Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Emoji Icons showing randomly


  • This topic is locked This topic is locked
40 replies to this topic

#1 blackrobin

blackrobin

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:N.Z
  • Local time:08:03 PM

Posted 02 June 2015 - 06:44 AM

Hi, bkdesign posted this 16/5/15 and I think I have the same thing. I really don't know if its a virus or not. These postage stamp size things keep turning up on my computer screen often after starting Facebook on Firefox. I am not as computer literate as he was but have done a FARBAR scan and will copy and past the results. Sometimes they are there and not as clear as other times. After closing FB they hang around for some time on other web pages or just on the main screen behind the programmes. I have taken a screenshot of the problem as well.
Hmm now i just have to work out how to copy and paste on here and I will add both those things....Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Robin (administrator) on ROBIN-HP on 02-06-2015 22:36:18
Running from C:\Users\Robin\Downloads
Loaded Profiles: Robin (Available Profiles: Robin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Telecom Connection Manager\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-09-15] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-01] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-22] (Hewlett-Packard Company)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1980509205-770425902-735787935-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1980509205-770425902-735787935-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-23] (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-23] (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-23] (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-23] (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-23] (Versionate Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1980509205-770425902-735787935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll [2014-01-17] (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll [2014-08-07] (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-24] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll [2014-01-17] (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll [2014-08-07] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-24] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
Toolbar: HKU\S-1-5-21-1980509205-770425902-735787935-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll [2014-08-07] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll [2014-08-07] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll [2014-01-17] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll [2014-01-17] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2013-09-27] (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705
FF Homepage: hxxp://www.stuff.co.nz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-22] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-10-24] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-19] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2010-10-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\donottrackplus@abine.com [2015-06-01]
FF Extension: HTTPS-Everywhere - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\https-everywhere@eff.org [2015-06-01]
FF Extension: LastPass - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\support@lastpass.com [2015-06-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-01]
FF Extension: Ghostery - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\firefox@ghostery.com.xpi [2015-06-01]
FF Extension: Self-Destructing Cookies - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-06-01]
FF Extension: Smart Referer - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\smart-referer@meh.paranoid.pk.xpi [2015-06-01]
FF Extension: Webutation - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2015-06-01]
FF Extension: NoScript - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-01]
FF Extension: Adblock Plus - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-01]
FF Extension: BetterPrivacy - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-06-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-06-26]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-06-26]

