Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Total Ad Performance removal?


  • This topic is locked This topic is locked
17 replies to this topic

#1 sparky2000

sparky2000

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 01 June 2015 - 05:30 AM

I am getting periodic pop up tabs of this Total Ad Performance like this on my chrome browser.

 

How the hell do I clean this?

 

I tried ADWcleaner, MBAM and others to no avail.

 

I tried resetting Chrome and clearing cache, etc but no luck

 

Can someone please help?


Edited by sparky2000, 01 June 2015 - 07:01 AM.


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:44 PM

Posted 02 June 2015 - 04:40 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.


Edited by jntkwx, 02 June 2015 - 04:40 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 02 June 2015 - 05:02 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Mark Packard Bell (administrator) on MARKPACKARDBELL on 02-06-2015 23:53:13
Running from C:\Users\Mark Packard Bell\Downloads
Loaded Profiles: Mark Packard Bell (Available Profiles: Mark Packard Bell)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Microsoft) C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DNSService.exe
(CSIS Security Group) C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
(Puran Software) C:\Windows\System32\PuranDefragS.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptcore.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Puran Software) C:\Program Files\Puran Defrag\PuranADT.exe
(Akamai Technologies, Inc.) C:\Users\Mark Packard Bell\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Mark Packard Bell\AppData\Local\Akamai\netsession_win.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CSIS Security Group) C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dropbox, Inc.) C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-12] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PuranADT] => C:\Program Files\Puran Defrag\PuranADT.exe [443776 2013-08-15] (Puran Software)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mark Packard Bell\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk [2015-05-28]
ShortcutTarget: Heimdal.lnk -> C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe (CSIS Security Group)
Startup: C:\Users\Mark Packard Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: bootdeleteautocheck PuranDefragBT -AD
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {C8C1066B-FE9E-4B1B-9951-1BBC5EE03E38} https://www2.web-direct.dk/wdx.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.10.10.4 212.10.24.252 212.10.10.5
 
FireFox:
========
FF ProfilePath: C:\Users\Mark Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\umqorouy.default-1433188102237
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @fronter.com/FronterOES -> C:\Program Files (x86)\Fronter\Fronter OES\npfronter_oes2.dll [2012-12-18] (Fronter AS)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-07-05] (Verimatrix, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: visualon.com/voBrowserPlugin -> C:\ProgramData\VisualOn\BrowserPlugin\npStofaWebtvPlayer.dll [2014-12-08] ()
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @torrentstream.net/tsplugin,version=2.0.8.1.2 -> C:\Users\Mark Packard Bell\AppData\Roaming\TorrentStream\player\npts_plugin.dll [2014-04-25] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mark Packard Bell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-04-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-07-05] (Verimatrix, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-14] (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-05-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-18]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-06-02]
 
