-12] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll [2011-11-22] (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: PDFShellInfo Class - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\ir72337j.default-1417003269863\Extensions\{98B92EBE-2656-B6BE-80B1-6A3A1573A548} [2015-05-10]
FF Extension: NoScript - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\ir72337j.default-1417003269863\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-04-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-04-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-04-08]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-03-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]
R2 BecHelperService; C:\Program Files (x86)\Cell C\Connector\BecHelperService.exe [2036112 2011-04-08] ()
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [24832 2010-04-01] (NewTech Infosystems, Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company)
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [1698360 2011-07-06] (Hewlett-Packard Company)
R2 InliteLM; C:\Program Files (x86)\ClearImage\COM\InliteLMService.exe [709672 2011-11-05] ( Inlite Research, Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-03-03] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-04-08] (Huawei Technologies Co., Ltd.)
R1 FAMv4; C:\Windows\System32\DRIVERS\FAMv4.sys [155160 2009-10-27] (VisionWorks Solutions, Inc)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2010-09-09] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2010-09-09] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2010-09-09] (HSPADataCard Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-22] (Ericsson AB)
S1 cemgiigz; \??\C:\windows\system32\drivers\cemgiigz.sys [X]
S1 gqrgjwiw; \??\C:\windows\system32\drivers\gqrgjwiw.sys [X]
S1 mdwntgyf; \??\C:\windows\system32\drivers\mdwntgyf.sys [X]
S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 19:20 - 2015-05-20 19:20 - 00000398 _____ () C:\windows\PFRO.log
2015-05-20 19:06 - 2015-05-20 19:06 - 00000000 ____D () C:\ProgramData\Protexis64
2015-05-20 19:03 - 2015-05-20 19:03 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2015-05-20 19:03 - 2015-05-20 19:03 - 00000000 ____D () C:\Program Files\Common Files\Corel
2015-05-20 19:00 - 2015-05-20 19:00 - 00000000 ____D () C:\Users\Public\Documents\Corel
2015-05-20 18:59 - 2015-05-20 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)
2015-05-20 18:59 - 2015-05-20 18:59 - 00000000 ____D () C:\Program Files\Corel
2015-05-20 16:18 - 2015-05-20 16:18 - 00000784 _____ () C:\Users\Dean\Desktop\estonline.txt
2015-05-20 13:14 - 2015-05-20 18:56 - 602939856 _____ (Acresso Software Inc. ) C:\Users\Dean\Downloads\CorelDRAWGraphicsSuiteX6Installer_EN64Bit.exe
2015-05-20 12:00 - 2015-05-20 12:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-20 11:58 - 2015-05-20 12:07 - 00001058 _____ () C:\Users\Dean\Desktop\mab 20may.txt
2015-05-20 11:38 - 2015-05-20 11:39 - 02347384 _____ (ESET) C:\Users\Dean\Desktop\esetsmartinstaller_enu.exe
2015-05-20 07:48 - 2015-05-20 07:49 - 00067427 _____ () C:\Users\Dean\Desktop\Addition.txt
2015-05-20 07:46 - 2015-05-20 19:29 - 00026470 _____ () C:\Users\Dean\Desktop\FRST.txt
2015-05-20 07:46 - 2015-05-20 19:28 - 00000000 ____D () C:\FRST
2015-05-20 07:42 - 2015-05-20 07:44 - 02107904 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe
2015-05-20 07:38 - 2015-05-20 07:41 - 06448912 _____ (Tim Kosse) C:\Users\Dean\Downloads\FileZilla_3.11.0_win64-setup.exe
2015-05-20 07:33 - 2015-05-20 19:21 - 00000224 _____ () C:\windows\setupact.log
2015-05-20 07:33 - 2015-05-20 07:33 - 00000000 _____ () C:\windows\setuperr.log
2015-05-19 12:17 - 2015-05-19 12:17 - 00099462 _____ () C:\Users\Dean\Downloads\MyriadPro-Regular.otf
2015-05-19 10:53 - 2015-05-19 13:35 - 00002220 _____ () C:\Users\Dean\Desktop\mab 19may.txt
2015-05-19 10:46 - 2015-05-20 10:47 - 00010766 _____ () C:\Users\Dean\Desktop\Copy of MCOM 2015 June Graduation- Dissertation Titles- Dean Fourie.xlsx
2015-05-19 10:25 - 2015-05-19 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-19 10:24 - 2015-05-20 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-19 10:24 - 2015-05-19 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-05-19 10:20 - 2015-05-19 10:22 - 03020968 _____ (Malwarebytes ) C:\Users\Dean\Downloads\mbae-setup-1.06.1.1019.exe
2015-05-19 08:51 - 2015-05-19 11:16 - 00034304 _____ () C:\Users\Dean\Desktop\EMBA 2015 Dissertation Titles.xls
2015-05-18 13:14 - 2015-05-20 17:19 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA1d0915be01ee814.job
2015-05-18 13:14 - 2015-05-20 13:19 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0915bdec821ec.job
2015-05-18 13:14 - 2015-05-18 13:14 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0915be01ee814
2015-05-18 13:14 - 2015-05-18 13:14 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0915bdec821ec
2015-05-13 14:42 - 2015-05-13 14:42 - 00000000 _____ () C:\windows\SysWOW64\RENE502.tmp
2015-05-13 11:43 - 2015-05-13 11:43 - 00000000 ____D () C:\windows\SysWOW64\NewTech Infosystems