Chrome:
=======
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-29] (SurfRight B.V.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 UI Assistant Service; C:\Program Files (x86)\Telecom Connection Manager\AssistantServices.exe [253264 2010-09-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-02] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-23] (Trend Micro Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 22:36 - 2015-06-02 22:36 - 00020833 _____ () C:\Users\Robin\Downloads\FRST.txt
2015-06-02 22:36 - 2015-06-02 22:36 - 00000000 ____D () C:\FRST
2015-06-02 22:35 - 2015-06-02 22:35 - 02108928 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe
2015-06-02 17:38 - 2015-06-02 19:26 - 00000000 ____D () C:\Users\Robin\Documents\Oil spill Pilot bay
2015-06-02 17:32 - 2015-06-02 17:36 - 00000000 ____D () C:\Users\Robin\Documents\Go Pro Camera update
2015-06-02 17:32 - 2015-06-02 17:33 - 00000000 ____D () C:\Users\Robin\Documents\Banking
2015-06-02 17:30 - 2015-06-02 17:35 - 00000000 ____D () C:\Users\Robin\Documents\Mercer Kiwisaver
2015-06-02 17:29 - 2015-06-02 19:03 - 00000000 ____D () C:\Users\Robin\Documents\payslips2015
2015-06-02 17:06 - 2015-06-02 17:06 - 00003355 _____ () C:\Users\Robin\Desktop\EPSON Scan - Shortcut.lnk
2015-06-02 17:03 - 2015-06-02 17:41 - 00000000 ____D () C:\Users\Robin\Documents\TAX STUFF
2015-06-01 14:23 - 2015-06-01 14:23 - 03480040 _____ (McAfee, Inc.) C:\Users\Robin\Downloads\MCPR.exe
2015-06-01 14:12 - 2015-06-01 14:12 - 02231296 _____ () C:\Users\Robin\Downloads\adwcleaner_4.206.exe
2015-06-01 00:41 - 2015-06-01 00:43 - 00003556 _____ () C:\Users\Robin\Desktop\Rkill.txt
2015-05-31 23:55 - 2015-05-31 23:55 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Robin\Downloads\rkill.exe
2015-05-31 23:54 - 2015-06-02 17:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-31 23:52 - 2015-06-02 17:21 - 00000000 ____D () C:\Users\Robin\Desktop\mbar
2015-05-31 23:49 - 2015-05-31 23:50 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Robin\Downloads\mbar-1.09.1.1004.exe
2015-05-31 23:47 - 2015-06-02 11:23 - 00000000 ____D () C:\Users\Robin\Desktop\Mal
2015-05-31 23:21 - 2015-05-31 23:21 - 00039327 _____ () C:\Users\Robin\Documents\Result.txt
2015-05-31 23:15 - 2015-05-31 23:20 - 00039327 _____ () C:\Users\Robin\Downloads\Result.txt
2015-05-31 23:12 - 2015-05-31 23:12 - 00403456 _____ (Farbar) C:\Users\Robin\Downloads\MiniToolBox.exe
2015-05-31 23:12 - 2015-05-31 23:12 - 00002351 _____ () C:\Users\Robin\Documents\FSS.txt
2015-05-31 23:11 - 2015-05-31 23:11 - 00002351 _____ () C:\Users\Robin\Downloads\FSS.txt
2015-05-31 23:10 - 2015-05-31 23:10 - 00415232 _____ (Farbar) C:\Users\Robin\Downloads\FSS.exe
2015-05-31 23:09 - 2015-05-31 23:09 - 00001118 _____ () C:\Users\Robin\Documents\checkup.txt
2015-05-31 23:02 - 2015-05-31 23:02 - 00852639 _____ () C:\Users\Robin\Downloads\SecurityCheck.exe
2015-05-29 11:09 - 2015-05-29 11:09 - 00000303 _____ () C:\Windows\wininit.ini
2015-05-29 10:22 - 2015-04-11 15:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-29 10:18 - 2009-06-11 09:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150529-101819.backup
2015-05-29 10:09 - 2015-05-29 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-05-29 00:06 - 2015-05-29 05:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-29 00:06 - 2015-05-29 00:06 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-29 00:06 - 2015-05-29 00:06 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-05-29 00:06 - 2015-05-29 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-29 00:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-05-29 00:05 - 2015-05-29 00:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-28 23:59 - 2015-05-29 00:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Robin\Downloads\spybot-2.4.exe
2015-05-28 23:44 - 2015-05-28 23:45 - 00014922 _____ () C:\Users\Robin\Documents\HitmanPro_20150528_2344.log
2015-05-28 23:27 - 2015-05-28 23:29 - 11024496 _____ (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro_x64(1).exe
2015-05-16 21:14 - 2015-05-16 21:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 12:03 - 2015-06-01 10:26 - 00000000 ____D () C:\Users\Robin\Desktop\Old Firefox Data
2015-05-15 11:57 - 2015-05-31 23:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-15 11:55 - 2015-05-15 11:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Robin\Downloads\revosetup.exe
2015-05-13 23:17 - 2015-05-02 01:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:17 - 2015-05-02 01:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 20:10 - 2015-05-05 13:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 20:10 - 2015-05-05 13:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 20:10 - 2015-04-18 15:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 20:10 - 2015-04-18 14:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 20:09 - 2015-04-22 14:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 20:09 - 2015-04-22 13:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 20:09 - 2015-04-22 05:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 20:09 - 2015-04-22 05:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 20:09 - 2015-04-22 05:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 20:09 - 2015-04-22 04:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 20:09 - 2015-04-22 04:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 20:09 - 2015-04-22 04:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 20:09 - 2015-04-22 04:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 20:09 - 2015-04-22 04:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 20:09 - 2015-04-22 04:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 20:09 - 2015-04-22 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 20:09 - 2015-04-22 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 20:09 - 2015-04-22 04:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 20:09 - 2015-04-22 04:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 20:09 - 2015-04-22 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 20:09 - 2015-04-22 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 20:09 - 2015-04-22 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 20:09 - 2015-04-22 04:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 20:09 - 2015-04-22 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 20:09 - 2015-04-22 04:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 20:09 - 2015-04-22 04:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 20:09 - 2015-04-22 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 20:09 - 2015-04-22 04:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 20:09 - 2015-04-22 04:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 20:09 - 2015-04-22 04:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 20:09 - 2015-04-22 04:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 20:09 - 2015-04-22 04:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 20:09 - 2015-04-22 04:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 20:09 - 2015-04-22 04:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 20:09 - 2015-04-22 04:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 20:09 - 2015-04-22 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 20:09 - 2015-04-22 04:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 20:09 - 2015-04-22 04:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 20:09 - 2015-04-22 04:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 20:09 - 2015-04-22 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 20:09 - 2015-04-22 03:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 20:09 - 2015-04-22 03:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 20:09 - 2015-04-22 03:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 20:09 - 2015-04-22 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 20:09 - 2015-04-22 03:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 20:09 - 