Chrome: 
=======
CHR Profile: C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-04-09]
CHR Extension: (RescueTime for Chrome™ & ChromeOS™) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdakmnplckeopfghnlpocafcepegjeap [2015-04-10]
CHR Extension: (WOT) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-12]
CHR Extension: (Poper Blocker) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-04-09]
CHR Extension: (Adblock Plus) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-09]
CHR Extension: (Adblock for Youtube™) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-04-09]
CHR Extension: (Scoopinion) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojhbmpnoehchagcbojelmclgjgopilf [2015-04-09]
CHR Extension: (Gmelius for Gmail) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2015-04-09]
CHR Extension: (Chromebleed) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-04-09]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2015-04-12]
CHR Extension: (TV - Voozy.tv) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\flnepcgaapadgbmfkmacafjiejjhbipm [2015-04-09]
CHR Extension: (HTTPS Everywhere) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-04-09]
CHR Extension: (Hide My AdBlocker) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2015-04-24]
CHR Extension: (AdBlock) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkoaiekboalajhlkmecgibenobdeencn [2015-05-27]
CHR Extension: (Hola Better Internet) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-05-28]
CHR Extension: (Bookmark Manager) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Weather) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbiedpeaicgipncdnnkikeehnjiddck [2015-05-26]
CHR Extension: (Norton Identity Safe) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-16]
CHR Extension: (Adblock Super) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-04-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (FlashControl) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-05-27]
CHR Extension: (Right Inbox for Gmail) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2015-04-09]
CHR Extension: (Norton Security Toolbar) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-05-28]
CHR Extension: (Ghostery) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-09]
CHR Extension: (Google Wallet) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Kaspersky Security Scan) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeppdapcjiogpjjnceheinbfmkkpkfni [2015-04-09]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-04-09]
CHR Extension: (Publish5 - DIY Mobile App Creator) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljongdhniobjippcfefmkjnjkcbflfl [2015-04-09]
CHR Extension: (iReader) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc [2015-04-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
CHR HKU\S-1-5-21-539220840-4066696231-1515832666-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - C:\Users\Mark Packard Bell\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - No Path Or update_url value
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-02] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-24] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-03-17] () [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-12] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 HeimdalSecureDNS; C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DnsService.exe [93808 2015-05-06] (Microsoft)
R2 HeimdalService; C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe [133736 2015-05-06] (CSIS Security Group)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
R2 ptservice; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816 2015-03-20] (OpenVPN Technologies, Inc)
R2 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150521.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-05] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 F825DD4D; C:\Windows\System32\drivers\F825DD4D.sys [457824 2015-04-24] (Kaspersky Lab ZAO)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-04-15] ()
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150601.003\IDSvia64.sys [684248 2015-05-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150601.024\ENG64.SYS [129752 2015-05-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150601.024\EX64.SYS [2137304 2015-05-25] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ser2at; C:\Windows\System32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-26] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-10] (BitDefender S.R.L.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EUBAKUP0; \??\C:\Windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\Windows\system32\drivers\EUBKMON0.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-02 23:53 - 2015-06-02 23:54 - 00037388 _____ () C:\Users\Mark Packard Bell\Downloads\FRST.txt
2015-06-02 23:52 - 2015-06-02 23:53 - 00000000 ____D () C:\FRST
2015-06-02 23:50 - 2015-06-02 23:50 - 02108928 _____ (Farbar) C:\Users\Mark Packard Bell\Downloads\FRST64.exe
2015-06-02 21:57 - 2015-06-02 21:57 - 00026418 _____ () C:\Users\Mark Packard Bell\Downloads\[kat.cr]pes15.pte.patch.7.0.released.31.05.2015 (1).torrent
2015-06-02 21:47 - 2015-06-02 21:48 - 00000000 ____D () C:\Users\Mark Packard Bell\Desktop\SNORT
2015-06-02 20:28 - 2015-06-02 20:28 - 00000021 _____ () C:\Windows\S.dirmngr
2015-06-02 15:19 - 2015-06-02 15:20 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_19A6
2015-06-02 15:18 - 2015-06-02 15:18 - 00049474 _____ () C:\Users\Mark Packard Bell\Downloads\20150602.pptx
2015-06-02 14:25 - 2015-06-02 14:25 - 00038042 _____ () C:\Users\Mark Packard Bell\Desktop\dds.txt
2015-06-02 14:25 - 2015-06-02 14:25 - 00022572 _____ () C:\Users\Mark Packard Bell\Desktop\attach.txt
2015-06-02 13:21 - 2015-06-02 13:21 - 02231296 _____ () C:\Users\Mark Packard Bell\Downloads\adwcleaner_4.206.exe
2015-06-02 13:10 - 2015-06-02 13:10 - 12840520 _____ () C:\Users\Mark Packard Bell\Downloads\tweaking.com_windows_repair_aio_setup (4).exe
2015-06-02 13:10 - 2015-06-02 13:10 - 00688992 ____R (Swearware) C:\Users\Mark Packard Bell\Downloads\dds.com
2015-06-02 13:10 - 2015-06-02 13:10 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mark Packard Bell\Downloads\autoruns.exe
2015-06-02 13:05 - 2015-06-02 13:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Mark Packard Bell\Downloads\rkill.exe
2015-06-02 13:04 - 2015-06-02 13:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Mark Packard Bell\Downloads\mbar-1.09.1.1004.exe
2015-06-02 13:02 - 2015-06-02 13:03 - 00050035 _____ () C:\Users\Mark Packard Bell\Downloads\Result.txt
2015-06-02 13:01 - 2015-06-02 13:01 - 00003778 _____ () C:\Users\Mark Packard Bell\Downloads\FSS.txt
2015-06-02 12:59 - 2015-06-02 12:59 - 00415232 _____ (Farbar) C:\Users\Mark Packard Bell\Downloads\FSS.exe
2015-06-02 12:59 - 2015-06-02 12:59 - 00403456 _____ (Farbar) C:\Users\Mark Packard Bell\Downloads\MiniToolBox.exe
2015-06-02 12:58 - 2015-06-02 12:58 - 00852639 _____ () C:\Users\Mark Packard Bell\Downloads\SecurityCheck.exe
2015-06-02 00:56 - 2015-06-02 00:56 - 00026418 _____ () C:\Users\Mark Packard Bell\Downloads\[kat.cr]pes15.pte.patch.7.0.released.31.05.2015.torrent
2015-06-01 14:48 - 2015-06-01 14:48 - 00013324 _____ () C:\Users\Mark Packard Bell\Downloads\stud-liste-e15-190914 (3).xlsx
2015-06-01 11:19 - 2015-06-01 11:19 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Local\GWX
2015-05-28 22:32 - 2015-05-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSIS Heimdal
2015-05-28 22:29 - 2015-05-28 22:29 - 00000000 ____D () C:\Users\Mark Packard Bell\GNS3
2015-05-28 22:25 - 2015-05-28 22:26 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\GNS3
2015-05-28 22:25 - 2015-05-28 22:25 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Local\SolarWinds
2015-05-28 22:20 - 2015-06-01 12:08 - 00001662 _____ () C:\Users\Mark Packard Bell\Desktop\GNS3.lnk
2015-05-28 22:20 - 2015-05-28 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNS3
2015-05-28 22:15 - 2015-05-28 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Response Time Viewer
2015-05-28 22:14 - 2015-05-28 22:14 - 00000000 ____D () C:\Program Files (x86)\SolarWinds
2015-05-28 22:01 - 2015-05-28 22:23 - 00000000 ____D () C:\ProgramData\Solarwinds
2015-05-28 21:58 - 2015-05-28 22:20 - 00000000 ____D () C:\Program Files\GNS3
2015-05-28 21:48 - 2015-05-28 21:48 - 58620968 _____ () C:\Users\Mark Packard Bell\Downloads\GNS3-1.3.3-all-in-one.exe
2015-05-28 21:03 - 2015-05-28 21:03 - 100412791 _____ () C:\Users\Mark Packard Bell\Downloads\Audio_Realtek_6.0.1.6141_W7x86W7x64_A (1).zip
2015-05-28 20:16 - 2015-05-28 20:16 - 00000000 ____D () C:\Users\Mark Packard Bell\Downloads\Lync 2013 with SP1 32 and 64-Bit - DVD (English)
2015-05-28 20:08 - 2015-05-28 20:08 - 00000183 _____ () C:\Users\Mark Packard Bell\Downloads\100385217459 (1).sdx
2015-05-28 20:02 - 2015-05-28 20:02 - 00000183 _____ () C:\Users\Mark Packard Bell\Downloads\100385217459.sdx
2015-05-28 19:50 - 2015-05-28 19:50 - 00000000 ____D () C:\Users\Mark Packard Bell\Downloads\Access 2013 (x86 and x64) - DVD (English)
2015-05-28 19:44 - 2015-05-28 19:44 - 00000183 _____ () C:\Users\Mark Packard Bell\Downloads\100385216885.sdx
2015-05-28 19:42 - 2015-05-28 19:42 - 00774656 _____ () C:\Users\Mark Packard Bell\Downloads\SDM_EN (2).msi
2015-05-28 00:05 - 2015-05-28 00:06 - 00005756 _____ () C:\Windows\DPINST.LOG
2015-05-27 23:45 - 2015-05-27 23:45 - 02946603 _____ (Thisisu) C:\Users\Mark Packard Bell\Downloads\JRT.exe
2015-05-27 23:20 - 2015-06-02 22:13 - 00005032 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARKPACKARDBELL-Mark Packard Bell MarkPackardBell
2015-05-27 22:29 - 2015-05-27 22:29 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-05-27 20:53 - 2015-05-27 20:56 - 12840520 _____ () C:\Users\Mark Packard Bell\Downloads\tweaking.com_windows_repair_aio_setup (3).exe
2015-05-27 15:17 - 2015-05-27 15:17 - 00000000 ____D () C:\Program Files (x86)\Wireshark
2015-05-27 13:00 - 2015-05-27 13:00 - 00001093 _____ () C:\Users\Public\Desktop\GPA.lnk
2015-05-27 13:00 - 2015-05-27 13:00 - 00000000 ____D () C:\Users\Public\Desktop\Gpg4win Documentation
2015-05-27 12:59 - 2015-05-27 12:59 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\gnupg
2015-05-27 12:59 - 2015-05-27 12:59 - 00000000 ____D () C:\ProgramData\GNU
2015-05-27 12:58 - 2015-05-27 12:58 - 00000000 ____D () C:\Program Files (x86)\GNU
2015-05-27 12:45 - 2015-05-27 12:45 - 30506192 _____ (g10 Code GmbH) C:\Users\Mark Packard Bell\Downloads\gpg4win-2.2.4.exe
2015-05-26 23:36 - 2015-05-26 23:37 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-26 23:22 - 2015-06-02 20:27 - 00001690 _____ () C:\Windows\setupact.log
2015-05-26 23:22 - 2015-05-26 23:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-26 23:20 - 2015-05-26 23:20 - 00000336 _____ () C:\Windows\PFRO.log
2015-05-26 23:16 - 2015-05-27 14:57 - 00000000 ____D () C:\Users\Mark Packard Bell\Downloads\TMRBLog
2015-05-26 23:05 - 2015-05-26 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-05-26 23:05 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-05-26 23:04 - 2015-06-02 20:30 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-05-26 22:06 - 2015-05-26 22:07 - 00465840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-26 21:26 - 2015-05-26 21:26 - 00118624 _____ () C:\Users\Mark Packard Bell\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-24 15:30 - 2015-05-24 15:35 - 00000000 ____D () C:\Users\Mark Packard Bell\Downloads\Toy Story 3 (2010) [1080p]
2015-05-21 14:09 - 2015-05-21 14:09 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_3B6
2015-05-21 11:01 - 2015-05-21 11:02 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_3ECE
2015-05-21 10:49 - 2015-05-21 10:49 - 00062534 _____ () C:\Users\Mark Packard Bell\Downloads\Project Reports.pptx
2015-05-21 10:49 - 2015-05-21 10:49 - 00033649 _____ () C:\Users\Mark Packard Bell\Downloads\20150521.pptx
2015-05-20 17:14 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-20 11:15 - 2015-05-20 11:33 - 666894336 _____ () C:\Users\Mark Packard Bell\Downloads\CentOS-7-x86_64-Minimal-1503-01.iso
2015-05-19 20:36 - 2015-05-19 20:36 - 00970125 _____ () C:\Users\Mark Packard Bell\Downloads\libdnet-1.12.tgz
2015-05-19 19:30 - 2015-05-28 19:55 - 00000000 ____D () C:\Users\Mark Packard Bell\VirtualBox VMs
2015-05-19 15:27 - 2015-05-19 15:33 - 06352738 _____ () C:\Users\Mark Packard Bell\Downloads\snort-2.9.7.2.tar.gz
2015-05-19 15:27 - 2015-05-19 15:28 - 00495316 _____ () C:\Users\Mark Packard Bell\Downloads\daq-2.0.4.tar.gz
2015-05-18 21:22 - 2015-06-02 21:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:03 - 2015-05-18 12:03 - 00614895 _____ () C:\Users\Mark Packard Bell\Downloads\Crypto_01 (1).pptx
2015-05-18 12:01 - 2015-05-18 12:01 - 00614895 _____ () C:\Users\Mark Packard Bell\Downloads\Crypto_01.pptx
2015-05-18 09:01 - 2015-05-18 09:01 - 00000000 ____D () C:\Users\Mark Packard Bell\Documents\My Meetings
2015-05-17 20:03 - 2015-05-17 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Meeting 2007
2015-05-17 20:02 - 2015-05-17 20:02 - 00000000 ____D () C:\ProgramData\Applications
2015-05-17 19:59 - 2015-05-18 09:00 - 00000000 ____D () C:\Users\Mark Packard Bell\Tracing
2015-05-17 19:56 - 2015-05-17 19:56 - 17308304 _____ (Microsoft Corporation) C:\Users\Mark Packard Bell\Downloads\lmsetup.exe
2015-05-15 09:10 - 2015-05-15 09:10 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_830
2015-05-14 23:25 - 2015-05-14 23:25 - 00500224 _____ () C:\Users\Mark Packard Bell\Downloads\26-security2 (1).ppt
2015-05-14 22:00 - 2015-05-14 22:00 - 04656262 _____ () C:\Users\Mark Packard Bell\Downloads\freeradius-server-3.0.8.tar.gz
2015-05-14 22:00 - 2015-05-14 22:00 - 02945423 _____ () C:\Users\Mark Packard Bell\Downloads\freeradius-server-3.0.8.tar.bz2
2015-05-14 21:32 - 2015-05-14 21:32 - 01187890 _____ () C:\Users\Mark Packard Bell\Downloads\How to Use Packet Tracer.pptx
2015-05-13 11:29 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 11:29 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 11:29 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 11:29 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 11:29 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 11:29 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 11:29 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 11:29 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 11:29 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 11:29 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 11:29 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 11:29 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 11:29 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 11:29 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 11:29 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 11:29 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 11:29 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 11:29 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 11:29 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 11:29 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 11:29 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 11:29 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 11:29 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 11:29 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 11:29 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 11:29 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 11:29 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 11:29 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 11:29 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 11:29 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 11:29 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 11:29 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 11:29 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 11:29 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 11:29 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 11:29 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 11:29 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 11:29 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 11:29 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 11:29 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 11:29 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 11:29 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 11:29 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 11:29 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 11:29 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 11:29 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 11:29 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 11:29 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 11:29 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 11:29 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 11:29 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 11:29 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 11:29 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 11:29 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 11:29 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 11:29 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 11:29 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 11:29 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 11:29 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 11:29 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 11:14 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 11:14 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 11:14 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 11:14 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 11:14 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 11:14 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 11:14 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 11:14 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 11:13 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 11:13 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 11:13 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 11:13 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 11:12 - 2015-05-13 11:48 - 55480849 _____ () C:\Users\Mark Packard Bell\Downloads\GNS3-1.3.2-all-in-one.exe.part
2015-05-13 10:27 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:27 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:50 - 2015-05-13 08:51 - 02141009 _____ (OpenSSL Win32 Installer Team ) C:\Users\Mark Packard Bell\Downloads\Win32OpenSSL_Light-1_0_2a.exe
2015-05-12 22:11 - 2015-05-12 22:29 - 4123048448 ____R () C:\Users\Mark Packard Bell\Downloads\sortitoutsi_backgrounds_megapack_2014.01.rar
2015-05-12 22:09 - 2015-05-12 22:09 - 00020496 _____ () C:\Users\Mark Packard Bell\Downloads\sortitoutsi_backgrounds_megapack_2014.01.rar.torrent
2015-05-12 15:18 - 2015-05-12 15:19 - 42845972 _____ () C:\Users\Mark Packard Bell\Downloads\7. lesson - LEAN and process mapping.pptx
2015-05-12 15:16 - 2015-05-28 19:46 - 00000154 _____ () C:\Users\Mark Packard Bell\Desktop\Windows 7 Key.txt
2015-05-12 15:02 - 2015-05-12 15:23 - 1044381696 _____ () C:\Users\Mark Packard Bell\Downloads\ubuntu-14.04.2-desktop-amd64.iso
2015-05-12 13:55 - 2015-05-12 14:01 - 257949696 _____ () C:\Users\Mark Packard Bell\Downloads\debian-8.0.0-amd64-netinst.iso
2015-05-12 13:52 - 2015-05-12 13:53 - 03112560 _____ () C:\Users\Mark Packard Bell\Downloads\vmlinuz
2015-05-12 13:52 - 2015-05-12 13:52 - 01523480 _____ () C:\Users\Mark Packard Bell\Downloads\debian-cd_info.tar.gz
2015-05-12 13:51 - 2015-05-12 14:02 - 136923277 _____ () C:\Users\Mark Packard Bell\Downloads\debian-8.0.0-amd64-CD-1.iso
2015-05-12 06:24 - 2015-05-12 06:24 - 04149784 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-05-11 22:49 - 2015-05-11 22:50 - 198472712 _____ () C:\Users\Mark Packard Bell\Downloads\20140204_cm_10.2_skomer-ota-eng.flx.zip
2015-05-11 22:49 - 2015-05-11 22:49 - 18743296 _____ () C:\Users\Mark Packard Bell\Downloads\20140604_cm_10.2_skomer-ota-eng.flx (1).zip
2015-05-11 22:49 - 2015-05-11 22:49 - 00000074 _____ () C:\Users\Mark Packard Bell\Downloads\20140204_cm_10.2_skomer-ota-eng.flx.zip.md5sum
2015-05-11 22:49 - 2015-05-11 22:49 - 00000074 _____ () C:\Users\Mark Packard Bell\Downloads\20140112_cm_10.2_skomer-ota-eng.flx.zip.md5sum
2015-05-11 22:46 - 2015-05-11 22:48 - 350470979 _____ () C:\Users\Mark Packard Bell\Downloads\MIUI+v5+BETA+3.1 (1).zip
2015-05-11 22:33 - 2015-05-11 22:34 - 350861162 _____ () C:\Users\Mark Packard Bell\Downloads\MIUI+v5+BETA+3 (1).zip
2015-05-11 22:15 - 2015-05-11 23:12 - 173967296 _____ () C:\Users\Mark Packard Bell\Downloads\sortitoutsi_cutout_megapack_7.05_changes.rar
2015-05-11 19:11 - 2015-05-11 20:05 - 165446734 _____ () C:\Users\Mark Packard Bell\Downloads\sortitoutsi_cutout_megapack_7.04_changes.rar
2015-05-09 03:03 - 2015-05-09 03:02 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-09 03:02 - 2015-05-09 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-09 02:53 - 2015-05-09 02:54 - 00562272 _____ (Oracle Corporation) C:\Users\Mark Packard Bell\Downloads\chromeinstall-8u45.exe
2015-05-09 01:24 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-09 01:24 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-09 01:24 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-09 01:24 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-09 01:24 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-09 01:24 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-09 01:24 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-09 01:24 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-09 01:24 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-09 01:24 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-09 01:24 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-09 01:24 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-09 01:24 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-09 01:24 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-09 01:24 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-09 01:24 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-09 01:24 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-09 01:24 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-09 01:24 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-09 01:24 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-09 01:24 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-09 01:24 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-09 01:24 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-09 01:24 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-09 01:24 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-09 01:24 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-09 01:24 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-09 01:24 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-09 01:24 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-09 01:24 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-09 01:24 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-09 01:24 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-09 01:24 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-09 01:24 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-09 01:24 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-09 01:24 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-09 01:24 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-09 01:24 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-09 01:24 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-09 01:24 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-09 01:24 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-09 01:24 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-09 01:24 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-09 01:24 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-09 01:24 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-09 01:24 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-09 01:24 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 01:24 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-09 01:23 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-09 01:23 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-09 01:18 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-09 01:18 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-09 01:18 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-09 01:18 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-09 01:18 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-09 01:18 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-09 01:18 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-08 14:07 - 2015-05-27 23:44 - 00001069 _____ () C:\DelFix.txt
2015-05-07 23:47 - 2015-05-07 23:47 - 00000934 _____ () C:\Users\Mark Packard Bell\Downloads\eat-sleep-conquer_1.tac
2015-05-07 23:46 - 2015-05-07 23:46 - 00001034 _____ () C:\Users\Mark Packard Bell\Downloads\Sexy Football Narrow.tac
2015-05-07 21:10 - 2015-05-07 21:10 - 00114552 _____ () C:\Users\Mark Packard Bell\Downloads\[kickass.to]kingsman.the.secret.service.2014.hc.hdrip.xvid.ac3.etrg.torrent
2015-05-07 20:52 - 2015-05-07 20:52 - 00000958 _____ () C:\Users\Mark Packard Bell\Downloads\mordax87s_4-1-2-2-1_64148.tac
2015-05-07 20:39 - 2015-05-07 20:39 - 00000010 _____ () C:\Users\Mark Packard Bell\AppData\Local\sponge.last.runtime.cache
2015-05-07 20:15 - 2013-09-28 04:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-05-07 15:56 - 2015-05-07 15:56 - 00000896 _____ () C:\Users\Mark Packard Bell\Downloads\Chapman7 V1.tac
2015-05-06 23:50 - 2015-05-06 23:50 - 00017979 _____ () C:\Users\Mark Packard Bell\Downloads\network-intern-list0913 (1).xlsx
2015-05-06 23:41 - 2015-05-06 23:41 - 00013324 _____ () C:\Users\Mark Packard Bell\Downloads\stud-liste-e15-190914 (2).xlsx
2015-05-06 20:41 - 2015-05-06 20:41 - 00000476 _____ () C:\Users\Mark Packard Bell\Documents\Kiloo Work Breakdown Structure.TXT
2015-05-06 20:20 - 2015-05-06 20:20 - 00473732 _____ () C:\Users\Mark Packard Bell\Downloads\Staff Information (1).pages
2015-05-06 14:45 - 2015-05-13 12:30 - 00000039 _____ () C:\Windows\vbaddin.ini
2015-05-06 11:03 - 2015-05-06 13:36 - 00036333 _____ () C:\Users\Mark Packard Bell\Downloads\Project Week 5 (1).pptx
2015-05-05 23:21 - 2015-05-06 00:09 - 00000000 ____D () C:\Users\Mark Packard Bell\Downloads\The.Good.Wife.S06E19.720p.HDTV.X264-DIMENSION
2015-05-05 23:15 - 2015-05-05 23:15 - 00033076 _____ () C:\Users\Mark Packard Bell\Downloads\[kickass.to]daredevil.s01.season.1.720p.webrip.x264.sneaky.torrent
2015-05-05 15:35 - 2015-05-05 15:37 - 350861162 _____ () C:\Users\Mark Packard Bell\Downloads\MIUI+v5+BETA+3.zip
2015-05-05 15:35 - 2015-05-05 15:37 - 350470979 _____ () C:\Users\Mark Packard Bell\Downloads\MIUI+v5+BETA+3.1.zip
2015-05-05 01:10 - 2015-05-05 01:11 - 77627423 _____ () C:\Users\Mark Packard Bell\Downloads\444Current-DHO-GAPPs.zip
2015-05-05 00:28 - 2015-05-05 00:28 - 01206254 _____ () C:\Users\Mark Packard Bell\Downloads\UPDATE-SuperSU-v1.93.zip
2015-05-05 00:13 - 2015-05-05 00:13 - 07329792 _____ () C:\Users\Mark Packard Bell\Downloads\20140112_cwm-6.0.4.6_skomer_fixed.img
2015-05-04 23:55 - 2015-05-04 23:55 - 07331912 _____ () C:\Users\Mark Packard Bell\Downloads\20140112_cwm-6.0.4.6_skomer_fixed.tar.md5
2015-05-04 23:52 - 2015-05-04 23:52 - 01505335 _____ () C:\Users\Mark Packard Bell\Downloads\ramdisk-recovery (2).tar
2015-05-04 23:22 - 2015-05-04 23:23 - 142346529 _____ () C:\Users\Mark Packard Bell\Downloads\cm_xcover-ota-eng.android.zip
2015-05-04 23:21 - 2015-05-04 23:25 - 156788748 _____ () C:\Users\Mark Packard Bell\Downloads\GT-S5690_GB_Opensource_Update1.zip
2015-05-04 23:03 - 2015-05-04 23:03 - 01505335 _____ () C:\Users\Mark Packard Bell\Downloads\ramdisk-recovery.tar
2015-05-04 23:03 - 2015-05-04 23:03 - 01288374 _____ () C:\Users\Mark Packard Bell\Downloads\KERUK_Samsung_Root-only_SuperSU_signed.zip
2015-05-04 22:38 - 2015-05-04 22:38 - 00000000 ____D () C:\Users\Mark Packard Bell\Desktop\Camera
2015-05-04 21:42 - 2015-05-04 21:46 - 362189600 _____ () C:\Users\Mark Packard Bell\Downloads\--MiuiV5kk_GT-I8190--.zip
2015-05-04 21:37 - 2015-05-04 21:37 - 18743296 _____ () C:\Users\Mark Packard Bell\Downloads\20140604_cm_10.2_skomer-ota-eng.flx.zip
2015-05-04 21:09 - 2015-05-04 21:10 - 190029759 _____ () C:\Users\Mark Packard Bell\Downloads\vanir_skomer_4.4.4.112414.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-02 23:36 - 2014-01-04 14:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-02 22:28 - 2015-01-26 10:28 - 00000000 ____D () C:\Users\Mark Packard Bell\Desktop\CV Info
2015-06-02 22:08 - 2011-08-01 17:45 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\uTorrent
2015-06-02 22:06 - 2014-02-04 20:34 - 00000000 ____D () C:\Users\Mark Packard Bell\Desktop\College
2015-06-02 21:48 - 2015-04-16 20:18 - 00000000 ____D () C:\Users\Mark Packard Bell\Desktop\Security
2015-06-02 21:41 - 2015-01-20 21:57 - 00000000 ____D () C:\Users\Mark Packard Bell\Documents\Outlook Files
2015-06-02 21:36 - 2014-01-04 14:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 20:40 - 2009-07-14 06:45 - 00018736 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 20:40 - 2009-07-14 06:45 - 00018736 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 20:33 - 2014-05-26 10:47 - 00000000 ___RD () C:\Users\Mark Packard Bell\Dropbox
2015-06-02 20:33 - 2011-08-01 19:56 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox
2015-06-02 20:28 - 2012-09-01 07:31 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-06-02 20:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 20:05 - 2015-04-09 20:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-06-02 20:05 - 2010-12-01 11:38 - 01287974 _____ () C:\Windows\WindowsUpdate.log
2015-06-02 15:57 - 2014-03-26 10:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-06-02 15:55 - 2013-11-26 17:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-02 14:24 - 2015-04-11 19:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-02 13:04 - 2015-04-11 19:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 12:59 - 2014-03-26 10:26 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\Notepad++
2015-06-02 12:59 - 2014-03-26 10:26 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-06-02 01:01 - 2014-11-06 07:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-06-01 22:04 - 2015-04-15 20:12 - 00000000 ____D () C:\Program Files\Puran Defrag
2015-05-29 10:46 - 2014-09-03 11:16 - 00000000 ____D () C:\Users\Mark Packard Bell\.freemind
2015-05-29 09:00 - 2014-04-28 11:38 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-28 23:46 - 2014-01-28 19:33 - 00000000 ____D () C:\Users\Mark Packard Bell\.VirtualBox
2015-05-28 22:32 - 2015-01-14 01:43 - 00000000 ____D () C:\Program Files (x86)\Heimdal
2015-05-28 22:29 - 2011-08-01 17:03 - 00000000 ____D () C:\Users\Mark Packard Bell
2015-05-28 22:12 - 2013-09-24 23:42 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-28 21:38 - 2014-01-20 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-28 21:31 - 2014-01-04 14:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-28 21:31 - 2014-01-04 14:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-28 21:20 - 2010-09-16 12:13 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-05-28 21:08 - 2013-09-25 01:11 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-05-28 20:16 - 2014-04-29 12:04 - 00049522 _____ () C:\Users\Mark Packard Bell\Downloads\SecureDownloadManager.log
2015-05-27 23:32 - 2014-04-29 11:33 - 00000000 ____D () C:\ProgramData\VMware
2015-05-27 23:32 - 2014-04-29 11:30 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-05-27 23:21 - 2014-04-29 11:41 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\VMware
2015-05-27 23:14 - 2015-03-02 10:54 - 00000000 ____D () C:\Users\Mark Packard Bell\Desktop\Telenet
2015-05-27 23:08 - 2012-04-10 09:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 15:23 - 2012-04-10 09:37 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-27 15:23 - 2012-04-10 09:37 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-27 15:23 - 2011-08-01 18:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-27 15:20 - 2012-02-22 02:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-27 15:18 - 2015-04-09 21:00 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-27 15:17 - 2014-02-12 14:36 - 00001762 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-05-27 15:16 - 2013-12-19 04:30 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-05-27 15:16 - 2010-09-16 12:20 - 00000000 ____D () C:\ProgramData\Temp
2015-05-27 13:20 - 2011-08-25 00:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-27 02:29 - 2014-01-22 14:01 - 00000000 ____D () C:\Users\Mark Packard Bell\Desktop\Utilities
2015-05-26 22:56 - 2011-08-01 20:07 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Local\CrashDumps
2015-05-26 22:11 - 2014-11-13 16:23 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-26 21:56 - 2015-03-22 20:46 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\Kodi
2015-05-26 20:40 - 2014-11-21 11:09 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Local\Akamai
2015-05-26 14:05 - 2012-02-22 02:49 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-25 16:19 - 2014-02-03 11:41 - 00000600 _____ () C:\Users\Mark Packard Bell\AppData\Local\PUTTY.RND
2015-05-24 14:23 - 2009-07-14 07:13 - 00749006 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 22:42 - 2015-04-11 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-22 10:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-20 21:56 - 2011-10-28 17:26 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Local\Spotify
2015-05-20 21:53 - 2011-10-28 17:25 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\Spotify
2015-05-20 21:15 - 2011-08-01 17:47 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\DAEMON Tools Lite
2015-05-20 17:15 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 17:15 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 19:47 - 2014-04-29 11:37 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Local\VMware
2015-05-19 19:45 - 2014-08-28 13:14 - 00000000 ____D () C:\Users\Mark Packard Bell\Documents\Virtual Machines
2015-05-19 11:34 - 2015-01-26 13:06 - 00000212 _____ () C:\Users\Mark Packard Bell\.packettracer
2015-05-18 21:28 - 2011-08-01 18:13 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\vlc
2015-05-17 21:59 - 2011-08-01 19:30 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\Skype
2015-05-17 20:03 - 2014-03-26 10:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-05-17 19:58 - 2015-01-20 22:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-17 19:58 - 2011-08-01 19:28 - 00000000 ____D () C:\ProgramData\Skype
2015-05-14 11:28 - 2013-06-24 22:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 18:55 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 12:35 - 2014-03-26 10:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-13 12:23 - 2013-08-15 01:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 12:23 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 12:01 - 2011-08-01 21:29 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 11:58 - 2009-07-14 04:34 - 00000931 _____ () C:\Windows\win.ini
2015-05-13 10:47 - 2012-05-12 19:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 10:47 - 2012-05-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 10:27 - 2012-05-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 20:20 - 2013-11-04 04:40 - 00000000 ____D () C:\Program Files (x86)\Football Manager 2014
2015-05-12 11:53 - 2011-08-01 19:58 - 00000000 ____D () C:\Users\Mark Packard Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-09 03:02 - 2011-08-01 19:46 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-08 14:07 - 2014-12-04 12:34 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2015-05-08 14:07 - 2012-11-10 04:24 - 00000000 ____D () C:\Windows\ERUNT
2015-05-07 20:57 - 2013-11-13 00:55 - 00589483 _____ () C:\Users\Mark Packard Bell\AppData\Local\census.cache
2015-05-07 20:57 - 2013-11-13 00:54 - 00129400 _____ () C:\Users\Mark Packard Bell\AppData\Local\ars.cache
2015-05-07 20:18 - 2015-04-22 11:05 - 00000000 ____D () C:\Users\Mark Packard Bell\.zenmap
2015-05-07 19:15 - 2013-11-25 06:33 - 00000000 ____D () C:\Windows\pss
2015-05-07 18:39 - 2015-01-27 14:40 - 00000000 ____D () C:\Users\Mark Packard Bell\Desktop\Consultancy
2015-05-06 21:01 - 2014-01-30 21:55 - 00000000 ____D () C:\Users\Mark Packard Bell\Documents\Camera
2015-05-06 20:45 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-06 14:45 - 2014-04-10 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-05-06 11:05 - 2015-04-11 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
 