2015-05-13 11:32 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-13 11:32 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-13 11:32 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-13 11:32 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-13 11:32 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-13 11:32 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-13 11:32 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-13 11:32 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-13 11:32 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-13 11:32 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-13 11:32 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-13 11:32 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-13 11:32 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-13 11:32 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-05-13 11:32 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-13 11:32 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-05-13 11:32 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-05-13 11:32 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-05-13 11:32 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-05-13 11:32 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-13 11:32 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-13 11:32 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-13 11:32 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-13 11:32 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-13 11:32 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-13 11:32 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-05-13 11:32 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-13 11:32 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-13 11:32 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-13 11:32 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-13 11:32 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-13 11:32 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 11:32 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 11:31 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-13 11:31 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-13 11:31 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-13 11:31 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-13 09:18 - 2015-05-13 09:20 - 00000000 ____D () C:\aa92de78aecc85725f3cf4
2015-05-13 09:18 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:18 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:12 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 09:12 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-13 09:12 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 09:12 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-13 09:12 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-13 09:12 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-13 09:12 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 09:12 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 09:12 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-13 09:12 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 09:12 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-13 09:12 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-13 09:12 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-13 09:12 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-13 09:12 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 09:12 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-13 09:12 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-13 09:12 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-13 09:12 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 09:12 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-13 09:12 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-13 09:12 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-13 09:12 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-13 09:12 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 09:12 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-13 09:12 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-13 09:12 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-13 09:12 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-13 09:12 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-13 09:12 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 09:12 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-13 09:12 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 09:12 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-13 09:12 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-13 09:12 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-13 09:12 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-13 09:12 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-13 09:12 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-13 09:12 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-13 09:12 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 09:12 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-13 09:12 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-13 09:12 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-13 09:12 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 09:12 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 09:12 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 09:12 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-13 09:12 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-13 09:12 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-13 09:12 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-13 09:12 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 09:12 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-13 09:12 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-13 09:12 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-13 09:12 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-13 09:12 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 09:12 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-13 09:12 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-13 09:12 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-13 09:12 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-13 08:30 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 08:25 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-13 08:25 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-13 08:25 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-13 08:16 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 08:16 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 08:16 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-13 08:16 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-12 17:58 - 2015-05-12 17:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-12 17:46 - 2015-05-12 17:44 - 00110688 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-05-12 06:24 - 2015-05-12 06:24 - 04149784 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athrx.sys