2015-04-22 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 20:09 - 2015-04-22 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 20:09 - 2015-04-22 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 20:09 - 2015-04-22 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 20:09 - 2015-04-22 03:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 20:09 - 2015-04-22 03:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 20:09 - 2015-04-22 03:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 20:09 - 2015-04-22 03:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 20:09 - 2015-04-22 03:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 20:09 - 2015-04-22 03:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 20:09 - 2015-04-22 03:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 20:09 - 2015-04-22 03:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 20:09 - 2015-04-22 03:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 20:09 - 2015-04-22 03:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 20:09 - 2015-04-22 03:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 20:09 - 2015-04-22 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 20:09 - 2015-04-22 03:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 20:09 - 2015-04-22 02:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 20:09 - 2015-04-22 02:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 20:09 - 2015-04-13 15:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 20:06 - 2015-04-28 07:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 20:06 - 2015-04-28 07:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 20:06 - 2015-04-28 07:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 20:06 - 2015-04-28 07:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 20:06 - 2015-04-28 07:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 20:06 - 2015-04-28 07:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 20:06 - 2015-04-28 07:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 20:06 - 2015-04-28 07:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 20:06 - 2015-04-28 07:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 20:06 - 2015-04-28 07:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 20:06 - 2015-04-28 07:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 20:06 - 2015-04-28 07:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 20:06 - 2015-04-28 07:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 20:06 - 2015-04-28 07:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 20:06 - 2015-04-28 07:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 20:06 - 2015-04-28 07:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 20:06 - 2015-04-28 07:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 20:06 - 2015-04-28 07:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 20:06 - 2015-04-28 07:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 20:06 - 2015-04-28 07:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 20:06 - 2015-04-28 07:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 20:06 - 2015-04-28 07:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 20:06 - 2015-04-28 07:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 20:06 - 2015-04-28 05:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 20:06 - 2015-04-28 05:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 20:06 - 2015-04-28 05:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 05:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 05:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 05:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 20:05 - 2015-04-28 07:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 20:05 - 2015-04-28 07:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 20:05 - 2015-04-28 07:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 20:05 - 2015-04-28 07:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 20:05 - 2015-04-28 07:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 20:05 - 2015-04-28 06:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 20:05 - 2015-04-20 15:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 20:05 - 2015-04-20 15:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 20:05 - 2015-04-20 14:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 20:05 - 2015-04-20 14:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 20:05 - 2015-04-08 15:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 20:05 - 2015-04-08 15:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-08 21:18 - 2015-01-31 15:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-05-08 21:18 - 2015-01-31 15:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-05-08 21:18 - 2015-01-31 11:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-05-08 21:17 - 2014-12-12 05:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-07 09:10 - 2014-09-05 14:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-05-07 09:10 - 2014-09-05 13:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-05-05 14:21 - 2015-06-02 17:07 - 00000000 ____D () C:\Users\Robin\Desktop\Randoms
2015-05-05 14:17 - 2015-05-05 14:24 - 00000000 ____D () C:\Users\Robin\Desktop\Camera stuff
2015-05-05 14:03 - 2013-10-02 14:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-05-05 14:03 - 2013-10-02 14:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-05-05 14:03 - 2013-10-02 14:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-05-05 14:03 - 2013-10-02 13:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-05-05 14:03 - 2013-10-02 13:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-05-05 14:03 - 2013-10-02 13:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-05-05 14:03 - 2013-10-02 13:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-05-05 14:03 - 2013-10-02 12:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-05-05 14:03 - 2013-10-02 12:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-05-05 14:03 - 2013-10-02 12:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-05-05 14:03 - 2013-10-02 12:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-05-05 14:03 - 2013-10-02 11:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-05-05 14:03 - 2013-10-02 11:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-05-05 14:03 - 2013-10-02 11:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-05-05 14:03 - 2013-10-02 10:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-05-05 13:43 - 2012-08-24 02:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-05-05 13:43 - 2012-08-23 23:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-05-05 13:43 - 2012-08-23 22:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-05-05 13:18 - 2015-03-14 15:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-05 13:18 - 2015-03-14 15:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-05 13:18 - 2015-03-14 15:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-05 13:18 - 2015-03-14 15:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-05 13:18 - 2015-01-29 15:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-05 13:18 - 2015-01-29 15:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-05 13:16 - 2015-02-18 19:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-05 13:16 - 2015-02-18 19:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-05 13:15 - 2015-03-04 16:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-05 13:15 - 2015-03-04 16:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-05 13:15 - 2015-03-04 16:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-05 13:15 - 2015-03-04 16:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-05 13:15 - 2015-03-04 16:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-05 13:15 - 2015-03-04 16:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-05 13:15 - 2015-03-04 16:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-05 13:12 - 2015-05-05 13:13 - 00000000 ___DC () C:\Users\Robin\AppData\Local\MigWiz