==================== Files in the root of some directories =======
 
2014-01-04 14:31 - 2014-01-04 14:31 - 49940480 _____ () C:\Program Files (x86)\GUT70AE.tmp
2013-10-28 05:19 - 2013-10-12 23:10 - 0000224 _____ () C:\Program Files (x86)\update-FIFA14.bat
2013-11-04 04:47 - 2013-11-01 11:41 - 0000224 _____ () C:\Program Files (x86)\update-FM2014.bat
2013-10-28 05:19 - 2013-10-12 20:47 - 0000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2014-04-07 11:56 - 2014-04-07 11:56 - 0000600 _____ () C:\Users\Mark Packard Bell\AppData\Roaming\winscp.rnd
2014-11-18 12:15 - 2014-11-18 12:15 - 0000037 ___SH () C:\Users\Mark Packard Bell\AppData\Local\70149b02515b3bb20dd492.47983420
2013-11-13 00:54 - 2015-05-07 20:57 - 0129400 _____ () C:\Users\Mark Packard Bell\AppData\Local\ars.cache
2013-11-13 00:55 - 2015-05-07 20:57 - 0589483 _____ () C:\Users\Mark Packard Bell\AppData\Local\census.cache
2013-11-13 00:01 - 2013-11-13 00:01 - 0000036 _____ () C:\Users\Mark Packard Bell\AppData\Local\housecall.guid.cache
2014-02-03 11:41 - 2015-05-25 16:19 - 0000600 _____ () C:\Users\Mark Packard Bell\AppData\Local\PUTTY.RND
2015-04-27 13:28 - 2015-04-27 13:28 - 0000729 _____ () C:\Users\Mark Packard Bell\AppData\Local\recently-used.xbel
2012-05-06 00:18 - 2015-01-14 20:45 - 0007597 _____ () C:\Users\Mark Packard Bell\AppData\Local\resmon.resmoncfg
2015-05-07 20:39 - 2015-05-07 20:39 - 0000010 _____ () C:\Users\Mark Packard Bell\AppData\Local\sponge.last.runtime.cache
2015-04-09 20:18 - 2015-04-09 20:18 - 0050687 _____ () C:\ProgramData\1428603507.bdinstall.bin
2015-04-09 20:47 - 2015-04-09 20:47 - 0055670 _____ () C:\ProgramData\1428605214.bdinstall.bin
2015-04-10 14:18 - 2015-04-10 14:18 - 0055818 _____ () C:\ProgramData\1428668247.bdinstall.bin
2015-04-12 11:48 - 2015-04-12 11:48 - 0033299 _____ () C:\ProgramData\1428831891.bdinstall.bin
2014-01-21 16:01 - 2014-01-21 16:01 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2014-04-13 20:46 - 2014-04-17 15:58 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-03-27 13:01 - 2015-03-27 13:01 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Mark Packard Bell\GDFBinary_cs_CZ.dll
C:\Users\Mark Packard Bell\GDFBinary_de_DE.dll
C:\Users\Mark Packard Bell\GDFBinary_en_GB.dll
C:\Users\Mark Packard Bell\GDFBinary_en_US.dll
C:\Users\Mark Packard Bell\GDFBinary_es_ES.dll
C:\Users\Mark Packard Bell\GDFBinary_es_MX.dll
C:\Users\Mark Packard Bell\GDFBinary_fr_FR.dll
C:\Users\Mark Packard Bell\GDFBinary_hu_HU.dll
C:\Users\Mark Packard Bell\GDFBinary_it_IT.dll
C:\Users\Mark Packard Bell\GDFBinary_nl_NL.dll
C:\Users\Mark Packard Bell\GDFBinary_pl_PL.dll
C:\Users\Mark Packard Bell\GDFBinary_pt_BR.dll
C:\Users\Mark Packard Bell\GDFBinary_pt_PT.dll
C:\Users\Mark Packard Bell\GDFBinary_ru_RU.dll
 
 
Some files in TEMP:
====================
C:\Users\Mark Packard Bell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpisaomy.dll
C:\Users\Mark Packard Bell\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
C:\Users\Mark Packard Bell\AppData\Local\Temp\xmlUpdater.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-05 18:05
 
==================== End of log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Mark Packard Bell at 2015-06-02 23:56:18
Running from C:\Users\Mark Packard Bell\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-539220840-4066696231-1515832666-500 - Administrator - Disabled)
Guest (S-1-5-21-539220840-4066696231-1515832666-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-539220840-4066696231-1515832666-1002 - Limited - Enabled)
Mark Packard Bell (S-1-5-21-539220840-4066696231-1515832666-1000 - Administrator - Enabled) => C:\Users\Mark Packard Bell
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Emsisoft Anti-Malware (Enabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIDA64 Extreme v4.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.60 - FinalWire Ltd.)
Akamai NetSession Interface (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Sync Manager WiFi (HKLM-x32\...\{563254C9-FBFC-0200-0000-000000000000}) (Version: 12.05.1071 - Mobile Action)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCENT/CCNA ICND1 100-101 Network Simulator Lite (HKLM-x32\...\com.pearson.ccna.NetworkSimulator.ICND1.lite) (Version: 1.0.0 - Pearson Education)
CCENT/CCNA ICND1 100-101 Network Simulator Lite (x32 Version: 1.0.0 - Pearson Education) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Championship Manager 01-02 (HKLM-x32\...\Championship Manager 01-02) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Packet Tracer 6.0.1 (HKLM-x32\...\Cisco Packet Tracer 6.0.1_is1) (Version:  - Cisco Systems, Inc.)
Club Swap (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\6dc1aa4d9e90f983) (Version: 1.0.0.0 - Club Swap)
CM3 Series SaveGame Editor 4.0 Build 4000 (HKLM-x32\...\CM3 Series SaveGame Editor_is1) (Version: 4.0 Build 4000 - Graeme Kelly)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.6.2 - Bloodshed Software)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
DiRT2 (HKLM-x32\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters)
DiRT2 (x32 Version: 1.0.0002.133 - Codemasters) Hidden
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version:  - )
Download Navigator (HKLM-x32\...\{44715246-18E9-4EDF-AA03-94E4B4F80EA8}) (Version: 2.2.0 - SEIKO EPSON CORPORATION)
Dropbox (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version:  - EaseUS)
EaseUS Partition Master 9.1.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 8.0  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.0 - CHENGDU YIWO Tech Development Co., Ltd)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - )
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free PDF Solutions PDF to WORD version 1.0 (HKLM-x32\...\Free PDF Solutions PDF to WORD_is1) (Version: 1.0 - )
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
Fronter OES (HKLM-x32\...\{50F072D6-D66C-4E7D-9833-303661C5AAA9}) (Version: 1.1.31.0 - Fronter)
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
Glary Undelete 1.8.0.468 (HKLM-x32\...\Glary Undelete_is1) (Version:  - Glarysoft.com)
GNS3 1.3.3 (HKLM-x32\...\GNS3) (Version: 1.3.3 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Chrome (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Gpg4win (2.2.4) (HKLM-x32\...\GPG4Win) (Version: 2.2.4 - The Gpg4win Project)
Heimdal (HKLM-x32\...\Heimdal) (Version: 1.10.3.704 - CSIS Security Group)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
ICND1 Network Simulator Lite (HKLM-x32\...\ICND1 Network Simulator Lite) (Version: 1.0.0.14 - Pearson IT Certification)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
inSSIDer 3 (HKLM-x32\...\{CDF246AE-C6E3-438F-AA76-21700DCC15F6}) (Version: 3.0.6.42 - MetaGeek, LLC)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.380 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.380 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{56DC4F23-DCC5-4935-A6E1-D9B7817C948A}) (Version: 1.0.5.34 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.0.5.34 - Kaspersky Lab) Hidden
Kodi (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Kodi) (Version:  - XBMC-Foundation)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
LEGO MINDSTORMS Edu NXT - English Language Pack (HKLM-x32\...\{A970DAFC-8683-47C1-9C72-E9C59AD9BD0E}) (Version: 2.1.79.0 - The LEGO Group)
LEGO MINDSTORMS Edu NXT Software v2.1 (HKLM-x32\...\{E43F30A4-1A56-408F-BF17-C5E808FD4DAC}) (Version: 2.1.76.0 - LEGO)
LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{AE1D4582-D449-495C-9DC6-B92E16C7DB63}) (Version: 1.19.768 - LEGO)
LEGO MINDSTORMS NXT Edu Patch v2.1f3 (x32 Version: 2.1.22.0 - LEGO) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{AFADA6D3-EBC0-406E-B3ED-079B7A831467}) (Version: 8.0.6362.229 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MiniTool Partition Wizard Home Edition 7.8 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\MyFreeCodec) (Version:  - )
MySQL Workbench 6.1 CE (HKLM-x32\...\{AD95295B-0279-43B6-A873-F12A1D1CD146}) (Version: 6.1.7 - Oracle Corporation)
Nero 9 Essentials (HKLM-x32\...\{a97f0ac6-e34b-400a-8ce4-c4a5ab45344e}) (Version:  - Nero AG)
NewFreeScreensaver nfsSputnikOfEarth (HKLM-x32\...\Sputnik Of Earth New Free Screensaver_is1) (Version:  - )
Nmap 6.47 (HKLM-x32\...\Nmap) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.3.6-I003  (HKLM\...\OpenVPN) (Version: 2.3.6-I003 - )
OpenVPN Tap Adapter 9.0.0.8 (HKLM-x32\...\OpenVPN Tap Adapter) (Version:  - )
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0806.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
PC TWIN SHOCK (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Pearson IT Certification Practice Test (HKLM-x32\...\Pearson IT Certification Practice Test_is1) (Version: 1.0.0.24 - Pearson IT Certification)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.5.0.4 - OpenVPN Technologies)
Pro Evolution Soccer 2015 (HKLM-x32\...\Steam App 287680) (Version:  - KONAMI Digital Entertainment)
ProjectLibre (HKLM-x32\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
Puran Defrag 7.7 (HKLM\...\Puran Defrag_is1) (Version:  - Puran Software)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.82 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Screencast-O-Matic (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.162 - SolarWinds)
Spotify (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StofaWebTvPlayer (HKLM-x32\...\{C1BC4EC3-0DD8-4529-B50E-6B0CC74DEDD0}) (Version: 3.13.0.7173 - Stofa A/S)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
Torrent Stream 2.0.8.1.2 (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\TorrentStream) (Version: 2.0.8.1.2 - Torrent Stream)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 3.0.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.1.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Verbatim GREEN BUTTON 1.68 (HKLM-x32\...\Verbatim GREEN BUTTON_is1) (Version:  - Verbatim)
Verbatim Hard Drive Formatter (HKLM-x32\...\Verbatim Hard Drive Formatter_is1) (Version:  - Verbatim)
Verbatim Hard Drive Info 1.04 (HKLM-x32\...\Verbatim Hard Drive Info_is1) (Version:  - Verbatim)
Verbatim Product Update 1.06 (HKLM-x32\...\Verbatim Product Update_is1) (Version:  - Verbatim)
Video Web Camera (HKLM-x32\...\{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}) (Version: 0.5.37.3 - SuYin)
ViewRight Web PC (HKLM-x32\...\{0AEF5F93-DE30-4D0A-A879-B3BB72000F52}) (Version: 2.1.2.3 - Verimatrix, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3004 - Packard Bell)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinSCP 5.5.2 (HKLM-x32\...\winscp3_is1) (Version: 5.5.2 - Martin Prikryl)
Wireshark 1.12.5 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.5 - The Wireshark developer community, http://www.wireshark.org)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2015-04-27 14:24 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01DD437C-6616-41D4-98E4-EEE15ABF2D9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {05BD88F3-885C-4377-BDE8-534FC464E0CA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {07279329-7CC5-4B08-B401-868343E368EF} - System32\Tasks\{2796E00D-ECB9-470C-95DA-4B1AD7297B86} => pcalua.exe -a "C:\Users\Mark Packard Bell\Desktop\242.exe" -d "C:\Users\Mark Packard Bell\Desktop"
Task: {085B8BC9-3D56-43C1-9FBA-A3F500847361} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {0AF84520-0F32-4755-9F76-E5D80171C894} - System32\Tasks\{68D7B198-C4E1-4F26-A9B6-1CE0EB9A77EA} => pcalua.exe -a "C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PESEdit.com_2013_Patch_4.0\Installer.exe" -d "C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PESEdit.com_2013_Patch_4.0"
Task: {0CEF7ED3-6089-4D1F-8B2F-5F2B1A3C379C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {114ECA9E-C5C6-4738-9047-B1E08EF3C596} - System32\Tasks\Norton Zone\Norton Error Analyzer => C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\SymErr.exe
Task: {11598920-526F-4B4A-9650-C9FDF91D7F54} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {18D6FBD0-3083-483B-9F45-BE37A6268CEF} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {1D61D52F-68B3-4492-A030-D44341C74CEC} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {1E3C7251-A5C7-4593-A600-086361AF74F6} - System32\Tasks\{FCBA2F71-5DA9-418F-813E-B87FD87243D5} => pcalua.exe -a "C:\Users\Mark Packard Bell\Downloads\Installer.exe" -d "C:\Users\Mark Packard Bell\Downloads"
Task: {2D7692BB-C838-4861-9368-02D558E1048E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000Core => C:\Users\Mark Packard Bell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {341A9CD5-0966-4497-968F-B7A8C5654A2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {36BF9BA9-577F-4B5D-A1C3-725AE21C3E88} - System32\Tasks\{3A2F5723-9DF6-4B02-A5CA-671676ECF1D7} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\Championship Manager 01-02\Uninst.isu"
Task: {3773F0F1-F760-43E7-A2EF-54883C525B26} - System32\Tasks\Norton Zone\Norton Error Processor => C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\SymErr.exe
Task: {3927F1DB-ED74-41DD-B1F2-266893F63797} - \Driver Booster SkipUAC (Mark Packard Bell) No Task File <==== ATTENTION
Task: {42A0F465-F232-4B50-B461-61EDFAA09402} - System32\Tasks\{826C4847-7366-4C7A-826C-676B8A3E9A07} => pcalua.exe -a "C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\Installer.exe" -d "C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013"
Task: {4C2A10D5-9798-44FB-9639-166187567380} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {51E78B64-3A5F-4864-A4B7-7DBCD9EDCA6E} - System32\Tasks\{6BCCDE6D-A1E1-4DF4-A00F-AF380008D268} => pcalua.exe -a "C:\Users\Mark Packard Bell\Downloads\reflash_package.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {55326C99-1C11-4D76-BF4C-ABD6BE2C1B00} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {57F8AFFC-05C5-412F-983E-310876669499} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-02] (Microsoft Corporation)
Task: {58084165-8635-49C7-8A29-B9C20AF6F606} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MARKPACKARDBELL-Mark Packard Bell MarkPackardBell => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {6273D890-FFCF-4DF3-9A16-8C33CB081576} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {667D300D-8862-4F68-81D3-F6112B9CAF5B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000UA => C:\Users\Mark Packard Bell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {6849B0AD-C577-4072-8E40-77A031FC8122} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {69D0E3C3-6A2D-4CC9-8638-E9123B3C01E4} - System32\Tasks\{A4E76466-01A8-42E9-B274-AA17714CC40C} => pcalua.exe -a C:\Users\Public\Music\242.exe -d "C:\Users\Mark Packard Bell\Documents"
Task: {6AD97519-DA07-46F7-A3B5-6BA1647A0039} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-26] ()
Task: {6E07FDF6-E11A-4049-90FC-C3EF2DD4AE2C} - System32\Tasks\{F3609A0A-382D-4DC8-929A-E9A0664EC821} => pcalua.exe -a F:\Installer.exe -d F:\
Task: {70A658C4-B875-42B7-A472-C670AE760B88} - System32\Tasks\{124B9633-DAEB-4C20-B6EC-F7A04C2393E9} => pcalua.exe -a "C:\Users\Mark Packard Bell\Downloads\PESEdit.com_2013_Patch_2.2\PESEdit.com_2013_Patch_2.2\Installer.exe" -d "C:\Users\Mark Packard Bell\Downloads\PESEdit.com_2013_Patch_2.2\PESEdit.com_2013_Patch_2.2"
Task: {75A8817A-2A29-4229-A2D9-B2A7D4A1E4D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7A050E1D-D275-4BC4-9A8F-38B13EDFCA6A} - System32\Tasks\{CC365B42-37A7-4D8B-9FA3-AF93082BEE71} => C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PESEDIT.exe
Task: {8BD71C9F-6BF8-4FD9-9D20-FD91D2E5CEDE} - System32\Tasks\{1784D112-985E-4A2D-81C6-C2987AD08309} => C:\Program Files (x86)\Championship Manager 01-02\cm0102.exe
Task: {915F725F-08DD-4802-A53B-BFC1169A9BF0} - System32\Tasks\{AE142CEE-E9EE-4FC6-ABE8-87B514183B86} => pcalua.exe -a "C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe" -d "C:\Program Files (x86)\USB Vibration\7906\setup"
Task: {AD0C17A3-A1EC-455B-848A-7F9E19546883} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-27] (Adobe Systems Incorporated)
Task: {AEF1AF2B-3724-4F79-A593-D5B3E6205344} - System32\Tasks\{B834D3B5-ACD8-40C7-916C-506D452EC78F} => pcalua.exe -a "C:\Users\Mark Packard Bell\Downloads\HTCDriver3.0.0.007.exe" -d "C:\Users\Mark Packard Bell\Downloads"
Task: {B015DEA8-C3B3-4AF5-A9CB-FA532B2AA013} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {BB8C6C40-47D2-4D7E-905C-8554283D43C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {BCCC1665-44E6-49FD-8B49-1A10AD0A85F8} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\AutoUpdate.exe
Task: {C3CA1DBF-939E-4EB3-A10E-C7AFC8E4235B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)
Task: {CE5544BD-F58D-4021-8F7F-1AC85C4AFA73} - System32\Tasks\{EED19B30-70C8-47AE-9389-0BD5B67124D5} => pcalua.exe -a "C:\Users\Mark Packard Bell\Downloads\242.exe" -d "C:\Users\Mark Packard Bell\Downloads"
Task: {D0B7C1AD-17AE-4DE8-A772-04291F409F56} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {D8F7A683-EA98-4573-B94E-C13736A1A635} - System32\Tasks\{092CD215-C29A-46E9-8E38-84DC27544484} => C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PESEDIT.exe
Task: {DFCBE5C1-5BF5-4714-80FE-D6C87FD07032} - System32\Tasks\{95AD1534-19ED-4DFF-AA87-D4403252EC32} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.113&amp;LastError=12002
Task: {E1736045-71E9-4FE3-B690-690E29CBA6AF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {E506FA47-B12E-42C6-9AB9-684FCDD00D80} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000Core.job => C:\Users\Mark Packard Bell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000UA.job => C:\Users\Mark Packard Bell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-11-20 22:23 - 2014-11-20 22:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-03-17 16:21 - 2015-03-17 16:21 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2011-01-10 14:49 - 2011-01-10 14:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2015-03-01 23:28 - 2014-12-15 02:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-08-01 17:54 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-17 16:07 - 2015-03-17 16:07 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-03-17 16:01 - 2015-03-17 16:01 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-03-17 15:54 - 2015-03-17 15:54 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-03-17 16:07 - 2015-03-17 16:07 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-03-17 16:10 - 2015-03-17 16:10 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00280104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00754728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2014-12-13 16:49 - 2014-12-13 16:49 - 00320792 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2014-10-16 11:15 - 2014-10-16 11:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2015-03-11 18:53 - 2015-03-11 18:53 - 00113664 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\lzo2.dll
2015-03-11 18:53 - 2015-03-11 18:53 - 01034752 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libxml2.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-05 02:12 - 2009-05-20 15:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2015-06-02 20:32 - 2015-06-02 20:32 - 00043008 _____ () c:\Users\Mark Packard Bell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpisaomy.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-27 15:21 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-27 15:21 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2014-12-21 16:44 - 2015-01-08 14:53 - 00453120 _____ () C:\Program Files (x86)\Steam\SteamApps\common\Pro Evolution Soccer 2015\PTE\Free Side Select\sider.exe
2014-12-21 16:44 - 2015-01-08 14:53 - 00133120 _____ () C:\Program Files (x86)\Steam\SteamApps\common\Pro Evolution Soccer 2015\PTE\Free Side Select\sider.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:D287FACF
AlternateDataStreams: C:\ProgramData\Temp:D3A96964
AlternateDataStreams: C:\Users\Mark Packard Bell\Desktop\CV Info:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Desktop\Hyper V:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Desktop\ICNDI1_CCNA_3rdED_2012.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\barclays-premier-league-2014-15-teams-and-fixture.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Chelsea Badge.PNG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Chelsea Samsung.PNG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Chelsea_Mourinho_001.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Consultant Presentation schedule.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Premier-League.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\SAMSUNG AWAY.PNG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Samsung.PNG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Sky Bet Championship.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Sky_Bet_Championship.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Documents\CCFC.jpg:com.dropbox.attributes
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\F825DD4D.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\F825DD4D.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
 