2015-05-11 15:51 - 2015-05-11 15:51 - 00000000 ____D () C:\ProgramData\NewTech Infosystems
2015-05-11 15:51 - 2015-05-11 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now 5
2015-05-11 15:51 - 2015-05-11 15:51 - 00000000 ____D () C:\ProgramData\FAM
2015-05-11 15:50 - 2015-05-12 11:44 - 00001024 ___RH () C:\Users\Public\Documents\NTIOFM4.dll
2015-05-11 15:50 - 2015-05-12 11:38 - 00001024 ___RH () C:\Users\Public\Documents\NTIBUN5.dll
2015-05-10 23:05 - 2015-05-19 11:07 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Panda Security
2015-05-10 23:03 - 2015-05-19 11:18 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-05-10 22:26 - 2015-05-19 11:08 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-05 11:22 - 2015-05-05 11:25 - 00025600 _____ () C:\Users\Dean\Desktop\lets do it Under 300 April 2015 Punch only.xls
2015-05-05 08:22 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-05 08:22 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-05 08:17 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-05 08:17 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-05 08:15 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-05 08:15 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-05 08:15 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-05 08:15 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-05 08:15 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-05 08:15 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-05 08:15 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-05 08:06 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-05 08:06 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-05-05 08:06 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-05-05 08:06 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-05-05 08:06 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-05-05 08:06 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-20 08:30 - 2015-04-20 08:30 - 00000000 _____ () C:\Users\Dean\Sti_Trace.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 19:30 - 2011-03-03 00:28 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-05-20 19:29 - 2011-04-09 13:20 - 01525321 _____ () C:\windows\WindowsUpdate.log
2015-05-20 19:25 - 2015-04-16 09:28 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 19:23 - 2011-03-03 01:01 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-05-20 19:22 - 2012-04-25 10:53 - 00000000 ____D () C:\ProgramData\Kodak
2015-05-20 19:21 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-20 19:15 - 2013-03-11 16:47 - 00000000 ____D () C:\ProgramData\Corel
2015-05-20 19:05 - 2013-03-11 13:46 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X6
2015-05-20 19:05 - 2011-06-21 17:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-20 19:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-20 18:29 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 18:29 - 2009-07-14 06:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 18:17 - 2011-06-20 21:11 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Skype
2015-05-20 18:06 - 2013-07-17 15:30 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 16:30 - 2015-04-15 12:50 - 00026112 _____ () C:\Users\Dean\Desktop\lets do it Under 300 April 2015.xls
2015-05-20 13:41 - 2011-06-20 19:54 - 00000000 ____D () C:\Users\Dean
2015-05-20 11:38 - 2011-06-21 16:56 - 00000000 ____D () C:\Users\Dean\main
2015-05-20 11:00 - 2015-04-05 14:03 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-05-20 11:00 - 2015-04-05 14:03 - 00000000 ___SD () C:\windows\system32\GWX
2015-05-20 10:48 - 2011-07-05 18:07 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\BitTorrent
2015-05-20 10:07 - 2009-07-14 07:13 - 00796870 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-20 07:46 - 2011-06-22 15:09 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\FileZilla
2015-05-20 07:34 - 2009-07-14 06:45 - 05715640 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-19 13:43 - 2011-06-20 20:01 - 00176832 _____ () C:\Users\Dean\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 11:58 - 2011-06-25 13:43 - 00000000 ____D () C:\windows\Minidump
2015-05-19 11:58 - 2011-06-21 17:26 - 00000000 ____D () C:\Users\Dean\AppData\Local\CrashDumps
2015-05-19 11:29 - 2011-11-15 09:05 - 00000000 ___RD () C:\Users\Dean\Dropbox
2015-05-19 11:19 - 2014-03-18 08:30 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForDean.job
2015-05-19 11:18 - 2012-05-10 08:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-19 09:37 - 2015-04-08 09:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-19 09:20 - 2015-04-16 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-19 09:20 - 2015-04-16 09:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-19 08:38 - 2011-11-15 09:01 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Dropbox
2015-05-19 08:24 - 2011-07-28 12:07 - 00000000 ____D () C:\Users\Dean\AppData\Local\CutePDF Writer
2015-05-19 08:00 - 2014-03-18 08:30 - 00003180 _____ () C:\windows\System32\Tasks\HPCeeScheduleForDean