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 22:34 - 2009-07-14 16:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 22:34 - 2009-07-14 16:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 21:59 - 2014-06-28 10:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-02 19:18 - 2014-12-01 16:08 - 00000000 ____D () C:\Users\Robin\.gimp-2.8
2015-06-02 18:57 - 2011-03-10 20:44 - 01918209 _____ () C:\Windows\WindowsUpdate.log
2015-06-02 17:40 - 2015-02-23 17:23 - 00000000 ____D () C:\Users\Robin\Documents\contract notes-Craigs Stuff
2015-06-02 17:08 - 2014-06-26 02:36 - 00000000 ____D () C:\Users\Robin
2015-06-02 11:14 - 2014-07-28 23:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 11:12 - 2014-07-28 23:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-02 10:11 - 2014-06-30 21:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-06-02 09:58 - 2014-06-26 01:15 - 00284510 _____ () C:\Windows\PFRO.log
2015-06-02 09:58 - 2009-07-14 17:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 09:58 - 2009-07-14 16:51 - 00094810 _____ () C:\Windows\setupact.log
2015-06-01 15:09 - 2014-07-22 13:58 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRobin
2015-06-01 15:09 - 2014-06-25 23:38 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForRobin.job
2015-06-01 14:57 - 2014-06-26 00:01 - 00000000 ____D () C:\Program Files (x86)\Google
2015-06-01 14:48 - 2014-06-26 00:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\Google
2015-06-01 14:16 - 2014-06-26 20:23 - 00000000 ____D () C:\AdwCleaner
2015-05-29 10:18 - 2009-07-14 14:34 - 00450771 ____R () C:\Windows\system32\Drivers\etc\hosts.20150529-103902.backup
2015-05-29 10:09 - 2014-12-17 12:30 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-28 20:24 - 2014-08-13 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-26 14:35 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\rescache
2015-05-22 09:26 - 2014-06-28 10:01 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-22 09:26 - 2014-06-28 10:01 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-22 09:26 - 2014-06-28 10:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-22 09:24 - 2014-07-25 15:53 - 00000000 ____D () C:\Users\Robin\AppData\Local\Adobe
2015-05-20 22:31 - 2015-04-04 20:31 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 22:31 - 2015-04-04 20:31 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 22:46 - 2014-12-16 09:12 - 00000000 ____D () C:\Users\Robin\Documents\Wondershare Video Editor
2015-05-18 10:19 - 2009-07-14 17:13 - 00797498 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 09:30 - 2014-06-26 03:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-14 09:25 - 2014-07-14 22:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 08:42 - 2009-07-14 16:45 - 00421544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 23:40 - 2014-06-25 23:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 23:36 - 2014-06-26 22:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 23:28 - 2014-06-26 22:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 23:17 - 2014-08-03 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 23:15 - 2014-08-03 16:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 23:15 - 2014-08-03 16:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-07 08:50 - 2009-07-14 15:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-05 23:00 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-05 23:00 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-05 13:54 - 2014-07-09 22:19 - 00781808 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-05 13:09 - 2014-07-28 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-05 13:09 - 2014-07-28 23:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-05 12:24 - 2015-02-18 02:02 - 00000000 ____D () C:\Windows\pss