There are 6128 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark Packard Bell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.10.10.4 - 212.10.24.252
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: LMIRescue_c9ca4a07-df97-41c4-8488-6491ac92f9f6 => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: SophosVirusRemovalTool => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Software Updater Beta.lnk => C:\Windows\pss\Kaspersky Software Updater Beta.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PrivateTunnel.lnk => C:\Windows\pss\PrivateTunnel.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EaseUS TB Tray Agent => "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
MSCONFIG\startupreg: emsisoft anti-malware => "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
MSCONFIG\startupreg: Google Update => "C:\Users\Mark Packard Bell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
MSCONFIG\startupreg: PuranADT => C:\Program Files\Puran Defrag\PuranADT.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Spotify => "C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Player\vmware-tray.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FFC6D096-3323-4BFD-92C9-08B6BB9394F2}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{C7F31722-1A0F-4126-B524-C9D92BB5B96C}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{A8FF17F3-5681-4383-91E5-663B1DBAD08C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{9955348A-C787-42C2-B786-DB33FB626F12}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DB22B764-7D3B-45BC-81A2-668AAF1AAD16}] => (Allow) svchost.exe
FirewallRules: [{104AE829-EED7-4CED-BA68-C7132B84DF09}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{814DC196-BF1F-4826-9AFC-A0AC771B0272}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{01101E64-77D5-47AB-9D61-758DE9C9EFC5}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DA696169-5BB4-4859-9D4F-930F7BA1F5A1}] => (Allow) C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
FirewallRules: [{8714DF00-9EF5-4B75-AE3C-C1E670EBAF0F}] => (Allow) C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
FirewallRules: [{2A227A81-792F-4C6E-B088-08C5C4FA0332}] => (Allow) C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
FirewallRules: [{296B9265-272F-4B03-A786-2273CE5DF80F}] => (Allow) C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
FirewallRules: [{93C0B7EE-734F-445D-8FEF-24B54A2A9FD1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86679B98-F066-4759-88B4-37C4CB9580CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B089B0E-71F2-4885-9273-2A330860D2DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB330383-2A14-4AE5-81DE-15AB8EE5CD8F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25AC7D38-52E2-4AF4-8663-E48BEE2240CD}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{08423E78-C74F-4468-AB73-D9A132C5141F}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{9A7C58FC-D03A-454B-97C0-DB89D6D566F5}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{BF7C58C3-003F-4660-8790-43AAD5C7BE13}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{35F0589C-41CC-468D-9BD8-1AD2449EF593}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT2\dirt2_game.exe
FirewallRules: [{A73AE05F-7435-4C23-90D4-D6D4A32820D2}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT2\dirt2_game.exe
FirewallRules: [{A15CD113-748F-498F-84EC-550B6F97996D}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe
FirewallRules: [{B5420E57-4A2B-486C-B10A-2E2B919EF856}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe
FirewallRules: [{7D257A6E-8D25-4CBF-896D-80A7A4555F72}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe.exe
FirewallRules: [{3E1DD5EF-2FEE-4D4A-AE06-56F38003029A}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe.exe
FirewallRules: [{B78BBB56-CF5F-4534-A404-EB00ABAD0EAE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{80FF7296-20EF-4484-86BE-3091CEE03FEC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{45EB22C0-F81F-4A6A-825A-50036EA178DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{0CE68321-05D9-4898-82DF-33EF4E48C579}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{077C32B0-0C90-428D-9413-FE55FE67E652}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe.exe
FirewallRules: [{C7529C05-33A6-4D5B-B73A-0921FFC310EB}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe.exe
FirewallRules: [{CE79CD86-F293-4531-BB35-604524456F2A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{9D6E6C3D-9221-4210-B2E4-3B7B2A5086E2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{BC0FF3D4-35AC-47A1-91E1-6425E7CAE3B0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{8CA91782-237C-4730-B9C4-6E06773DB4B6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{99016948-A3BC-46B1-BE37-2FDBC082FB3F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{3C593A4D-EEBE-4982-B210-307ED05F751F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{E74C4DA2-8E05-40F3-9B8F-DA0C0C0F428C}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe
FirewallRules: [{DA16C0C7-5617-42AB-942A-C85E52A43807}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe
FirewallRules: [{0ABCB5F3-8D15-4412-94CD-9473711A4570}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{C23C170D-349C-45F5-BA0B-BEE1CC41A665}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{623A50C5-EB8C-4DEB-A273-1845CDC9D04F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2508A3AF-F6DB-437A-BD71-33AC692E72A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D54519F4-4207-4930-9740-C8F81D4308B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2013\fm.exe
FirewallRules: [{659ACFB8-BF62-4CBA-B1BA-D478DAF41D6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2013\fm.exe
FirewallRules: [{9D121E84-382F-4866-A3CE-085B91B4A459}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\TorrentStream\engine\tsengine.exe
FirewallRules: [{3F4CF575-F1C6-4980-BDE7-29183643FD73}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\TorrentStream\engine\tsengine.exe
FirewallRules: [{506AD2B3-4507-4239-BD33-06B9BBBBF332}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{C4213B38-F1FF-4568-B6BA-D852E844F050}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{25320B58-1EB3-4865-8555-ED488D5357B3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
FirewallRules: [{3EBEAA2E-E985-4760-B909-F67BEC311522}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
FirewallRules: [{C1185E01-EE75-4C00-9A9A-F35ABE279E42}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E773C940-5D1F-4D26-94B0-144763818B4F}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E4398596-9C00-405E-A587-8C0D3811B2C0}] => (Allow) C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{1B308130-E424-4C62-985C-7DEF069E8CC5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{057F05E4-2883-4540-AE49-DA98985AE119}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B533186-F257-4425-A67C-64679BDD4382}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{20F835D6-DAB7-4E56-9749-CC0ABAC50FBB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D2AA660D-F665-4CDF-B3A0-8C6B293EFB9A}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{03539FBE-3C70-4E4A-8419-0452E14E2080}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{A819BDF5-30B7-4A5D-B0F6-FA3821828399}] => (Allow) C:\Users\Mark Packard Bell\Downloads\solutoinstaller.exe
FirewallRules: [{E3BE12B8-4EF6-4D91-A639-6AC4F53AE72C}] => (Allow) C:\Users\Mark Packard Bell\Downloads\solutoinstaller.exe
FirewallRules: [{8A9926FB-0FE9-4416-8063-B9D119F3D244}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{77A111C2-B7BD-4EC0-9A56-E1510528BE14}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2FA50437-5D0A-4ABD-83E5-125B456C8477}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{84DF20D4-64F4-489E-AA18-CC77F1B5D1B7}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D316B1FD-3A9B-414C-B5AA-2C74DFE6F92E}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{83B3E9D4-4CC7-4A06-8AFB-2A0C399A0354}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT2\dirt2_game.exe
FirewallRules: [{FA173414-54B2-4ADB-9322-78E1C83C5F8E}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT2\dirt2_game.exe
FirewallRules: [{2FCF08E6-F1F3-4FC1-9BE7-F93AB156D429}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{95DE094D-AB31-4F6E-9D45-58F61D55EF8C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D61A1084-BA30-4F1E-A50C-5FD838D357FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{74DBC340-C4F7-4B70-B084-FE9A18191F69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [TCP Query User{DDD9D2C9-9D63-4DA3-B653-BA27D4821768}C:\users\mark packard bell\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mark packard bell\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{6A3F5653-56BD-4AC1-A98D-C67E44CF7151}C:\users\mark packard bell\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mark packard bell\appdata\local\akamai\netsession_win.exe
FirewallRules: [{6675BE67-2F88-49FA-9B92-AD1491DD2621}] => (Allow) C:\Program Files (x86)\Acronis\Access\Common\apache-tomcat-7.0.57\bin\tomcat7.exe
FirewallRules: [{BFA5985C-027D-4621-AC3B-9F977E437CFB}] => (Allow) C:\Program Files (x86)\Acronis\Access\Common\apache-tomcat-7.0.57\bin\tomcat7.exe
FirewallRules: [{5C82044B-11E0-4495-A0D0-8BA15B6AF468}] => (Allow) C:\Program Files (x86)\Acronis\Access\File Repository\AcronisAccessRepository.exe
FirewallRules: [{D346CE04-1F95-4D96-A493-A9CAE565360F}] => (Allow) LPort=0
FirewallRules: [{9C28F6C4-5213-4E48-82AA-85BB3536D22B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{20F35B24-6A38-46B3-8710-095276B3A55A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2F4EB44A-929A-4A4E-85E7-FC4A08FBB735}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D2279D33-13B7-4729-8523-2B4AA1E396DA}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{80378E44-B0DB-47DD-BBCE-2B0912B73201}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F3481182-7FBE-4F7C-9F98-B093E3A42DB1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0ED39539-0935-46F5-85C9-B1FBB2F42833}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3335B18D-3014-4B69-8B41-63F08B1817B7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2131BCA2-DEC2-4CC4-B89B-4F7008BD4A79}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DA1CCD2E-961C-4464-8251-562B662D7313}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{86B6E102-0F2B-4D43-9F45-6E2004AB7887}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{385E2A16-EE76-4C68-81E9-4FFE2DDAD9BC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{A96E91D3-1A3A-4A5B-B2DC-59A1E1386996}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{EB2E3AF5-A3DA-4EDC-9201-EA75B36BC585}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{E3ECE65C-1E1E-47DD-9451-AD138F33A26A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{CCD16B9F-4AE4-4662-8BEB-31640BB95524}] => (Allow) C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{553FD946-B23B-45A8-9943-C7A4352945A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{304042CE-A534-41C5-B7DF-4CF92577ABCB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F575127B-BBAF-4312-967F-8384E096EC4C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{0D44F4DD-39FF-4A3B-806C-7F941391FD8A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{38492FCA-3D7A-400F-ACA8-D5AD5448F9FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{C3446194-F654-445B-A0DA-7790692E09FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{992B68BD-9D85-4DC2-BC08-84C545CB0266}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D81E8F6F-ED10-4B4F-8C2B-537231DF153B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E0EC7FDC-E475-48F3-98B1-7E18F65D6ADD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5D9166D0-8FE7-4A0F-BA0B-54EB13FD2F1C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DA4DDF13-1F7E-45C9-82F3-9DF1BB614D39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 1.3M WebCam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/02/2015 08:30:18 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.
 
Error: (06/02/2015 08:29:24 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalog
 
Error: (06/02/2015 08:29:24 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Error: (06/02/2015 08:05:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e8c17
Exception code: 0x80070006
Fault offset: 0x000000000001aaad
Faulting process id: 0x894
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (06/02/2015 06:39:22 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.
 
Error: (06/02/2015 06:37:34 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalog
 
Error: (06/02/2015 06:37:34 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Error: (06/02/2015 04:01:19 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.
 
Error: (06/02/2015 04:00:42 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalog
 
Error: (06/02/2015 04:00:41 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
 
System errors:
=============
Error: (06/02/2015 11:57:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (06/02/2015 11:57:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (06/02/2015 11:50:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/02/2015 11:40:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/02/2015 11:30:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/02/2015 11:20:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/02/2015 11:10:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/02/2015 11:00:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/02/2015 10:50:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/02/2015 10:40:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office:
=========================
Error: (06/02/2015 08:30:18 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiThe operation completed successfully.   0x0
 
Error: (06/02/2015 08:29:24 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog
 
Error: (06/02/2015 08:29:24 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: 
 
Error: (06/02/2015 08:05:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.18839553e8c1780070006000000000001aaad89401d09d523165d682C:\Windows\System32\svchost.exeC:\Windows\system32\KERNELBASE.dlleba93c69-0951-11e5-b330-1c7508449bbd
 
Error: (06/02/2015 06:39:22 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiThe operation completed successfully.   0x0
 
Error: (06/02/2015 06:37:34 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog
 
Error: (06/02/2015 06:37:34 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: 
 
Error: (06/02/2015 04:01:19 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiThe operation completed successfully.   0x0
 
Error: (06/02/2015 04:00:42 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog
 
Error: (06/02/2015 04:00:41 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: 
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-20 21:24:05.366
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-20 21:24:05.303
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II N950 Quad-Core Processor
Percentage of memory in use: 71%
Total physical RAM: 4090.9 MB
Available physical RAM: 1172.89 MB
Total Pagefile: 8180 MB
Available Pagefile: 4151.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Packard Bell) (Fixed) (Total:684.54 GB) (Free:214.27 GB) NTFS
Drive d: (9781587143854) (CDROM) (Total:0.66 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0C359BC0)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:44 PM

Posted 03 June 2015 - 09:42 AM

:step1: We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   591bytes   5 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

:step2: MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes ONLY:

  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

 

In your next reply, please include:

  • Fixlog.txt from FRST
  • Result.txt from MiniToolBox
  • How is your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 03 June 2015 - 12:46 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Mark Packard Bell at 2015-06-03 19:11:30 Run:1
Running from C:\Users\Mark Packard Bell\Downloads
Loaded Profiles: Mark Packard Bell (Available Profiles: Mark Packard Bell)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
closeprocesses:
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
Task: {3927F1DB-ED74-41DD-B1F2-266893F63797} - \Driver Booster SkipUAC (Mark Packard Bell) No Task File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:D287FACF
AlternateDataStreams: C:\ProgramData\Temp:D3A96964
emptytemp:
*****************
 
Processes closed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\S-1-5-21-539220840-4066696231-1515832666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3927F1DB-ED74-41DD-B1F2-266893F63797}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3927F1DB-ED74-41DD-B1F2-266893F63797}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Mark Packard Bell)" => key Removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS Removed successfully.
C:\ProgramData\Temp => ":D287FACF" ADS Removed successfully.
C:\ProgramData\Temp => ":D3A96964" ADS Removed successfully.
EmptyTemp: => Removed 696.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:13:28 ====
 
 
 
 
The system rebooted and I got a black screen and then a cmd box flashed up after about a minute or so, I guess this was your script?
 
Norton doesn't seem to like MiniTool so I disabled Auto- Protect and the Firewall to run it.
 
 
 
 
MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Mark Packard Bell (administrator) on 03-06-2015 at 19:36:35
Running from "C:\Users\Mark Packard Bell\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: EasyNote TK81 Manufacturer: Packard Bell
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : MarkPackardBell
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 2E-65-9D-5A-71-A8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR5B97 Wireless Network Adapter
   Physical Address. . . . . . . . . : 1C-65-9D-5A-71-A8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::fcde:60db:fff2:67d0%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.87.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 03 June 2015 19:16:13
   Lease Expires . . . . . . . . . . : 04 June 2015 19:36:06
   Default Gateway . . . . . . . . . : 192.168.87.1
   DHCP Server . . . . . . . . . . . : 192.168.87.1
   DHCPv6 IAID . . . . . . . . . . . : 488400285
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-87-D0-09-1C-75-08-44-9B-BD
   DNS Servers . . . . . . . . . . . : 212.10.10.4
                                       212.10.24.252
                                       212.10.10.5
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 1C-75-08-44-9B-BD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter VirtualBox Host-Only Network:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-C0-9A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a92d:703a:2e8a:92a3%16(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 570949671
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-87-D0-09-1C-75-08-44-9B-BD
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  ns1.stofanet.dk
Address:  212.10.10.4
 
Name:    google.com
Addresses:  2a00:1450:4005:800::1008
 212.10.212.83
 212.10.212.113
 212.10.212.109
 212.10.212.94
 212.10.212.87
 212.10.212.93
 212.10.212.102
 212.10.212.106
 212.10.212.79
 212.10.212.108
 212.10.212.117
 212.10.212.123
 212.10.212.121
 212.10.212.91
 212.10.212.98
 
 
Pinging google.com [212.10.212.91] with 32 bytes of data:
Reply from 212.10.212.91: bytes=32 time=12ms TTL=57
Reply from 212.10.212.91: bytes=32 time=12ms TTL=57
 
Ping statistics for 212.10.212.91:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 12ms, Average = 12ms
Server:  ns1.stofanet.dk
Address:  212.10.10.4
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=142ms TTL=48
Reply from 98.138.253.109: bytes=32 time=141ms TTL=48
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 141ms, Maximum = 142ms, Average = 141ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...2e 65 9d 5a 71 a8 ......Microsoft Virtual WiFi Miniport Adapter
 14...1c 65 9d 5a 71 a8 ......Qualcomm Atheros AR5B97 Wireless Network Adapter
 13...1c 75 08 44 9b bd ......Broadcom NetLink ™ Gigabit Ethernet
 16...08 00 27 00 c0 9a ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.87.1   192.168.87.100     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
     192.168.87.0    255.255.255.0         On-link    192.168.87.100    281
   192.168.87.100  255.255.255.255         On-link    192.168.87.100    281
   192.168.87.255  255.255.255.255         On-link    192.168.87.100    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link    192.168.87.100    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link    192.168.87.100    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 16    276 fe80::/64                On-link
 14    281 fe80::/64                On-link
 16    276 fe80::a92d:703a:2e8a:92a3/128
                                    On-link
 14    281 fe80::fcde:60db:fff2:67d0/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    276 ff00::/8                 On-link
 14    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
**** End of log ****
 
 
What DNS is that do you know? It's not googles but could it be my ISP or a malicious one?
Also those sysWOW entries...some websites say they are for running 32/64 bit operations and some say they are malware. Do you know what they are?
 
I won't really know if I will still get the pop up or not for a little while as it just randomly opens a new tab periodically. I will try to use it over the next hour to see how the machine and browsing in Chrome looks and feels. I feel like webpages should be loading faster (over the last few weeks or more) but that could just be me.


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:44 PM

Posted 03 June 2015 - 02:55 PM

The system rebooted and I got a black screen and then a cmd box flashed up after about a minute or so, I guess this was your script?

That's strange. I don't think that was the script. Let me know if you see that happen again.
 

What DNS is that do you know? It's not googles but could it be my ISP or a malicious one?


Good question - I had us run MiniToolBox to get a little more info on this. It appears as though the DNS IPs are from Denmark. Is Telia Stofa A/S your ISP?
 

Also those sysWOW entries...some websites say they are for running 32/64 bit operations and some say they are malware. Do you know what they are?

Are you referring to the Winsock entries section? Everything appears normal there.
 

I won't really know if I will still get the pop up or not for a little while as it just randomly opens a new tab periodically. I will try to use it over the next hour to see how the machine and browsing in Chrome looks and feels. I feel like webpages should be loading faster (over the last few weeks or more) but that could just be me.


Ok, and if you can, what's the website address that randomly opens in the new tab?


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 03 June 2015 - 03:35 PM

I'm not quite sure if it happened again. Laptop loads in just under a minute - log in - takes over 1.5 minutes to get to desktop and a total of 5 minutes before everything is ready and a webpage opens. It was very slow and hanging a little on the first reboot. I downloaded and installed any windows updates. It seems better on the next reboot. I'm not stressing it right now though.

 

That is my ISP DNS.

 

I had included the link to the website that normally pops up in the first post but thought better of it and deleted it. Before it used to appear as some sort of chat site with a strawberry/berrie icon. Lately it has poped up as some sort of financial advice site. I just closed them down ASAP. I will see if it happens again.