2015-05-19 07:49 - 2011-04-09 13:32 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-05-14 16:17 - 2011-06-21 03:54 - 00000000 ____D () C:\windows\rescache
2015-05-14 12:27 - 2011-12-14 21:04 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-14 09:12 - 2014-08-19 10:09 - 00000000 ____D () C:\Users\Dean\AppData\Local\Adobe
2015-05-14 09:12 - 2012-04-10 07:49 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-05-14 09:12 - 2011-06-29 13:26 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 14:44 - 2014-05-20 13:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-13 14:40 - 2011-06-22 10:28 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-13 09:45 - 2012-05-09 12:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 09:45 - 2012-05-09 12:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 09:43 - 2009-07-27 16:36 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 09:39 - 2011-06-20 20:52 - 00002155 _____ () C:\windows\epplauncher.mif
2015-05-13 09:39 - 2011-06-20 20:51 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 09:38 - 2012-04-25 08:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 09:38 - 2011-06-20 20:51 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 09:36 - 2013-07-11 09:11 - 00000000 ____D () C:\windows\system32\MRT
2015-05-13 09:27 - 2011-06-20 20:42 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-13 09:18 - 2012-05-09 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 17:58 - 2015-02-10 07:33 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-12 17:58 - 2011-06-21 17:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-12 17:43 - 2014-05-22 15:29 - 00000000 ____D () C:\Program Files\Java
2015-05-12 17:38 - 2011-06-29 13:23 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-12 12:04 - 2012-08-21 20:04 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\vlc
2015-05-11 15:51 - 2011-08-19 15:02 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2015-05-11 15:51 - 2011-03-03 00:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-11 15:49 - 2011-06-23 15:42 - 00000000 ____D () C:\Users\Dean\AppData\Local\Downloaded Installations
2015-05-11 14:51 - 2011-03-03 00:28 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-05-11 14:48 - 2011-03-03 00:35 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-05-11 14:45 - 2015-04-15 17:38 - 00000000 ____D () C:\windows\pss
2015-05-11 14:44 - 2013-09-13 13:26 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-05-11 14:40 - 2011-06-25 18:44 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-11 13:32 - 2013-02-07 23:07 - 00007650 _____ () C:\Users\Dean\AppData\Local\Resmon.ResmonCfg
2015-05-10 22:22 - 2011-06-23 17:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-10 17:03 - 2011-11-15 09:01 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-06 13:57 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2015-05-06 09:06 - 2011-06-20 20:03 - 00000000 ____D () C:\Users\Dean\Documents\Bluetooth Folder
2015-05-05 09:20 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-04 18:02 - 2015-01-20 18:17 - 00019030 _____ () C:\Users\Dean\Desktop\LDI Manual Source Prices 19Feb.xlsx
2015-05-04 10:43 - 2015-04-09 10:58 - 00022016 _____ () C:\Users\Dean\Desktop\Greece.xls
2015-05-03 13:28 - 2009-07-14 07:08 - 00032644 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-05-01 13:32 - 2011-06-20 20:11 - 00003216 _____ () C:\windows\System32\Tasks\HPCeeScheduleForDEAN_13$
2015-05-01 13:32 - 2011-06-20 20:11 - 00000340 _____ () C:\windows\Tasks\HPCeeScheduleForDEAN_13$.job
2015-04-30 09:16 - 2014-10-06 12:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-30 09:15 - 2011-06-20 21:11 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2013-01-19 09:44 - 2013-01-19 09:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2012-10-29 15:45 - 2012-10-29 15:47 - 0035641 _____ () C:\Users\Dean\AppData\Roaming\Photo.jpg
2011-10-11 13:11 - 2011-10-11 13:14 - 0098688 _____ () C:\Users\Dean\AppData\Roaming\QWInstall.log
2011-06-22 13:55 - 2015-01-19 16:29 - 0007084 _____ () C:\Users\Dean\AppData\Roaming\Rim.Desktop.Exception.log
2011-06-22 13:54 - 2015-04-13 14:40 - 0003932 _____ () C:\Users\Dean\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-08-19 12:22 - 2015-01-19 16:29 - 0000770 _____ () C:\Users\Dean\AppData\Roaming\Rim.DesktopHelper.Exception.log
2011-08-31 16:08 - 2013-03-01 11:18 - 0014336 _____ () C:\Users\Dean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-01 13:01 - 2013-06-10 09:21 - 0011702 _____ () C:\Users\Dean\AppData\Local\installer.log
2011-11-23 10:50 - 2013-08-01 14:10 - 0004096 ____H () C:\Users\Dean\AppData\Local\keyfile3.drm
2014-12-11 18:38 - 2015-04-08 13:36 - 28579392 _____ (Sony Mobile Communications                                  ) C:\Users\Dean\AppData\Local\pcc.exe
2014-08-11 14:35 - 2014-08-11 14:35 - 0000600 _____ () C:\Users\Dean\AppData\Local\PUTTY.RND
2013-02-07 23:07 - 2015-05-11 13:32 - 0007650 _____ () C:\Users\Dean\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 16:08

==================== End Of Log ============================



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 20 May 2015 - 01:40 PM

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:



Adobe Flash Player 12 ActiveX
Java 7 Update 55
Java 8 Update 25
Java™ 6 Update 45



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Texlab

Texlab
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 20 May 2015 - 02:08 PM

Thanks Mate.
all sorted it seems. Busy with the clean up.

Have made a small donation!  : :bananas:



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 20 May 2015 - 02:18 PM

Thank you very much. :)

Take care!
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:08 PM

Posted 21 May 2015 - 02:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users