==================== Files in the root of some directories =======

2014-06-26 15:15 - 2014-06-26 15:15 - 0000036 _____ () C:\Users\Robin\AppData\Local\housecall.guid.cache
2011-03-10 21:06 - 2011-03-10 21:06 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-10-24 16:37 - 2010-10-24 16:38 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-03-10 21:06 - 2011-03-10 21:06 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-10-24 16:31 - 2010-10-24 16:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-03-10 21:05 - 2011-03-10 21:05 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-03-10 21:06 - 2011-03-10 21:06 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-10-24 16:31 - 2010-10-24 16:31 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-24 16:33 - 2010-10-24 16:37 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-10-24 16:38 - 2011-03-10 21:07 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some files in TEMP:
====================
C:\Users\Robin\AppData\Local\Temp\Quarantine.exe
C:\Users\Robin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-26 14:28

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Robin at 2015-06-02 22:37:36
Running from C:\Users\Robin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1980509205-770425902-735787935-500 - Administrator - Disabled)
Guest (S-1-5-21-1980509205-770425902-735787935-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1980509205-770425902-735787935-1003 - Limited - Enabled)
Robin (S-1-5-21-1980509205-770425902-735787935-1001 - Administrator - Enabled) => C:\Users\Robin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.506.5829 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.506.5829 - ABBYY) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{28FA742C-DC52-9804-7116-E198E0AEFAE4}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0929.2212.37971 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3320 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Easy Photo Print 2 (HKLM-x32\...\{4FB984CB-4CE4-4104-A554-D04CEFE3D690}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON TX120 NX120 Series Manual (HKLM-x32\...\EPSON TX120 NX120 Series Manual) (Version:  - )
EPSON TX120 NX120 Series Printer Uninstall (HKLM\...\EPSON TX120 NX120 Series) (Version:  - SEIKO EPSON Corporation)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GoPro Studio 2.5.4 (HKLM-x32\...\GoPro Studio) (Version: 2.5.4 - GoPro, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{C84FFB07-C687-45CF-91C8-868DB8D8C8CD}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version:  - Zecter Inc.)
HP Documentation (HKLM-x32\...\{0408422C-BE82-446A-8A8D-1431F4D35245}) (Version: 1.3.0.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{09BDCC02-80F2-4EFB-8F1B-A807D2C38E31}) (Version: 1.0.1.2 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4604 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{BE6725F2-6D15-477C-86C6-4522B8569D62}) (Version: 3.1.2.2 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.3303 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.4042 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{AF306BD8-F9D1-4627-89B9-246E59074A05}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EF682D1C-591D-48B5-9803-628DA622C281}) (Version: 2.2.7 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6B114F59-6732-4EA5-A33E-ACC6DEC49B61}) (Version: 4.0.70.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
Java™ 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Java™ 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3220 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
OLYMPUS A-GPS Utility (HKLM-x32\...\{1D4B5706-4D1C-46BB-B19B-4814D845AFF4}) (Version: 1.9.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{52F02F20-77E1-41A6-9758-7C8751D880A2}) (Version: 1.4.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 3 (HKLM-x32\...\{B8737126-7348-4F84-93BF-D4A82E653CA7}) (Version: 1.1.0 - OLYMPUS IMAGING CORP.)
OPUS Device Manager (HKLM-x32\...\{85AD6901-2774-4161-926E-84529F8D7B53}) (Version: 01.07 - Philips)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
PIXresizer (HKLM-x32\...\PIXresizer_is1) (Version: 2.0.7 - Bluefive software)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4419 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3320 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SoftStylus (HKLM-x32\...\{4D31A225-453B-4798-8452-9F2181CA6971}) (Version: 2.2.135.3 - Motorola)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Telecom Connection Manager (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 0.2 - )
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
World Cup Cricket 20-20 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