 

My gut says the pop-up problem might be gone for now but there is still something on my machine. What do you think?



#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:44 PM

Posted 03 June 2015 - 03:42 PM

I don't see any more malware in the logs, but let's double check.

ESET Online Scanner:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.

  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use[" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download it's components, register itself, and start itself.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items(uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anto-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:44 PM

Posted 06 June 2015 - 12:41 PM

sparky2000,

It has been several days since my last post.

Do you still need help? If you do, please follow my previous instructions. :thumbup2:


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 07 June 2015 - 06:34 AM

And the ads make an appearance again. just when I thought the computer was ok. I attached pictures from snipping tool to this post.

The ads are in Danish, the second one basically says I have won a big voucher and displays a survey to take.

 

 

I have had a bad experience with ESET before when it removed some false positives - mostly 3rd party patches for games. Is it possible to run it without these being deleted?

I would have ran the scan but now but I have an exam tomorrow that I need my laptop for. 

Attached Files


Edited by sparky2000, 07 June 2015 - 06:42 AM.


#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:44 PM

Posted 07 June 2015 - 10:48 AM

Let's skip ESET for now.

 

Does Total Ad Performance only popup in Chrome?

 

Please download the latest version of FRST and run a new scan. Also, check the checkbox next to Addition.txt


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 08 June 2015 - 05:45 PM

Only in Chrome yes, but I have most of my bookmarks in Chrome so I use it regularly.

 

Scan ResultsScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015

Ran by Mark Packard Bell (administrator) on MARKPACKARDBELL on 09-06-2015 00:36:10
Running from C:\Users\Mark Packard Bell\Downloads
Loaded Profiles: Mark Packard Bell (Available Profiles: Mark Packard Bell)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Puran Software) C:\Program Files\Puran Defrag\PuranADT.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Akamai Technologies, Inc.) C:\Users\Mark Packard Bell\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Akamai Technologies, Inc.) C:\Users\Mark Packard Bell\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Dropbox, Inc.) C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
(Puran Software) C:\Windows\System32\PuranDefragS.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptcore.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Mark Packard Bell\Downloads\frst64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-12] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PuranADT] => C:\Program Files\Puran Defrag\PuranADT.exe [443776 2013-08-15] (Puran Software)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mark Packard Bell\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Run: [Spotify Web Helper] => C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-06] (Spotify Ltd)
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk [2015-05-28]
ShortcutTarget: Heimdal.lnk -> C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe (No File)
Startup: C:\Users\Mark Packard Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: bootdeleteautocheck PuranDefragBT -AD
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-09] (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {C8C1066B-FE9E-4B1B-9951-1BBC5EE03E38} https://www2.web-direct.dk/wdx.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.10.10.4 212.10.24.252 212.10.10.5
 
FireFox:
========
FF ProfilePath: C:\Users\Mark Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\umqorouy.default-1433188102237
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @fronter.com/FronterOES -> C:\Program Files (x86)\Fronter\Fronter OES\npfronter_oes2.dll [2012-12-18] (Fronter AS)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-07-05] (Verimatrix, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: visualon.com/voBrowserPlugin -> C:\ProgramData\VisualOn\BrowserPlugin\npStofaWebtvPlayer.dll [2014-12-08] ()
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @torrentstream.net/tsplugin,version=2.0.8.1.2 -> C:\Users\Mark Packard Bell\AppData\Roaming\TorrentStream\player\npts_plugin.dll [2014-04-25] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mark Packard Bell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-04-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-07-05] (Verimatrix, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-14] (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-06-02]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-06-08]
 