07-05-2015 22:15:50 Windows Update
10-05-2015 21:05:37 Windows Update
13-05-2015 23:13:24 Windows Update
20-05-2015 13:26:33 Windows Update
20-05-2015 22:30:49 Windows Update
26-05-2015 18:31:28 Windows Update
29-05-2015 09:29:00 Checkpoint by HitmanPro
29-05-2015 09:30:05 Checkpoint by HitmanPro
29-05-2015 10:23:02 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 14:34 - 2015-05-29 10:39 - 00450771 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00039F0B-4F03-4A0A-AE84-11B554F4CE90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {0E6B796B-4403-4963-97A9-578C4D98B920} - System32\Tasks\{434C39CA-72EA-414D-8014-6D8DDC67E092} => Chrome.exe
Task: {1744E26E-0447-417C-8E3E-229A60BA18BB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {3370D5C9-D009-4C29-B0D4-ADC2DEBAC5BC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5C1E836D-6F00-4494-A49A-F8FCEE538110} - System32\Tasks\{26A333A6-A740-4ED6-A486-E93DDF7629E9} => C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe [2014-12-17] ()
Task: {5C7E7B5C-05B5-495C-9197-9C4387A535EB} - System32\Tasks\{9B86B478-807F-4995-A210-59700CB93D24} => C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe [2014-12-17] ()
Task: {628B5908-AA3B-49D1-B790-645238776C38} - System32\Tasks\{396A0824-A2C2-48D9-A9F9-67944519AFD0} => C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe [2014-12-17] ()
Task: {634CDD4B-427D-4B79-9729-82BE21F52CEA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {75B91A0C-B80F-4FEA-9952-5CF7F8BEC60E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {7A142417-CCF8-4199-AB4A-4C53820ED01A} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] ()
Task: {7ED9A161-13DA-4712-B1F7-1CC2C568FA60} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7EE30CB6-78D0-420A-80FD-B3AEE30A7D1A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {85B038FD-1BBE-4BA9-8914-B681F04B194F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8C447A03-EADD-4B06-8EE0-ABFDA67DBC35} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {910093CC-1616-452C-AD48-DFBA9F7E2E5E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-04] (CyberLink)
Task: {9DFA98B6-AD53-4D9E-89C7-133073242B0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A75994C3-BA36-4974-8400-9E5452BB2061} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-07] (Trend Micro Inc.)
Task: {AAB2B8C2-EDBB-42D9-ABF7-1FEDE174E188} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-06-26] (Microsoft Corporation)
Task: {B06B7179-E425-43F5-A39B-90D604C9559E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {B0BEA2F6-3475-4804-887A-C8A2D2E7553B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {B162DF71-F99A-46CA-97FB-130292C2F3AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-22] (Adobe Systems Incorporated)
Task: {C2ED31F9-AA36-4CAA-8004-169177BE2654} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-05-21] (Microsoft)
Task: {C6510E30-EACF-4075-9AFA-DE8909A29112} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {CA73CE4A-95F4-4562-AC43-DA439552C54B} - System32\Tasks\{159361F6-3E9B-4E68-BA65-4360EF4DCECD} => Chrome.exe http://ui.skype.com/ui/0/4.2.0.166.324/en/go/help.faq.installer?LastError=1618
Task: {D71C14DC-A3F1-4481-A9F9-27AE765AEDBA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {E7B20E26-8F21-48A3-84B1-E06EADE98D3B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {EF7CFDA1-081D-41B8-B4BF-7FF74D26A9CF} - System32\Tasks\HPCeeScheduleForRobin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {EFD18E83-FCC2-4DE8-A9FE-159E190BDC70} - System32\Tasks\{463995E0-9EEF-432A-94B1-0391533B5EB2} => C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe [2014-12-17] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRobin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-06-26 02:11 - 2013-01-16 14:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-06-26 02:11 - 2013-04-02 16:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-06-26 02:11 - 2013-01-16 14:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-06-26 02:11 - 2012-12-19 08:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-06-26 02:11 - 2013-01-16 14:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2014-06-26 01:55 - 2013-07-24 03:28 - 00247352 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2014-06-25 23:53 - 2010-09-09 17:40 - 00253264 _____ () C:\Program Files (x86)\Telecom Connection Manager\AssistantServices.exe
2010-09-01 13:16 - 2010-09-01 13:16 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-06-26 02:26 - 2013-12-19 01:33 - 00057584 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2010-07-22 09:33 - 2010-07-22 09:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-22 09:33 - 2010-07-22 09:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-07-22 09:33 - 2010-07-22 09:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2015-05-29 00:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-29 00:06 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-29 00:06 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-05-29 00:06 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-29 00:06 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-01 11:11 - 2015-06-01 11:11 - 01020928 _____ () C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1980509205-770425902-735787935-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GoPro Importer.lnk => C:\Windows\pss\GoPro Importer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear OPUS Device Manager.lnk => C:\Windows\pss\Philips GoGear OPUS Device Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: OV3_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe" /OS
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E0069537-79EA-4C7C-A54A-17652E45EA8A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{260AF3E6-0072-4B75-A0DA-DB6C4BF7993A}] => (Allow) LPort=2869
FirewallRules: [{2B0B1E45-38F5-46DA-B6C0-9D2B43C6E602}] => (Allow) LPort=1900
FirewallRules: [{DD85F34E-AFC7-43B9-B722-9D3D51CBCDA7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EE273926-1E11-49E7-94DB-7DC4D4191B59}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{F426020A-7FCE-465B-A84F-D5C88AB46E04}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{EB07816E-20F9-4D2D-8D15-4B5D781F3CA1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{8398E352-C716-4E23-81F1-EA7CE52D2517}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{4A203A70-5040-47A9-87E5-04CA1177AAC4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{04D3EAF6-E301-4842-BA21-93454CEBA781}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{D3918954-DCB2-47E8-A152-9691B96D7381}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{F9911836-FD9A-46D4-993D-99B0F3A3F7AE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{5F009B5F-B77C-4737-82C0-2865AF5BAEDB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{AA0744BA-CEB3-4261-822D-3F4BB826AE2D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{06D8072E-FA67-47C5-8D28-416F436065EC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{4A549F41-6FB7-41C9-89FA-8BB444AA59B5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [TCP Query User{6284B80A-8B75-4F25-BB83-1B71CB72FF29}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{A36238DE-5026-448F-9089-C2DFDFC4A22C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{6B5CD0FB-D797-4E65-9CDB-C3B28A85706D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C994933C-B7C7-4D91-BBD7-5A3D116D1C34}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{CCA29F5A-E73B-4D7C-848F-680AC8192EB8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3A7D86A0-1A72-4A21-9E8E-297FC4A1FCE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC988FAC-8B84-4BE6-B63C-658C1A852E31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D712B1E3-4CB2-4DE4-BE82-8025C9B67297}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{0B19AA91-2161-44BD-9C41-66FB543A0D80}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{DECD5851-D48F-4C01-B2C7-3B2AECD1CCED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E2D5DADE-DAF1-4EF0-BCAB-77B607FC062E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E58EF548-5833-4B9D-B0DE-994276A46C95}] => (Allow) C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
FirewallRules: [{371293A6-885A-4840-89D2-2E50B603C3A4}] => (Allow) C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
FirewallRules: [{919F4E16-DABF-4344-B4CC-0749FDBD9A04}] => (Allow) C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
FirewallRules: [{AEFEF2C2-B20E-4437-85B1-1A39E9E27EE2}] => (Allow) C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
FirewallRules: [{9E102CFD-13E3-4DB3-B82D-D1C7F1843AD0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{3993A34B-7313-4D9C-BC9C-6A949E4506BD}] => (Allow) C:\Users\Robin\AppData\Local\Temp\nspBB93.tmp\CnetInstaller-75974744.exe
FirewallRules: [{519F7E80-85C4-44CB-9F11-45CA4FE5E607}] => (Allow) C:\Users\Robin\AppData\Local\Temp\nspBB93.tmp\CnetInstaller-75974744.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2015 10:12:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (05/29/2015 09:37:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x1acc
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3