Chrome: 
=======
CHR Profile: C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-04-09]
CHR Extension: (RescueTime for Chrome™ & ChromeOS™) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdakmnplckeopfghnlpocafcepegjeap [2015-04-10]
CHR Extension: (WOT) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-12]
CHR Extension: (Poper Blocker) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-04-09]
CHR Extension: (Adblock Plus) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-09]
CHR Extension: (Adblock for Youtube™) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-04-09]
CHR Extension: (Scoopinion) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojhbmpnoehchagcbojelmclgjgopilf [2015-04-09]
CHR Extension: (Gmelius for Gmail) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2015-04-09]
CHR Extension: (Chromebleed) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-04-09]
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk [2015-04-12]
CHR Extension: (TV - Voozy.tv) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\flnepcgaapadgbmfkmacafjiejjhbipm [2015-04-09]
CHR Extension: (HTTPS Everywhere) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-04-09]
CHR Extension: (Hide My AdBlocker) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2015-04-24]
CHR Extension: (AdBlock) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkoaiekboalajhlkmecgibenobdeencn [2015-05-27]
CHR Extension: (Hola Better Internet) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-05-28]
CHR Extension: (Bookmark Manager) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Weather) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbiedpeaicgipncdnnkikeehnjiddck [2015-05-26]
CHR Extension: (Norton Identity Safe) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-16]
CHR Extension: (Adblock Super) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-04-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (FlashControl) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-05-27]
CHR Extension: (Right Inbox for Gmail) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2015-04-09]
CHR Extension: (Norton Security Toolbar) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-05-28]
CHR Extension: (Ghostery) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-09]
CHR Extension: (Google Wallet) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Kaspersky Security Scan) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeppdapcjiogpjjnceheinbfmkkpkfni [2015-04-09]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-04-09]
CHR Extension: (Publish5 - DIY Mobile App Creator) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljongdhniobjippcfefmkjnjkcbflfl [2015-04-09]
CHR Extension: (iReader) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc [2015-04-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
CHR HKU\S-1-5-21-539220840-4066696231-1515832666-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - C:\Users\Mark Packard Bell\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - No Path Or update_url value
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-02] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-24] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-03-17] () [File not signed]
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-12] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
R2 ptservice; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816 2015-03-20] (OpenVPN Technologies, Inc)
R2 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150601.001\BHDrvx64.sys [1640152 2015-05-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-05] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 F825DD4D; C:\Windows\System32\drivers\F825DD4D.sys [457824 2015-04-24] (Kaspersky Lab ZAO)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-04-15] ()
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150605.001\IDSvia64.sys [684248 2015-05-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150607.020\ENG64.SYS [129752 2015-05-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150607.020\EX64.SYS [2137304 2015-05-25] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ser2at; C:\Windows\System32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-26] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-10] (BitDefender S.R.L.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EUBAKUP0; \??\C:\Windows\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\Windows\system32\drivers\EUBKMON0.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-09 00:35 - 2015-06-09 00:35 - 02108928 _____ (Farbar) C:\Users\Mark Packard Bell\Downloads\frst64 (1).exe
2015-06-08 20:40 - 2015-06-08 20:40 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Mad.Men.S07E14.HDTV.x264-LOL[ettv]
2015-06-08 20:39 - 2015-06-08 20:39 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Mad.Men.S07E13.HDTV.x264-LOL[ettv]
2015-06-08 20:32 - 2015-06-08 20:32 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Mr.Robot.S01E01.HDTV.x264.PROPER-LOL[ettv]
2015-06-08 20:17 - 2015-06-08 20:17 - 00038727 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]game.of.thrones.s05e09.proper.hdtv.x264.killers.ettv.torrent
2015-06-08 20:17 - 2015-06-08 20:17 - 00036846 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]game.of.thrones.s05e08.hdtv.x264.killers.ettv.torrent
2015-06-08 20:17 - 2015-06-08 20:17 - 00028987 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]game.of.thrones.s05e07.hdtv.x264.asap.ettv.torrent
2015-06-08 20:17 - 2015-06-08 20:17 - 00027852 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]game.of.thrones.s05e06.hdtv.x264.asap.ettv.torrent
2015-06-08 20:17 - 2015-06-08 20:17 - 00024916 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]game.of.thrones.s05e05.hdtv.x264.asap.ettv.torrent
2015-06-08 20:09 - 2015-06-08 20:09 - 00017683 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]silicon.valley.s02e08.hdtv.x264.killers.ettv.torrent
2015-06-08 20:09 - 2015-06-08 20:09 - 00016353 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]silicon.valley.s02e06.hdtv.x264.asap.ettv.torrent
2015-06-08 20:09 - 2015-06-08 20:09 - 00015793 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]silicon.valley.s02e05.hdtv.x264.asap.ettv.torrent
2015-06-08 20:09 - 2015-06-08 20:09 - 00014704 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]silicon.valley.s02e07.hdtv.x264.asap.ettv.torrent
2015-06-08 20:06 - 2015-06-08 20:06 - 00018357 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]the.good.wife.s06e22.hdtv.x264.lol.rarbg.torrent
2015-06-08 20:02 - 2015-06-08 20:02 - 00015333 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]silicon.valley.s02e09.hdtv.x264.asap.ettv.torrent
2015-06-08 19:55 - 2015-06-08 19:55 - 00000021 _____ C:\Windows\S.dirmngr
2015-06-08 19:53 - 2015-06-08 19:54 - 00465840 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-08 19:53 - 2015-06-08 19:53 - 00000056 _____ C:\Windows\setupact.log
2015-06-08 19:53 - 2015-06-08 19:53 - 00000000 _____ C:\Windows\setuperr.log
2015-06-08 13:19 - 2015-06-08 13:19 - 00118624 _____ C:\Users\Mark Packard Bell\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-08 11:28 - 2015-06-08 11:28 - 00614895 _____ C:\Users\Mark Packard Bell\Downloads\Crypto_01 (2).pptx
2015-06-07 16:44 - 2015-06-07 16:44 - 00595456 _____ C:\Users\Mark Packard Bell\Downloads\Snort (1).ppt
2015-06-07 16:44 - 2015-06-07 16:44 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_2598
2015-06-07 16:43 - 2015-06-07 16:43 - 00303616 _____ C:\Users\Mark Packard Bell\Downloads\snort.ppt
2015-06-07 11:48 - 2015-06-07 11:49 - 42845972 _____ C:\Users\Mark Packard Bell\Downloads\7. lesson - LEAN and process mapping (1).pptx
2015-06-06 15:47 - 2015-06-06 15:47 - 00324639 _____ C:\Users\Apps\local-files-desktop.spa
2015-06-06 15:47 - 2015-06-06 15:47 - 00145701 _____ C:\Users\Apps\hub.spa
2015-06-06 15:08 - 2015-06-06 15:47 - 41287224 _____ C:\Users\libcef.dll
2015-06-06 15:08 - 2015-06-06 15:47 - 10457856 _____ C:\Users\icudtl.dat
2015-06-06 15:08 - 2015-06-06 15:47 - 04253463 _____ C:\Users\devtools_resources.pak
2015-06-06 15:08 - 2015-06-06 15:47 - 03457592 _____ (Microsoft Corporation) C:\Users\d3dcompiler_47.dll
2015-06-06 15:08 - 2015-06-06 15:47 - 02106424 _____ (Microsoft Corporation) C:\Users\d3dcompiler_43.dll
2015-06-06 15:08 - 2015-06-06 15:47 - 02021944 _____ (Spotify Ltd) C:\Users\SpotifyWebHelper.exe
2015-06-06 15:08 - 2015-06-06 15:47 - 02018406 _____ C:\Users\cef.pak
2015-06-06 15:08 - 2015-06-06 15:47 - 01488440 _____ C:\Users\libGLESv2.dll
2015-06-06 15:08 - 2015-06-06 15:47 - 00968248 _____ (The Chromium Authors) C:\Users\ffmpegsumo.dll
2015-06-06 15:08 - 2015-06-06 15:47 - 00777272 _____ (Spotify Ltd) C:\Users\SpotifyCrashService.exe
2015-06-06 15:08 - 2015-06-06 15:47 - 00598403 _____ C:\Users\cef_200_percent.pak
2015-06-06 15:08 - 2015-06-06 15:47 - 00444515 _____ C:\Users\cef_100_percent.pak
2015-06-06 15:08 - 2015-06-06 15:47 - 00124472 _____ (Spotify Ltd) C:\Users\SpotifyLauncher.exe
2015-06-06 15:08 - 2015-06-06 15:47 - 00079928 _____ C:\Users\libEGL.dll
2015-06-06 15:08 - 2015-06-06 15:47 - 00073272 _____ C:\Users\wow_helper.exe
2015-06-06 15:08 - 2015-06-06 15:47 - 00000020 _____ C:\Users\inst_ver.dat
2015-06-06 15:07 - 2015-06-06 15:47 - 07323192 _____ (Spotify Ltd) C:\Users\Spotify.exe
2015-06-06 15:07 - 2015-06-06 15:47 - 02314260 _____ C:\Users\Apps\musixmatch-lyrics.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 02157552 _____ C:\Users\Apps\glue-resources.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00828468 _____ C:\Users\Apps\zlink.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00713882 _____ C:\Users\Apps\browse.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00532827 _____ C:\Users\Apps\notification-center.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00523578 _____ C:\Users\Apps\collection.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00505562 _____ C:\Users\Apps\genre.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00502734 _____ C:\Users\Apps\collection-artist.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00489222 _____ C:\Users\Apps\discover.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00463102 _____ C:\Users\Apps\collection-album.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00436638 _____ C:\Users\Apps\article.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00419994 _____ C:\Users\Apps\messages.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00408845 _____ C:\Users\Apps\album.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00385462 _____ C:\Users\Apps\social-feed.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00363379 _____ C:\Users\Apps\collection-songs.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00361920 _____ C:\Users\Apps\charts.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00357199 _____ C:\Users\Apps\artist.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00345753 _____ C:\Users\Apps\social-chart.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00344387 _____ C:\Users\Apps\buddy-list.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00331084 _____ C:\Users\Apps\playlist-desktop.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00299819 _____ C:\Users\Apps\radio.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00285287 _____ C:\Users\Apps\folder.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00251227 _____ C:\Users\Apps\profile.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00246374 _____ C:\Users\Apps\share.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00233679 _____ C:\Users\Apps\chart.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00209721 _____ C:\Users\Apps\findfriends.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00191376 _____ C:\Users\Apps\search.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00178608 _____ C:\Users\Apps\settings.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00177470 _____ C:\Users\Apps\suggest.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00162516 _____ C:\Users\Apps\zlink-queue.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00158229 _____ C:\Users\Apps\follow.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00112424 _____ C:\Users\Apps\zlogin.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00086386 _____ C:\Users\Apps\about.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00053462 _____ C:\Users\Apps\ad.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00040253 _____ C:\Users\Apps\licenses.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00038320 _____ C:\Users\Apps\error.spa
2015-06-06 15:07 - 2015-06-06 15:47 - 00013506 _____ C:\Users\locales\en-US.pak
2015-06-06 15:07 - 2015-06-06 15:47 - 00007047 _____ C:\Users\locales\el.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00006945 _____ C:\Users\locales\ru.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00006203 _____ C:\Users\locales\ja.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00006086 _____ C:\Users\locales\fr-CA.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00006079 _____ C:\Users\locales\hu.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00006022 _____ C:\Users\locales\fr.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00006007 _____ C:\Users\locales\fi.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00006006 _____ C:\Users\locales\pl.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005947 _____ C:\Users\locales\es-419.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005914 _____ C:\Users\locales\nl.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005872 _____ C:\Users\locales\es.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005868 _____ C:\Users\locales\zsm.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005868 _____ C:\Users\locales\de.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005859 _____ C:\Users\locales\tr.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005859 _____ C:\Users\locales\it.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005858 _____ C:\Users\locales\zh-Hant.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005852 _____ C:\Users\locales\pt-BR.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005808 _____ C:\Users\locales\sv.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005694 _____ C:\Users\locales\arb.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00005623 _____ C:\Users\locales\en.mo
2015-06-06 15:07 - 2015-06-06 15:47 - 00000000 ____D C:\Users\locales
2015-06-06 15:07 - 2015-06-06 15:47 - 00000000 _____ C:\Users\Mark.redir
2015-06-04 15:33 - 2015-06-04 15:33 - 00631480 _____ C:\Users\Mark Packard Bell\Downloads\Modem - Wikipedia, the free encyclopedia.mht
2015-06-04 14:01 - 2015-06-04 14:01 - 00049474 _____ C:\Users\Mark Packard Bell\Downloads\20150602 (1).pptx
2015-06-04 11:39 - 2015-06-04 11:39 - 01011987 _____ C:\Users\Mark Packard Bell\Downloads\DDOS Attacks - Mark McCarthy.pptx
2015-06-03 21:27 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-03 21:27 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-03 21:27 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-03 21:27 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-03 21:27 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-03 21:27 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-03 21:27 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-03 21:27 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-03 21:27 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-03 21:27 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-03 21:27 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-03 21:27 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-03 21:27 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-03 21:27 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-03 21:27 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-03 21:27 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-03 21:27 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-03 21:27 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-03 21:27 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-03 21:27 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-03 21:27 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-03 21:27 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-03 21:27 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-03 21:27 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-03 21:27 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-03 21:27 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-03 21:27 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-03 21:27 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-03 21:27 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-03 21:27 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-03 21:27 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-03 21:27 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-03 21:27 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-03 21:27 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-03 21:27 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-03 21:27 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-03 21:27 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-03 21:27 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-03 21:27 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 21:27 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-03 21:27 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-03 21:27 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-03 21:27 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-03 21:27 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-03 21:27 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-03 21:27 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-03 21:27 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-03 21:27 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-03 21:23 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-03 21:23 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-03 21:23 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-03 21:23 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-03 21:23 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-03 21:23 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-03 21:23 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-03 21:23 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-03 21:23 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-03 21:23 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-03 21:23 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-03 21:23 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-03 21:23 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-03 21:23 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-03 21:23 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-03 21:23 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-03 20:54 - 2010-06-22 18:03 - 02622056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-06-03 20:54 - 2010-06-22 18:03 - 02399848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-06-03 20:54 - 2010-06-22 18:03 - 02004072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-06-03 20:54 - 2010-06-22 18:03 - 01146984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-06-03 20:54 - 2010-06-22 18:03 - 00476264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-06-03 20:54 - 2010-06-22 18:03 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-06-03 20:54 - 2010-06-22 18:03 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-06-03 20:54 - 2010-06-22 18:02 - 01216104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-06-03 20:54 - 2010-06-22 18:02 - 00155752 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-06-03 20:54 - 2010-06-22 18:02 - 00073832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2015-06-03 20:54 - 2010-06-14 14:19 - 00220496 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFNHK64.dll
2015-06-03 20:54 - 2010-06-14 14:19 - 00078672 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFAPO64.dll
2015-06-03 20:54 - 2010-06-14 14:18 - 00078672 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFCOM64.dll
2015-06-03 20:54 - 2010-06-14 14:18 - 00071504 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-06-03 20:54 - 2010-05-14 15:21 - 00123152 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-06-03 20:54 - 2010-05-14 10:04 - 00124176 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-06-03 20:54 - 2010-05-13 22:28 - 00123664 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-06-03 20:54 - 2010-05-06 17:34 - 00335192 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-06-03 20:54 - 2010-05-06 17:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-06-03 20:54 - 2010-05-06 16:43 - 02601816 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2015-06-03 20:54 - 2010-05-06 16:43 - 01736536 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2015-06-03 20:54 - 2010-04-27 13:50 - 00330656 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-06-03 20:54 - 2010-04-14 17:56 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-06-03 20:54 - 2010-01-26 11:38 - 00168288 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-06-03 20:54 - 2010-01-05 13:41 - 01325328 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-06-03 20:54 - 2010-01-05 13:41 - 00489744 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-06-03 20:54 - 2010-01-05 13:41 - 00474896 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-06-03 20:54 - 2010-01-05 13:40 - 01178384 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-06-03 20:54 - 2010-01-05 13:40 - 01110800 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-06-03 20:54 - 2010-01-05 13:40 - 00504592 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-06-03 20:54 - 2010-01-05 13:40 - 00315152 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-06-03 20:54 - 2010-01-05 13:40 - 00268560 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-06-03 20:54 - 2010-01-05 13:40 - 00265488 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-06-03 20:54 - 2009-12-15 18:26 - 00372936 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-06-03 20:54 - 2009-12-15 18:26 - 00201928 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-06-03 20:54 - 2009-12-15 18:26 - 00099016 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-06-03 20:54 - 2009-12-15 18:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-06-03 20:54 - 2009-12-11 09:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-06-03 20:54 - 2009-12-11 09:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-06-03 20:54 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-06-03 20:54 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-06-03 20:54 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-06-03 20:54 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-06-03 20:54 - 2009-11-18 18:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-06-03 20:54 - 2009-11-17 18:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-06-03 19:34 - 2015-06-03 19:34 - 00403456 _____ (Farbar) C:\Users\Mark Packard Bell\Downloads\MiniToolBox.exe
2015-06-02 23:56 - 2015-06-02 23:58 - 00081487 _____ C:\Users\Mark Packard Bell\Downloads\Addition.txt
2015-06-02 23:53 - 2015-06-09 00:37 - 00036702 _____ C:\Users\Mark Packard Bell\Downloads\FRST.txt
2015-06-02 23:52 - 2015-06-09 00:36 - 00000000 ____D C:\FRST
2015-06-02 23:50 - 2015-06-02 23:50 - 02108928 _____ (Farbar) C:\Users\Mark Packard Bell\Downloads\FRST64.exe
2015-06-02 21:47 - 2015-06-02 21:48 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\SNORT
2015-06-02 21:05 - 2015-06-03 13:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 15:19 - 2015-06-02 15:20 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_19A6
2015-06-02 15:18 - 2015-06-02 15:18 - 00049474 _____ C:\Users\Mark Packard Bell\Downloads\20150602.pptx
2015-06-02 13:21 - 2015-06-02 13:21 - 02231296 _____ C:\Users\Mark Packard Bell\Downloads\adwcleaner_4.206.exe
2015-06-02 13:10 - 2015-06-02 13:10 - 12840520 _____ C:\Users\Mark Packard Bell\Downloads\tweaking.com_windows_repair_aio_setup (4).exe
2015-06-02 13:10 - 2015-06-02 13:10 - 00688992 ____R (Swearware) C:\Users\Mark Packard Bell\Downloads\dds.com
2015-06-02 13:10 - 2015-06-02 13:10 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mark Packard Bell\Downloads\autoruns.exe
2015-06-02 13:05 - 2015-06-02 13:05 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Mark Packard Bell\Downloads\rkill.exe
2015-06-02 13:04 - 2015-06-02 13:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Mark Packard Bell\Downloads\mbar-1.09.1.1004.exe
2015-06-02 13:02 - 2015-06-03 19:37 - 00012264 _____ C:\Users\Mark Packard Bell\Downloads\Result.txt
2015-06-02 13:01 - 2015-06-02 13:01 - 00003778 _____ C:\Users\Mark Packard Bell\Downloads\FSS.txt
2015-06-02 12:59 - 2015-06-02 12:59 - 00415232 _____ (Farbar) C:\Users\Mark Packard Bell\Downloads\FSS.exe
2015-06-02 00:56 - 2015-06-02 00:56 - 00026418 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]pes15.pte.patch.7.0.released.31.05.2015.torrent
2015-06-01 14:48 - 2015-06-01 14:48 - 00013324 _____ C:\Users\Mark Packard Bell\Downloads\stud-liste-e15-190914 (3).xlsx
2015-06-01 11:19 - 2015-06-01 11:19 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\GWX
2015-05-28 22:29 - 2015-05-28 22:29 - 00000000 ____D C:\Users\Mark Packard Bell\GNS3
2015-05-28 22:25 - 2015-05-28 22:26 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\GNS3
2015-05-28 22:25 - 2015-05-28 22:25 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\SolarWinds
2015-05-28 22:20 - 2015-06-01 12:08 - 00001662 _____ C:\Users\Mark Packard Bell\Desktop\GNS3.lnk
2015-05-28 22:20 - 2015-05-28 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNS3
2015-05-28 22:15 - 2015-05-28 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Response Time Viewer
2015-05-28 22:14 - 2015-05-28 22:14 - 00000000 ____D C:\Program Files (x86)\SolarWinds
2015-05-28 22:01 - 2015-05-28 22:23 - 00000000 ____D C:\ProgramData\Solarwinds
2015-05-28 21:58 - 2015-05-28 22:20 - 00000000 ____D C:\Program Files\GNS3
2015-05-28 21:48 - 2015-05-28 21:48 - 58620968 _____ C:\Users\Mark Packard Bell\Downloads\GNS3-1.3.3-all-in-one.exe
2015-05-28 21:03 - 2015-05-28 21:03 - 100412791 _____ C:\Users\Mark Packard Bell\Downloads\Audio_Realtek_6.0.1.6141_W7x86W7x64_A (1).zip
2015-05-28 20:16 - 2015-05-28 20:16 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Lync 2013 with SP1 32 and 64-Bit - DVD (English)
2015-05-28 20:08 - 2015-05-28 20:08 - 00000183 _____ C:\Users\Mark Packard Bell\Downloads\100385217459 (1).sdx
2015-05-28 20:02 - 2015-05-28 20:02 - 00000183 _____ C:\Users\Mark Packard Bell\Downloads\100385217459.sdx
2015-05-28 19:50 - 2015-05-28 19:50 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Access 2013 (x86 and x64) - DVD (English)
2015-05-28 19:44 - 2015-05-28 19:44 - 00000183 _____ C:\Users\Mark Packard Bell\Downloads\100385216885.sdx
2015-05-28 19:42 - 2015-05-28 19:42 - 00774656 _____ C:\Users\Mark Packard Bell\Downloads\SDM_EN (2).msi
2015-05-27 23:45 - 2015-05-27 23:45 - 02946603 _____ (Thisisu) C:\Users\Mark Packard Bell\Downloads\JRT.exe
2015-05-27 23:20 - 2015-06-08 20:27 - 00005032 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARKPACKARDBELL-Mark Packard Bell MarkPackardBell
2015-05-27 22:29 - 2015-05-27 22:29 - 00000000 ____D C:\ProgramData\Emsisoft
2015-05-27 20:53 - 2015-05-27 20:56 - 12840520 _____ C:\Users\Mark Packard Bell\Downloads\tweaking.com_windows_repair_aio_setup (3).exe
2015-05-27 15:17 - 2015-05-27 15:17 - 00000000 ____D C:\Program Files (x86)\Wireshark
2015-05-27 13:00 - 2015-05-27 13:00 - 00001093 _____ C:\Users\Public\Desktop\GPA.lnk
2015-05-27 13:00 - 2015-05-27 13:00 - 00000000 ____D C:\Users\Public\Desktop\Gpg4win Documentation
2015-05-27 12:59 - 2015-05-27 12:59 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\gnupg
2015-05-27 12:59 - 2015-05-27 12:59 - 00000000 ____D C:\ProgramData\GNU
2015-05-27 12:58 - 2015-05-27 12:58 - 00000000 ____D C:\Program Files (x86)\GNU
2015-05-27 12:45 - 2015-05-27 12:45 - 30506192 _____ (g10 Code GmbH) C:\Users\Mark Packard Bell\Downloads\gpg4win-2.2.4.exe
2015-05-26 23:36 - 2015-05-26 23:37 - 00000000 ____D C:\ProgramData\Sophos
2015-05-26 23:16 - 2015-05-27 14:57 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\TMRBLog
2015-05-26 23:05 - 2015-05-26 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-05-26 23:05 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-05-26 23:04 - 2015-06-08 20:01 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-05-24 15:30 - 2015-05-24 15:35 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Toy Story 3 (2010) [1080p]
2015-05-21 14:09 - 2015-05-21 14:09 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_3B6
2015-05-21 11:01 - 2015-05-21 11:02 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_3ECE
2015-05-21 10:49 - 2015-05-21 10:49 - 00062534 _____ C:\Users\Mark Packard Bell\Downloads\Project Reports.pptx
2015-05-21 10:49 - 2015-05-21 10:49 - 00033649 _____ C:\Users\Mark Packard Bell\Downloads\20150521.pptx
2015-05-20 17:14 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-20 11:15 - 2015-05-20 11:33 - 666894336 _____ C:\Users\Mark Packard Bell\Downloads\CentOS-7-x86_64-Minimal-1503-01.iso
2015-05-19 20:36 - 2015-05-19 20:36 - 00970125 _____ C:\Users\Mark Packard Bell\Downloads\libdnet-1.12.tgz
2015-05-19 19:30 - 2015-05-28 19:55 - 00000000 ____D C:\Users\Mark Packard Bell\VirtualBox VMs
2015-05-19 15:27 - 2015-05-19 15:33 - 06352738 _____ C:\Users\Mark Packard Bell\Downloads\snort-2.9.7.2.tar.gz
2015-05-19 15:27 - 2015-05-19 15:28 - 00495316 _____ C:\Users\Mark Packard Bell\Downloads\daq-2.0.4.tar.gz
2015-05-18 12:03 - 2015-05-18 12:03 - 00614895 _____ C:\Users\Mark Packard Bell\Downloads\Crypto_01 (1).pptx
2015-05-18 12:01 - 2015-05-18 12:01 - 00614895 _____ C:\Users\Mark Packard Bell\Downloads\Crypto_01.pptx
2015-05-18 09:01 - 2015-05-18 09:01 - 00000000 ____D C:\Users\Mark Packard Bell\Documents\My Meetings
2015-05-17 20:03 - 2015-05-17 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Meeting 2007
2015-05-17 20:02 - 2015-05-17 20:02 - 00000000 ____D C:\ProgramData\Applications
2015-05-17 19:59 - 2015-05-18 09:00 - 00000000 ____D C:\Users\Mark Packard Bell\Tracing
2015-05-17 19:56 - 2015-05-17 19:56 - 17308304 _____ (Microsoft Corporation) C:\Users\Mark Packard Bell\Downloads\lmsetup.exe
2015-05-15 09:10 - 2015-05-15 09:10 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_830
2015-05-14 23:25 - 2015-05-14 23:25 - 00500224 _____ C:\Users\Mark Packard Bell\Downloads\26-security2 (1).ppt
2015-05-14 22:00 - 2015-05-14 22:00 - 04656262 _____ C:\Users\Mark Packard Bell\Downloads\freeradius-server-3.0.8.tar.gz
2015-05-14 22:00 - 2015-05-14 22:00 - 02945423 _____ C:\Users\Mark Packard Bell\Downloads\freeradius-server-3.0.8.tar.bz2
2015-05-14 21:32 - 2015-05-14 21:32 - 01187890 _____ C:\Users\Mark Packard Bell\Downloads\How to Use Packet Tracer.pptx
2015-05-13 11:29 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 11:29 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 11:29 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 11:29 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 11:29 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 11:29 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 11:29 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 11:29 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 11:29 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 11:29 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 11:29 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 11:29 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 11:29 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 11:29 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 11:29 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 11:29 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 11:29 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 11:29 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 11:29 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 11:29 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 11:29 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 11:29 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 11:29 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 11:29 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 11:29 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 11:29 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 11:29 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 11:29 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 11:29 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 11:29 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 11:29 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 11:29 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 11:29 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 11:29 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 11:29 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 11:29 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 11:29 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 11:29 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 11:29 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 11:29 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 11:29 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 11:29 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 11:29 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 11:29 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 11:29 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 11:29 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 11:29 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 11:29 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 11:29 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 11:29 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 11:29 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 11:29 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 11:29 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 11:29 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 11:29 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 11:29 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 11:29 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 11:29 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 11:29 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 11:29 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 11:14 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 11:14 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 11:14 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 11:14 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 11:14 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 11:14 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 11:13 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 11:13 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 11:13 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 11:13 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 11:12 - 2015-05-13 11:48 - 55480849 _____ C:\Users\Mark Packard Bell\Downloads\GNS3-1.3.2-all-in-one.exe.part
2015-05-13 10:27 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:27 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:50 - 2015-05-13 08:51 - 02141009 _____ (OpenSSL Win32 Installer Team ) C:\Users\Mark Packard Bell\Downloads\Win32OpenSSL_Light-1_0_2a.exe
2015-05-12 22:11 - 2015-05-12 22:29 - 4123048448 ____R C:\Users\Mark Packard Bell\Downloads\sortitoutsi_backgrounds_megapack_2014.01.rar
2015-05-12 22:09 - 2015-05-12 22:09 - 00020496 _____ C:\Users\Mark Packard Bell\Downloads\sortitoutsi_backgrounds_megapack_2014.01.rar.torrent
2015-05-12 15:18 - 2015-05-12 15:19 - 42845972 _____ C:\Users\Mark Packard Bell\Downloads\7. lesson - LEAN and process mapping.pptx
2015-05-12 15:16 - 2015-05-28 19:46 - 00000154 _____ C:\Users\Mark Packard Bell\Desktop\Windows 7 Key.txt
2015-05-12 15:02 - 2015-05-12 15:23 - 1044381696 _____ C:\Users\Mark Packard Bell\Downloads\ubuntu-14.04.2-desktop-amd64.iso
2015-05-12 13:55 - 2015-05-12 14:01 - 257949696 _____ C:\Users\Mark Packard Bell\Downloads\debian-8.0.0-amd64-netinst.iso
2015-05-12 13:52 - 2015-05-12 13:53 - 03112560 _____ C:\Users\Mark Packard Bell\Downloads\vmlinuz
2015-05-12 13:52 - 2015-05-12 13:52 - 01523480 _____ C:\Users\Mark Packard Bell\Downloads\debian-cd_info.tar.gz
2015-05-12 13:51 - 2015-05-12 14:02 - 136923277 _____ C:\Users\Mark Packard Bell\Downloads\debian-8.0.0-amd64-CD-1.iso
2015-05-12 06:24 - 2015-05-12 06:24 - 04149784 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-05-11 22:49 - 2015-05-11 22:50 - 198472712 _____ C:\Users\Mark Packard Bell\Downloads\20140204_cm_10.2_skomer-ota-eng.flx.zip
2015-05-11 22:49 - 2015-05-11 22:49 - 18743296 _____ C:\Users\Mark Packard Bell\Downloads\20140604_cm_10.2_skomer-ota-eng.flx (1).zip
2015-05-11 22:49 - 2015-05-11 22:49 - 00000074 _____ C:\Users\Mark Packard Bell\Downloads\20140204_cm_10.2_skomer-ota-eng.flx.zip.md5sum
2015-05-11 22:49 - 2015-05-11 22:49 - 00000074 _____ C:\Users\Mark Packard Bell\Downloads\20140112_cm_10.2_skomer-ota-eng.flx.zip.md5sum
2015-05-11 22:46 - 2015-05-11 22:48 - 350470979 _____ C:\Users\Mark Packard Bell\Downloads\MIUI+v5+BETA+3.1 (1).zip
2015-05-11 22:33 - 2015-05-11 22:34 - 350861162 _____ C:\Users\Mark Packard Bell\Downloads\MIUI+v5+BETA+3 (1).zip
2015-05-11 22:15 - 2015-05-11 23:12 - 173967296 _____ C:\Users\Mark Packard Bell\Downloads\sortitoutsi_cutout_megapack_7.05_changes.rar
2015-05-11 19:11 - 2015-05-11 20:05 - 165446734 _____ C:\Users\Mark Packard Bell\Downloads\sortitoutsi_cutout_megapack_7.04_changes.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-09 00:36 - 2014-01-04 14:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-09 00:34 - 2014-11-06 07:57 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-08 23:19 - 2009-07-14 06:45 - 00018736 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 23:19 - 2009-07-14 06:45 - 00018736 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 23:04 - 2014-01-04 14:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-08 20:43 - 2011-08-01 17:45 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\uTorrent
2015-06-08 20:03 - 2009-07-14 07:13 - 00744858 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-08 20:01 - 2014-05-26 10:47 - 00000000 ___RD C:\Users\Mark Packard Bell\Dropbox
2015-06-08 20:01 - 2011-08-01 19:56 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox
2015-06-08 19:55 - 2012-09-01 07:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-06-08 19:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 14:31 - 2015-04-09 20:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-08 14:31 - 2010-12-01 11:38 - 01494017 _____ C:\Windows\WindowsUpdate.log
2015-06-08 13:10 - 2014-03-26 10:26 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Notepad++
2015-06-08 13:07 - 2011-08-01 20:07 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\CrashDumps
2015-06-08 09:38 - 2014-01-20 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-07 23:02 - 2011-10-28 17:26 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Spotify
2015-06-07 22:22 - 2011-10-28 17:25 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Spotify
2015-06-07 16:45 - 2015-01-26 10:28 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\CV Info
2015-06-07 15:08 - 2015-03-22 20:46 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Kodi
2015-06-07 11:23 - 2014-02-04 20:34 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\College
2015-06-04 16:09 - 2011-08-01 18:13 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\vlc
2015-06-04 12:28 - 2015-01-20 21:57 - 00000000 ____D C:\Users\Mark Packard Bell\Documents\Outlook Files
2015-06-03 21:37 - 2014-12-12 01:52 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-03 21:37 - 2014-05-06 11:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-03 21:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-03 20:56 - 2010-09-16 12:13 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-03 20:54 - 2013-09-25 01:11 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-06-03 20:54 - 2010-09-16 12:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-03 20:54 - 2010-09-16 12:11 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-06-03 20:52 - 2010-09-16 12:20 - 00000000 ____D C:\ProgramData\Temp
2015-06-03 20:51 - 2013-12-19 04:30 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-06-03 19:35 - 2014-04-28 11:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-03 16:21 - 2015-04-16 20:18 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\Security
2015-06-02 15:57 - 2014-03-26 10:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-02 15:55 - 2013-11-26 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-02 14:24 - 2015-04-11 19:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-02 13:04 - 2015-04-11 19:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 12:59 - 2014-03-26 10:26 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-06-01 22:04 - 2015-04-15 20:12 - 00000000 ____D C:\Program Files\Puran Defrag
2015-05-29 10:46 - 2014-09-03 11:16 - 00000000 ____D C:\Users\Mark Packard Bell\.freemind
2015-05-28 23:46 - 2014-01-28 19:33 - 00000000 ____D C:\Users\Mark Packard Bell\.VirtualBox
2015-05-28 22:29 - 2011-08-01 17:03 - 00000000 ____D C:\Users\Mark Packard Bell
2015-05-28 22:12 - 2013-09-24 23:42 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-28 21:31 - 2014-01-04 14:26 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-28 21:31 - 2014-01-04 14:26 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-28 20:16 - 2014-04-29 12:04 - 00049522 _____ C:\Users\Mark Packard Bell\Downloads\SecureDownloadManager.log
2015-05-27 23:44 - 2015-05-08 14:07 - 00001069 _____ C:\DelFix.txt
2015-05-27 23:32 - 2014-04-29 11:33 - 00000000 ____D C:\ProgramData\VMware
2015-05-27 23:32 - 2014-04-29 11:30 - 00000000 ____D C:\Program Files (x86)\VMware
2015-05-27 23:21 - 2014-04-29 11:41 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\VMware
2015-05-27 23:14 - 2015-03-02 10:54 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\Telenet
2015-05-27 23:08 - 2012-04-10 09:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 15:23 - 2012-04-10 09:37 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-27 15:23 - 2012-04-10 09:37 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-27 15:23 - 2011-08-01 18:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-27 15:20 - 2012-02-22 02:34 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-05-27 15:18 - 2015-04-09 21:00 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-27 15:17 - 2014-02-12 14:36 - 00001762 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-05-27 13:20 - 2011-08-25 00:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-05-27 02:29 - 2014-01-22 14:01 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\Utilities
2015-05-26 22:11 - 2014-11-13 16:23 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-05-26 20:40 - 2014-11-21 11:09 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Akamai
2015-05-26 14:05 - 2012-02-22 02:49 - 00000000 ____D C:\Program Files\CCleaner
2015-05-25 16:19 - 2014-02-03 11:41 - 00000600 _____ C:\Users\Mark Packard Bell\AppData\Local\PUTTY.RND
2015-05-22 22:42 - 2015-04-11 19:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-22 10:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-05-20 21:15 - 2011-08-01 17:47 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\DAEMON Tools Lite
2015-05-20 17:15 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 17:15 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-19 19:47 - 2014-04-29 11:37 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\VMware
2015-05-19 19:45 - 2014-08-28 13:14 - 00000000 ____D C:\Users\Mark Packard Bell\Documents\Virtual Machines
2015-05-19 11:34 - 2015-01-26 13:06 - 00000212 _____ C:\Users\Mark Packard Bell\.packettracer
2015-05-17 21:59 - 2011-08-01 19:30 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Skype
2015-05-17 20:03 - 2014-03-26 10:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-05-17 19:58 - 2015-01-20 22:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-17 19:58 - 2011-08-01 19:28 - 00000000 ____D C:\ProgramData\Skype
2015-05-14 11:28 - 2013-06-24 22:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 18:55 - 2009-07-14 07:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 12:35 - 2014-03-26 10:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-13 12:30 - 2015-05-06 14:45 - 00000039 _____ C:\Windows\vbaddin.ini
2015-05-13 12:23 - 2013-08-15 01:54 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 12:23 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 12:01 - 2011-08-01 21:29 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 11:58 - 2009-07-14 04:34 - 00000931 _____ C:\Windows\win.ini
2015-05-13 10:47 - 2012-05-12 19:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 10:47 - 2012-05-12 19:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 10:27 - 2012-05-12 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 20:20 - 2013-11-04 04:40 - 00000000 ____D C:\Program Files (x86)\Football Manager 2014
2015-05-12 11:53 - 2011-08-01 19:58 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== Files in the root of some directories =======
 
2014-01-04 14:31 - 2014-01-04 14:31 - 49940480 _____ () C:\Program Files (x86)\GUT70AE.tmp
2013-10-28 05:19 - 2013-10-12 23:10 - 0000224 _____ () C:\Program Files (x86)\update-FIFA14.bat
2013-11-04 04:47 - 2013-11-01 11:41 - 0000224 _____ () C:\Program Files (x86)\update-FM2014.bat
2013-10-28 05:19 - 2013-10-12 20:47 - 0000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2014-04-07 11:56 - 2014-04-07 11:56 - 0000600 _____ () C:\Users\Mark Packard Bell\AppData\Roaming\winscp.rnd
2014-11-18 12:15 - 2014-11-18 12:15 - 0000037 ___SH () C:\Users\Mark Packard Bell\AppData\Local\70149b02515b3bb20dd492.47983420
2013-11-13 00:54 - 2015-05-07 20:57 - 0129400 _____ () C:\Users\Mark Packard Bell\AppData\Local\ars.cache
2013-11-13 00:55 - 2015-05-07 20:57 - 0589483 _____ () C:\Users\Mark Packard Bell\AppData\Local\census.cache
2013-11-13 00:01 - 2013-11-13 00:01 - 0000036 _____ () C:\Users\Mark Packard Bell\AppData\Local\housecall.guid.cache
2014-02-03 11:41 - 2015-05-25 16:19 - 0000600 _____ () C:\Users\Mark Packard Bell\AppData\Local\PUTTY.RND
2015-04-27 13:28 - 2015-04-27 13:28 - 0000729 _____ () C:\Users\Mark Packard Bell\AppData\Local\recently-used.xbel
2012-05-06 00:18 - 2015-01-14 20:45 - 0007597 _____ () C:\Users\Mark Packard Bell\AppData\Local\resmon.resmoncfg
2015-05-07 20:39 - 2015-05-07 20:39 - 0000010 _____ () C:\Users\Mark Packard Bell\AppData\Local\sponge.last.runtime.cache
2015-04-09 20:18 - 2015-04-09 20:18 - 0050687 _____ () C:\ProgramData\1428603507.bdinstall.bin
2015-04-09 20:47 - 2015-04-09 20:47 - 0055670 _____ () C:\ProgramData\1428605214.bdinstall.bin
2015-04-10 14:18 - 2015-04-10 14:18 - 0055818 _____ () C:\ProgramData\1428668247.bdinstall.bin
2015-04-12 11:48 - 2015-04-12 11:48 - 0033299 _____ () C:\ProgramData\1428831891.bdinstall.bin
2014-01-21 16:01 - 2014-01-21 16:01 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2014-04-13 20:46 - 2014-04-17 15:58 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-03-27 13:01 - 2015-03-27 13:01 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Mark Packard Bell\GDFBinary_cs_CZ.dll
C:\Users\Mark Packard Bell\GDFBinary_de_DE.dll
C:\Users\Mark Packard Bell\GDFBinary_en_GB.dll
C:\Users\Mark Packard Bell\GDFBinary_en_US.dll
C:\Users\Mark Packard Bell\GDFBinary_es_ES.dll
C:\Users\Mark Packard Bell\GDFBinary_es_MX.dll
C:\Users\Mark Packard Bell\GDFBinary_fr_FR.dll
C:\Users\Mark Packard Bell\GDFBinary_hu_HU.dll
C:\Users\Mark Packard Bell\GDFBinary_it_IT.dll
C:\Users\Mark Packard Bell\GDFBinary_nl_NL.dll
C:\Users\Mark Packard Bell\GDFBinary_pl_PL.dll
C:\Users\Mark Packard Bell\GDFBinary_pt_BR.dll
C:\Users\Mark Packard Bell\GDFBinary_pt_PT.dll
C:\Users\Mark Packard Bell\GDFBinary_ru_RU.dll
 
 
Some files in TEMP:
====================
C:\Users\Mark Packard Bell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2gjkar.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-05 18:05
 
==================== End of log ============================

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Mark Packard Bell at 2015-06-09 00:38:55
Running from C:\Users\Mark Packard Bell\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-539220840-4066696231-1515832666-500 - Administrator - Disabled)
Guest (S-1-5-21-539220840-4066696231-1515832666-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-539220840-4066696231-1515832666-1002 - Limited - Enabled)
Mark Packard Bell (S-1-5-21-539220840-4066696231-1515832666-1000 - Administrator - Enabled) => C:\Users\Mark Packard Bell
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Emsisoft Anti-Malware (Enabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIDA64 Extreme v4.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.60 - FinalWire Ltd.)
Akamai NetSession Interface (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Sync Manager WiFi (HKLM-x32\...\{563254C9-FBFC-0200-0000-000000000000}) (Version: 12.05.1071 - Mobile Action)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCENT/CCNA ICND1 100-101 Network Simulator Lite (HKLM-x32\...\com.pearson.ccna.NetworkSimulator.ICND1.lite) (Version: 1.0.0 - Pearson Education)
CCENT/CCNA ICND1 100-101 Network Simulator Lite (x32 Version: 1.0.0 - Pearson Education) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Championship Manager 01-02 (HKLM-x32\...\Championship Manager 01-02) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Packet Tracer 6.0.1 (HKLM-x32\...\Cisco Packet Tracer 6.0.1_is1) (Version:  - Cisco Systems, Inc.)
Club Swap (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\6dc1aa4d9e90f983) (Version: 1.0.0.0 - Club Swap)
CM3 Series SaveGame Editor 4.0 Build 4000 (HKLM-x32\...\CM3 Series SaveGame Editor_is1) (Version: 4.0 Build 4000 - Graeme Kelly)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.6.2 - Bloodshed Software)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
DiRT2 (HKLM-x32\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters)
DiRT2 (x32 Version: 1.0.0002.133 - Codemasters) Hidden
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version:  - )
Download Navigator (HKLM-x32\...\{44715246-18E9-4EDF-AA03-94E4B4F80EA8}) (Version: 2.2.0 - SEIKO EPSON CORPORATION)
Dropbox (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version:  - EaseUS)
EaseUS Partition Master 9.1.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 8.0  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.0 - CHENGDU YIWO Tech Development Co., Ltd)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - )
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free PDF Solutions PDF to WORD version 1.0 (HKLM-x32\...\Free PDF Solutions PDF to WORD_is1) (Version: 1.0 - )
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
Fronter OES (HKLM-x32\...\{50F072D6-D66C-4E7D-9833-303661C5AAA9}) (Version: 1.1.31.0 - Fronter)
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
Glary Undelete 1.8.0.468 (HKLM-x32\...\Glary Undelete_is1) (Version:  - Glarysoft.com)
GNS3 1.3.3 (HKLM-x32\...\GNS3) (Version: 1.3.3 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Chrome (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Gpg4win (2.2.4) (HKLM-x32\...\GPG4Win) (Version: 2.2.4 - The Gpg4win Project)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
ICND1 Network Simulator Lite (HKLM-x32\...\ICND1 Network Simulator Lite) (Version: 1.0.0.14 - Pearson IT Certification)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
inSSIDer 3 (HKLM-x32\...\{CDF246AE-C6E3-438F-AA76-21700DCC15F6}) (Version: 3.0.6.42 - MetaGeek, LLC)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.380 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.380 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{56DC4F23-DCC5-4935-A6E1-D9B7817C948A}) (Version: 1.0.5.34 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.0.5.34 - Kaspersky Lab) Hidden
Kodi (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Kodi) (Version:  - XBMC-Foundation)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
LEGO MINDSTORMS Edu NXT - English Language Pack (HKLM-x32\...\{A970DAFC-8683-47C1-9C72-E9C59AD9BD0E}) (Version: 2.1.79.0 - The LEGO Group)
LEGO MINDSTORMS Edu NXT Software v2.1 (HKLM-x32\...\{E43F30A4-1A56-408F-BF17-C5E808FD4DAC}) (Version: 2.1.76.0 - LEGO)
LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{AE1D4582-D449-495C-9DC6-B92E16C7DB63}) (Version: 1.19.768 - LEGO)
LEGO MINDSTORMS NXT Edu Patch v2.1f3 (x32 Version: 2.1.22.0 - LEGO) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{AFADA6D3-EBC0-406E-B3ED-079B7A831467}) (Version: 8.0.6362.229 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MiniTool Partition Wizard Home Edition 7.8 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\MyFreeCodec) (Version:  - )
MySQL Workbench 6.1 CE (HKLM-x32\...\{AD95295B-0279-43B6-A873-F12A1D1CD146}) (Version: 6.1.7 - Oracle Corporation)
Nero 9 Essentials (HKLM-x32\...\{a97f0ac6-e34b-400a-8ce4-c4a5ab45344e}) (Version:  - Nero AG)
NewFreeScreensaver nfsSputnikOfEarth (HKLM-x32\...\Sputnik Of Earth New Free Screensaver_is1) (Version:  - )
Nmap 6.47 (HKLM-x32\...\Nmap) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.3.6-I003  (HKLM\...\OpenVPN) (Version: 2.3.6-I003 - )
OpenVPN Tap Adapter 9.0.0.8 (HKLM-x32\...\OpenVPN Tap Adapter) (Version:  - )
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0806.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
PC TWIN SHOCK (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Pearson IT Certification Practice Test (HKLM-x32\...\Pearson IT Certification Practice Test_is1) (Version: 1.0.0.24 - Pearson IT Certification)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.5.0.4 - OpenVPN Technologies)
Pro Evolution Soccer 2015 (HKLM-x32\...\Steam App 287680) (Version:  - KONAMI Digital Entertainment)
ProjectLibre (HKLM-x32\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
Puran Defrag 7.7 (HKLM\...\Puran Defrag_is1) (Version:  - Puran Software)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.82 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Screencast-O-Matic (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.162 - SolarWinds)
Spotify (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StofaWebTvPlayer (HKLM-x32\...\{C1BC4EC3-0DD8-4529-B50E-6B0CC74DEDD0}) (Version: 3.13.0.7173 - Stofa A/S)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
Torrent Stream 2.0.8.1.2 (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\TorrentStream) (Version: 2.0.8.1.2 - Torrent Stream)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 3.0.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.1.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Verbatim GREEN BUTTON 1.68 (HKLM-x32\...\Verbatim GREEN BUTTON_is1) (Version:  - Verbatim)
Verbatim Hard Drive Formatter (HKLM-x32\...\Verbatim Hard Drive Formatter_is1) (Version:  - Verbatim)
Verbatim Hard Drive Info 1.04 (HKLM-x32\...\Verbatim Hard Drive Info_is1) (Version:  - Verbatim)
Verbatim Product Update 1.06 (HKLM-x32\...\Verbatim Product Update_is1) (Version:  - Verbatim)
Video Web Camera (HKLM-x32\...\{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}) (Version: 0.5.37.3 - SuYin)
ViewRight Web PC (HKLM-x32\...\{0AEF5F93-DE30-4D0A-A879-B3BB72000F52}) (Version: 2.1.2.3 - Verimatrix, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3004 - Packard Bell)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinSCP 5.5.2 (HKLM-x32\...\winscp3_is1) (Version: 5.5.2 - Martin Prikryl)
Wireshark 1.12.5 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.5 - The Wireshark developer community, http://www.wireshark.org)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-539220840-4066696231-1515832666-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
07-06-2015 19:00:24 Windows Backup
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2015-04-27 14:24 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01DD437C-6616-41D4-98E4-EEE15ABF2D9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {07279329-7CC5-4B08-B401-868343E368EF} - System32\Tasks\{2796E00D-ECB9-470C-95DA-4B1AD7297B86} => pcalua.exe -a "C:\Users\Mark Packard Bell\Desktop\242.exe" -d "C:\Users\Mark Packard Bell\Desktop"
Task: {085B8BC9-3D56-43C1-9FBA-A3F500847361} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {0AF84520-0F32-4755-9F76-E5D80171C894} - System32\Tasks\{68D7B198-C4E1-4F26-A9B6-1CE0EB9A77EA} => pcalua.exe -a "C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PESEdit.com_2013_Patch_4.0\Installer.exe" -d "C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PESEdit.com_2013_Patch_4.0"
Task: {0CEF7ED3-6089-4D1F-8B2F-5F2B1A3C379C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {114ECA9E-C5C6-4738-9047-B1E08EF3C596} - System32\Tasks\Norton Zone\Norton Error Analyzer => C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\SymErr.exe
Task: {11598920-526F-4B4A-9650-C9FDF91D7F54} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {18D6FBD0-3083-483B-9F45-BE37A6268CEF} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {1D61D52F-68B3-4492-A030-D44341C74CEC} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {1E3C7251-A5C7-4593-A600-086361AF74F6} - System32\Tasks\{FCBA2F71-5DA9-418F-813E-B87FD87243D5} => pcalua.exe -a "C:\Users\Mark Packard Bell\Downloads\Installer.exe" -d "C:\Users\Mark Packard Bell\Downloads"
Task: {2D7692BB-C838-4861-9368-02D558E1048E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000Core => C:\Users\Mark Packard Bell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {31083F95-C633-4BDF-8C76-D0FBA350A652} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {341A9CD5-0966-4497-968F-B7A8C5654A2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {36BF9BA9-577F-4B5D-A1C3-725AE21C3E88} - System32\Tasks\{3A2F5723-9DF6-4B02-A5CA-671676ECF1D7} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\Championship Manager 01-02\Uninst.isu"
Task: {3773F0F1-F760-43E7-A2EF-54883C525B26} - System32\Tasks\Norton Zone\Norton Error Processor => C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\SymErr.exe
Task: {42A0F465-F232-4B50-B461-61EDFAA09402} - System32\Tasks\{826C4847-7366-4C7A-826C-676B8A3E9A07} => pcalua.exe -a "C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\Installer.exe" -d "C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013"
Task: {448421F9-13ED-41B0-8F19-7FDA7D7C18B7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {4C2A10D5-9798-44FB-9639-166187567380} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {51E78B64-3A5F-4864-A4B7-7DBCD9EDCA6E} - System32\Tasks\{6BCCDE6D-A1E1-4DF4-A00F-AF380008D268} => pcalua.exe -a "C:\Users\Mark Packard Bell\Downloads\reflash_package.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {55326C99-1C11-4D76-BF4C-ABD6BE2C1B00} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {57F8AFFC-05C5-412F-983E-310876669499} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-02] (Microsoft Corporation)
Task: {58084165-8635-49C7-8A29-B9C20AF6F606} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MARKPACKARDBELL-Mark Packard Bell MarkPackardBell => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {6273D890-FFCF-4DF3-9A16-8C33CB081576} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {667D300D-8862-4F68-81D3-F6112B9CAF5B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000UA => C:\Users\Mark Packard Bell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {6849B0AD-C577-4072-8E40-77A031FC8122} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {69D0E3C3-6A2D-4CC9-8638-E9123B3C01E4} - System32\Tasks\{A4E76466-01A8-42E9-B274-AA17714CC40C} => pcalua.exe -a C:\Users\Public\Music\242.exe -d "C:\Users\Mark Packard Bell\Documents"
Task: {6AD97519-DA07-46F7-A3B5-6BA1647A0039} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-26] ()
Task: {6E07FDF6-E11A-4049-90FC-C3EF2DD4AE2C} - System32\Tasks\{F3609A0A-382D-4DC8-929A-E9A0664EC821} => pcalua.exe -a F:\Installer.exe -d F:\
Task: {70A658C4-B875-42B7-A472-C670AE760B88} - System32\Tasks\{124B9633-DAEB-4C20-B6EC-F7A04C2393E9} => pcalua.exe -a "C:\Users\Mark Packard Bell\Downloads\PESEdit.com_2013_Patch_2.2\PESEdit.com_2013_Patch_2.2\Installer.exe" -d "C:\Users\Mark Packard Bell\Downloads\PESEdit.com_2013_Patch_2.2\PESEdit.com_2013_Patch_2.2"
Task: {75A8817A-2A29-4229-A2D9-B2A7D4A1E4D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7A050E1D-D275-4BC4-9A8F-38B13EDFCA6A} - System32\Tasks\{CC365B42-37A7-4D8B-9FA3-AF93082BEE71} => C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PESEDIT.exe
Task: {8BD71C9F-6BF8-4FD9-9D20-FD91D2E5CEDE} - System32\Tasks\{1784D112-985E-4A2D-81C6-C2987AD08309} => C:\Program Files (x86)\Championship Manager 01-02\cm0102.exe
Task: {915F725F-08DD-4802-A53B-BFC1169A9BF0} - System32\Tasks\{AE142CEE-E9EE-4FC6-ABE8-87B514183B86} => pcalua.exe -a "C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe" -d "C:\Program Files (x86)\USB Vibration\7906\setup"
Task: {965DF7D3-F677-47E9-901D-8E2F7CB54F20} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {AD0C17A3-A1EC-455B-848A-7F9E19546883} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-27] (Adobe Systems Incorporated)
Task: {AEF1AF2B-3724-4F79-A593-D5B3E6205344} - System32\Tasks\{B834D3B5-ACD8-40C7-916C-506D452EC78F} => pcalua.exe -a "C:\Users\Mark Packard Bell\Downloads\HTCDriver3.0.0.007.exe" -d "C:\Users\Mark Packard Bell\Downloads"
Task: {B015DEA8-C3B3-4AF5-A9CB-FA532B2AA013} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {BB8C6C40-47D2-4D7E-905C-8554283D43C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {BCCC1665-44E6-49FD-8B49-1A10AD0A85F8} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\AutoUpdate.exe
Task: {C3CA1DBF-939E-4EB3-A10E-C7AFC8E4235B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)
Task: {CE5544BD-F58D-4021-8F7F-1AC85C4AFA73} - System32\Tasks\{EED19B30-70C8-47AE-9389-0BD5B67124D5} => pcalua.exe -a "C:\Users\Mark Packard Bell\Downloads\242.exe" -d "C:\Users\Mark Packard Bell\Downloads"
Task: {D0B7C1AD-17AE-4DE8-A772-04291F409F56} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {D8F7A683-EA98-4573-B94E-C13736A1A635} - System32\Tasks\{092CD215-C29A-46E9-8E38-84DC27544484} => C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PESEDIT.exe
Task: {DFCBE5C1-5BF5-4714-80FE-D6C87FD07032} - System32\Tasks\{95AD1534-19ED-4DFF-AA87-D4403252EC32} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.113&amp;LastError=12002
Task: {E36CBD41-F306-4063-866F-14A1DCE9C1B4} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000Core.job => C:\Users\Mark Packard Bell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000UA.job => C:\Users\Mark Packard Bell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-03-17 16:21 - 2015-03-17 16:21 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2011-01-10 14:49 - 2011-01-10 14:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2015-03-01 23:28 - 2014-12-15 02:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-17 16:07 - 2015-03-17 16:07 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-03-17 16:01 - 2015-03-17 16:01 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-03-17 15:54 - 2015-03-17 15:54 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-03-17 16:07 - 2015-03-17 16:07 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-03-17 16:10 - 2015-03-17 16:10 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00280104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00754728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-06-08 19:57 - 2015-06-08 19:58 - 00043008 _____ () c:\Users\Mark Packard Bell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2gjkar.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-02-05 02:12 - 2009-05-20 15:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-12-13 16:49 - 2014-12-13 16:49 - 00320792 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2014-10-16 11:15 - 2014-10-16 11:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2015-03-11 18:53 - 2015-03-11 18:53 - 00113664 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\lzo2.dll
2015-03-11 18:53 - 2015-03-11 18:53 - 01034752 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libxml2.dll
2015-03-01 23:28 - 2014-12-15 01:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-27 15:21 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-27 15:21 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Mark Packard Bell\Desktop\CV Info:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Desktop\Hyper V:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Desktop\ICNDI1_CCNA_3rdED_2012.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Desktop\Kiloo Security Network with Snort.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\barclays-premier-league-2014-15-teams-and-fixture.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Chelsea Badge.PNG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Chelsea Samsung.PNG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Chelsea_Mourinho_001.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Consultant Presentation schedule.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Premier-League.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\SAMSUNG AWAY.PNG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Samsung.PNG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Sky Bet Championship.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Downloads\Sky_Bet_Championship.png:com.dropbox.attributes
AlternateDataStreams: C:\Users\Mark Packard Bell\Documents\CCFC.jpg:com.dropbox.attributes
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\F825DD4D.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\F825DD4D.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
 