Error: (05/29/2015 09:32:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x14ac
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002e8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002E3F280.72).  hr = 0x80070005, Access is denied.
.

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000ab8,(null),0,REG_BINARY,0000000006BEE3F0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {a63e55a1-9d54-4b4b-8cab-43f01cc00b31}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002a4,(null),0,REG_BINARY,000000000787DE00.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d590562a-f7ea-4ea3-a90a-25ba8f8e307c}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007cc,(null),0,REG_BINARY,00000000039EE330.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {dab010f9-7efe-43b7-8ced-9d147d4224a4}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000001CFEAD0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d5e9ba60-27e5-4ca3-8541-9c04732dc420}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001bc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000131EC70.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {e66d7c1b-df6c-4f3a-8d89-c8f3c329a5ec}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002a4,(null),0,REG_BINARY,000000000787DE00.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d590562a-f7ea-4ea3-a90a-25ba8f8e307c}


System errors:
=============
Error: (06/01/2015 02:16:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/01/2015 02:16:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Wireless Assistant Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/01/2015 02:16:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/01/2015 02:16:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/01/2015 02:16:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/01/2015 02:16:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/01/2015 02:16:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/01/2015 02:16:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The UI Assistant Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/01/2015 02:16:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/01/2015 02:16:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (05/31/2015 10:12:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (05/29/2015 09:37:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDUpdate.exe2.4.40.9453ad3eeeKERNELBASE.dll6.1.7601.18839553e88ab0eedfade0000c42d1acc01d0998e7d2ce1e8C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dllbaf89da6-0581-11e5-b88c-9ee9577fd9ab

Error: (05/29/2015 09:32:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDUpdate.exe2.4.40.9453ad3eeeKERNELBASE.dll6.1.7601.18839553e88ab0eedfade0000c42d14ac01d0998dca5aafbdC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dll0937eac0-0581-11e5-b88c-9ee9577fd9ab

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002e8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002E3F280.72)0x80070005, Access is denied.