There are 6128 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark Packard Bell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 212.10.10.4 - 212.10.24.252
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: LMIRescue_c9ca4a07-df97-41c4-8488-6491ac92f9f6 => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: SophosVirusRemovalTool => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Software Updater Beta.lnk => C:\Windows\pss\Kaspersky Software Updater Beta.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PrivateTunnel.lnk => C:\Windows\pss\PrivateTunnel.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EaseUS TB Tray Agent => "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
MSCONFIG\startupreg: emsisoft anti-malware => "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
MSCONFIG\startupreg: Google Update => "C:\Users\Mark Packard Bell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
MSCONFIG\startupreg: PuranADT => C:\Program Files\Puran Defrag\PuranADT.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Spotify => "C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Player\vmware-tray.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FFC6D096-3323-4BFD-92C9-08B6BB9394F2}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{C7F31722-1A0F-4126-B524-C9D92BB5B96C}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{A8FF17F3-5681-4383-91E5-663B1DBAD08C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{9955348A-C787-42C2-B786-DB33FB626F12}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DB22B764-7D3B-45BC-81A2-668AAF1AAD16}] => (Allow) svchost.exe
FirewallRules: [{104AE829-EED7-4CED-BA68-C7132B84DF09}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{814DC196-BF1F-4826-9AFC-A0AC771B0272}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{01101E64-77D5-47AB-9D61-758DE9C9EFC5}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DA696169-5BB4-4859-9D4F-930F7BA1F5A1}] => (Allow) C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
FirewallRules: [{8714DF00-9EF5-4B75-AE3C-C1E670EBAF0F}] => (Allow) C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
FirewallRules: [{2A227A81-792F-4C6E-B088-08C5C4FA0332}] => (Allow) C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
FirewallRules: [{296B9265-272F-4B03-A786-2273CE5DF80F}] => (Allow) C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
FirewallRules: [{93C0B7EE-734F-445D-8FEF-24B54A2A9FD1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86679B98-F066-4759-88B4-37C4CB9580CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B089B0E-71F2-4885-9273-2A330860D2DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB330383-2A14-4AE5-81DE-15AB8EE5CD8F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{25AC7D38-52E2-4AF4-8663-E48BEE2240CD}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{08423E78-C74F-4468-AB73-D9A132C5141F}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{9A7C58FC-D03A-454B-97C0-DB89D6D566F5}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{BF7C58C3-003F-4660-8790-43AAD5C7BE13}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{35F0589C-41CC-468D-9BD8-1AD2449EF593}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT2\dirt2_game.exe
FirewallRules: [{A73AE05F-7435-4C23-90D4-D6D4A32820D2}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT2\dirt2_game.exe
FirewallRules: [{A15CD113-748F-498F-84EC-550B6F97996D}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe
FirewallRules: [{B5420E57-4A2B-486C-B10A-2E2B919EF856}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe
FirewallRules: [{7D257A6E-8D25-4CBF-896D-80A7A4555F72}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe.exe
FirewallRules: [{3E1DD5EF-2FEE-4D4A-AE06-56F38003029A}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe.exe
FirewallRules: [{B78BBB56-CF5F-4534-A404-EB00ABAD0EAE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{80FF7296-20EF-4484-86BE-3091CEE03FEC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{45EB22C0-F81F-4A6A-825A-50036EA178DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{0CE68321-05D9-4898-82DF-33EF4E48C579}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{077C32B0-0C90-428D-9413-FE55FE67E652}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe.exe
FirewallRules: [{C7529C05-33A6-4D5B-B73A-0921FFC310EB}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe.exe
FirewallRules: [{CE79CD86-F293-4531-BB35-604524456F2A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{9D6E6C3D-9221-4210-B2E4-3B7B2A5086E2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{BC0FF3D4-35AC-47A1-91E1-6425E7CAE3B0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{8CA91782-237C-4730-B9C4-6E06773DB4B6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{99016948-A3BC-46B1-BE37-2FDBC082FB3F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{3C593A4D-EEBE-4982-B210-307ED05F751F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{E74C4DA2-8E05-40F3-9B8F-DA0C0C0F428C}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe
FirewallRules: [{DA16C0C7-5617-42AB-942A-C85E52A43807}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe
FirewallRules: [{0ABCB5F3-8D15-4412-94CD-9473711A4570}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{C23C170D-349C-45F5-BA0B-BEE1CC41A665}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT 3\dirt3_game.exe
FirewallRules: [{623A50C5-EB8C-4DEB-A273-1845CDC9D04F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2508A3AF-F6DB-437A-BD71-33AC692E72A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D54519F4-4207-4930-9740-C8F81D4308B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2013\fm.exe
FirewallRules: [{659ACFB8-BF62-4CBA-B1BA-D478DAF41D6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2013\fm.exe
FirewallRules: [{9D121E84-382F-4866-A3CE-085B91B4A459}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\TorrentStream\engine\tsengine.exe
FirewallRules: [{3F4CF575-F1C6-4980-BDE7-29183643FD73}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\TorrentStream\engine\tsengine.exe
FirewallRules: [{506AD2B3-4507-4239-BD33-06B9BBBBF332}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{C4213B38-F1FF-4568-B6BA-D852E844F050}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
FirewallRules: [{25320B58-1EB3-4865-8555-ED488D5357B3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
FirewallRules: [{3EBEAA2E-E985-4760-B909-F67BEC311522}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1942\BF1942.exe
FirewallRules: [{C1185E01-EE75-4C00-9A9A-F35ABE279E42}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E773C940-5D1F-4D26-94B0-144763818B4F}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E4398596-9C00-405E-A587-8C0D3811B2C0}] => (Allow) C:\Users\Mark Packard Bell\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{1B308130-E424-4C62-985C-7DEF069E8CC5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{057F05E4-2883-4540-AE49-DA98985AE119}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B533186-F257-4425-A67C-64679BDD4382}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{20F835D6-DAB7-4E56-9749-CC0ABAC50FBB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D2AA660D-F665-4CDF-B3A0-8C6B293EFB9A}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{03539FBE-3C70-4E4A-8419-0452E14E2080}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{A819BDF5-30B7-4A5D-B0F6-FA3821828399}] => (Allow) C:\Users\Mark Packard Bell\Downloads\solutoinstaller.exe
FirewallRules: [{E3BE12B8-4EF6-4D91-A639-6AC4F53AE72C}] => (Allow) C:\Users\Mark Packard Bell\Downloads\solutoinstaller.exe
FirewallRules: [{8A9926FB-0FE9-4416-8063-B9D119F3D244}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{77A111C2-B7BD-4EC0-9A56-E1510528BE14}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2FA50437-5D0A-4ABD-83E5-125B456C8477}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{84DF20D4-64F4-489E-AA18-CC77F1B5D1B7}] => (Allow) C:\Users\Mark Packard Bell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D316B1FD-3A9B-414C-B5AA-2C74DFE6F92E}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{83B3E9D4-4CC7-4A06-8AFB-2A0C399A0354}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT2\dirt2_game.exe
FirewallRules: [{FA173414-54B2-4ADB-9322-78E1C83C5F8E}] => (Allow) C:\Program Files (x86)\Codemasters\DiRT2\dirt2_game.exe
FirewallRules: [{2FCF08E6-F1F3-4FC1-9BE7-F93AB156D429}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{95DE094D-AB31-4F6E-9D45-58F61D55EF8C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D61A1084-BA30-4F1E-A50C-5FD838D357FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{74DBC340-C4F7-4B70-B084-FE9A18191F69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [TCP Query User{DDD9D2C9-9D63-4DA3-B653-BA27D4821768}C:\users\mark packard bell\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mark packard bell\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{6A3F5653-56BD-4AC1-A98D-C67E44CF7151}C:\users\mark packard bell\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mark packard bell\appdata\local\akamai\netsession_win.exe
FirewallRules: [{6675BE67-2F88-49FA-9B92-AD1491DD2621}] => (Allow) C:\Program Files (x86)\Acronis\Access\Common\apache-tomcat-7.0.57\bin\tomcat7.exe
FirewallRules: [{BFA5985C-027D-4621-AC3B-9F977E437CFB}] => (Allow) C:\Program Files (x86)\Acronis\Access\Common\apache-tomcat-7.0.57\bin\tomcat7.exe
FirewallRules: [{5C82044B-11E0-4495-A0D0-8BA15B6AF468}] => (Allow) C:\Program Files (x86)\Acronis\Access\File Repository\AcronisAccessRepository.exe
FirewallRules: [{D346CE04-1F95-4D96-A493-A9CAE565360F}] => (Allow) LPort=0
FirewallRules: [{9C28F6C4-5213-4E48-82AA-85BB3536D22B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{20F35B24-6A38-46B3-8710-095276B3A55A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2F4EB44A-929A-4A4E-85E7-FC4A08FBB735}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D2279D33-13B7-4729-8523-2B4AA1E396DA}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{80378E44-B0DB-47DD-BBCE-2B0912B73201}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F3481182-7FBE-4F7C-9F98-B093E3A42DB1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0ED39539-0935-46F5-85C9-B1FBB2F42833}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3335B18D-3014-4B69-8B41-63F08B1817B7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2131BCA2-DEC2-4CC4-B89B-4F7008BD4A79}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DA1CCD2E-961C-4464-8251-562B662D7313}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{86B6E102-0F2B-4D43-9F45-6E2004AB7887}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{385E2A16-EE76-4C68-81E9-4FFE2DDAD9BC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{A96E91D3-1A3A-4A5B-B2DC-59A1E1386996}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{EB2E3AF5-A3DA-4EDC-9201-EA75B36BC585}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{E3ECE65C-1E1E-47DD-9451-AD138F33A26A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{CCD16B9F-4AE4-4662-8BEB-31640BB95524}] => (Allow) C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{553FD946-B23B-45A8-9943-C7A4352945A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{304042CE-A534-41C5-B7DF-4CF92577ABCB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F575127B-BBAF-4312-967F-8384E096EC4C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{0D44F4DD-39FF-4A3B-806C-7F941391FD8A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{38492FCA-3D7A-400F-ACA8-D5AD5448F9FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{C3446194-F654-445B-A0DA-7790692E09FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{992B68BD-9D85-4DC2-BC08-84C545CB0266}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D81E8F6F-ED10-4B4F-8C2B-537231DF153B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E0EC7FDC-E475-48F3-98B1-7E18F65D6ADD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5D9166D0-8FE7-4A0F-BA0B-54EB13FD2F1C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DA4DDF13-1F7E-45C9-82F3-9DF1BB614D39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 1.3M WebCam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/08/2015 07:58:36 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.
 
Error: (06/08/2015 07:56:39 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalog
 
Error: (06/08/2015 07:56:39 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Error: (06/08/2015 01:02:33 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.
 
Error: (06/08/2015 01:01:25 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalog
 
Error: (06/08/2015 01:01:25 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Error: (06/08/2015 09:03:50 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.
 
Error: (06/08/2015 09:02:29 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalog
 
Error: (06/08/2015 09:02:28 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Error: (06/07/2015 07:20:28 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.
 
 
System errors:
=============
Error: (06/09/2015 00:34:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/09/2015 00:24:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/09/2015 00:14:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/09/2015 00:04:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/08/2015 11:54:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/08/2015 11:44:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/08/2015 11:34:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/08/2015 11:24:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/08/2015 11:14:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/08/2015 11:04:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office:
=========================
Error: (06/08/2015 07:58:36 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiThe operation completed successfully.   0x0
 
Error: (06/08/2015 07:56:39 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog
 
Error: (06/08/2015 07:56:39 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: 
 
Error: (06/08/2015 01:02:33 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiThe operation completed successfully.   0x0
 
Error: (06/08/2015 01:01:25 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog
 
Error: (06/08/2015 01:01:25 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: 
 
Error: (06/08/2015 09:03:50 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiThe operation completed successfully.   0x0
 
Error: (06/08/2015 09:02:29 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog
 
Error: (06/08/2015 09:02:28 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: 
 
Error: (06/07/2015 07:20:28 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiThe operation completed successfully.   0x0
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-20 21:24:05.366
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-20 21:24:05.303
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II N950 Quad-Core Processor
Percentage of memory in use: 65%
Total physical RAM: 4090.9 MB
Available physical RAM: 1411.39 MB
Total Pagefile: 8180 MB
Available Pagefile: 4342.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Packard Bell) (Fixed) (Total:684.54 GB) (Free:220.41 GB) NTFS
Drive d: (9781587143854) (CDROM) (Total:0.66 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0C359BC0)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:44 PM

Posted 08 June 2015 - 07:55 PM

I see you have P2P software ( Torrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

 

 

We need to run a fix with FRST:

  • First, please move FRST to your Desktop.
  • Then, please download the attached fixlist.txt file and save it to your Desktop.
    Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   450bytes   1 downloads
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

 

Do you recognize these files?

C:\Users\Mark Packard Bell\Desktop\242.exe

C:\Users\Mark Packard Bell\Downloads\242.exe

C:\Users\Public\Music\242.exe

 

If you don't recognize them, please upload one of them here: http://www.bleepingcomputer.com/submit-malware.php?channel=139


Edited by jntkwx, 08 June 2015 - 08:33 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 09 June 2015 - 07:23 AM

Hi, that file should only be in downloads. I certainly do not see it on my desktop. I cannot find it in my downloads where it should be. It is a patch update for Championship Manager. How or why it is in a public users music folder I do not know.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Mark Packard Bell at 2015-06-09 14:21:40 Run:2
Running from C:\Users\Mark Packard Bell\Desktop
Loaded Profiles: Mark Packard Bell (Available Profiles: Mark Packard Bell)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
CHR HKLM-x32\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - No Path Or update_url value
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:D287FACF
AlternateDataStreams: C:\ProgramData\Temp:D3A96964
*****************
 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ochbjojkpcmlfeagbaahkofepalngihg" => key removed successfully
C:\Windows\logo1_.exe => moved successfully.
C:\Windows\logo_1.exe => moved successfully.
C:\Windows\RUNDL132.EXE => moved successfully.
C:\Windows\rundll16.exe => moved successfully.
C:\Windows\VDLL.DLL => moved successfully.
C:\Windows\SysWOW64\runouce.exe => moved successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
"C:\ProgramData\Temp" => ":D287FACF" ADS not found.
"C:\ProgramData\Temp" => ":D3A96964" ADS not found.
 
==== End of Fixlog 14:21:41 ====

Edited by sparky2000, 09 June 2015 - 07:30 AM.


#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:44 PM

Posted 09 June 2015 - 07:28 AM

So you do recognize the file (I was trying to determine whether it was a legit file or not).

 

How is your computer running now? Please let me know if you get anymore popups.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users