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000ab8,(null),0,REG_BINARY,0000000006BEE3F0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {a63e55a1-9d54-4b4b-8cab-43f01cc00b31}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002a4,(null),0,REG_BINARY,000000000787DE00.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d590562a-f7ea-4ea3-a90a-25ba8f8e307c}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000007cc,(null),0,REG_BINARY,00000000039EE330.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {dab010f9-7efe-43b7-8ced-9d147d4224a4}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000001CFEAD0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d5e9ba60-27e5-4ca3-8541-9c04732dc420}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001bc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000131EC70.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {e66d7c1b-df6c-4f3a-8d89-c8f3c329a5ec}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002a4,(null),0,REG_BINARY,000000000787DE00.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d590562a-f7ea-4ea3-a90a-25ba8f8e307c}


==================== Memory info ===========================

Processor: AMD Phenom™ II N970 Quad-Core Processor
Percentage of memory in use: 36%
Total physical RAM: 7930.9 MB
Available physical RAM: 5045.94 MB
Total Pagefile: 15860.01 MB
Available Pagefile: 12283.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:444.56 GB) (Free:310.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.91 GB) (Free:3.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6F960EAA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of log ============================

Edited by Queen-Evie, 02 June 2015 - 07:30 AM.
moved from AII to Malware Removal Logs. FRST logs are allowed only in MRL


BC AdBot (Login to Remove)

 


#2 blackrobin

blackrobin
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:N.Z
  • Local time:08:03 PM

Posted 02 June 2015 - 06:51 AM

so sorry if I accidentally posted this 2x, it told me I was offline and had to do it again, please remove 1 if I did. Also I tried to add a screenshot, can someone tell me what format to send it in?
Since then I have tried JPEG and GIF, original was in pNG but I note that bkdesigns did have an image in and its the same

 

ok so I only have 1 question on the forum, this is is, so very very happy if someone can help me, its got quite bad and I don't know how potentially serious


Edited by blackrobin, 02 June 2015 - 05:53 PM.
nm for original edit.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:03 AM

Posted 07 June 2015 - 06:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/578158 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 blackrobin

blackrobin
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:N.Z
  • Local time:08:03 PM

Posted 08 June 2015 - 07:22 AM

Hope this is what you are asking for, thanks so much, so glad of your help, Robin

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Robin (administrator) on ROBIN-HP on 09-06-2015 00:08:18
Running from C:\Users\Robin\Downloads
Loaded Profiles: Robin (Available Profiles: Robin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Telecom Connection Manager\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Farbar) C:\Users\Robin\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-09-15] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-01] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-22] (Hewlett-Packard Company)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1980509205-770425902-735787935-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1980509205-770425902-735787935-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-23] (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-23] (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-23] (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-23] (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-23] (Versionate Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1980509205-770425902-735787935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll [2014-01-17] (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll [2014-08-07] (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-24] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll [2014-01-17] (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll [2014-08-07] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-24] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
Toolbar: HKU\S-1-5-21-1980509205-770425902-735787935-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll [2014-08-07] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll [2014-08-07] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll [2014-01-17] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll [2014-01-17] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-04-12] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2013-09-27] (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705
FF Homepage: hxxp://www.stuff.co.nz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-22] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-10-24] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-19] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2010-10-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\donottrackplus@abine.com [2015-06-01]
FF Extension: HTTPS-Everywhere - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\https-everywhere@eff.org [2015-06-01]
FF Extension: LastPass - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\support@lastpass.com [2015-06-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-01]
FF Extension: Ghostery - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\firefox@ghostery.com.xpi [2015-06-01]
FF Extension: Self-Destructing Cookies - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-06-01]
FF Extension: Smart Referer - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\smart-referer@meh.paranoid.pk.xpi [2015-06-01]
FF Extension: Webutation - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2015-06-01]
FF Extension: NoScript - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-01]
FF Extension: Adblock Plus - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-01]
FF Extension: BetterPrivacy - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-06-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-03]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-06-26]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-06-26]

Chrome:
=======
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-29] (SurfRight B.V.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 UI Assistant Service; C:\Program Files (x86)\Telecom Connection Manager\AssistantServices.exe [253264 2010-09-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-02] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-23] (Trend Micro Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 00:07 - 2015-06-09 00:07 - 00057078 _____ C:\Users\Robin\Downloads\FRST.txt2.txt
2015-06-08 23:55 - 2015-06-08 23:55 - 02108928 _____ (Farbar) C:\Users\Robin\Downloads\FRST64(1).exe
2015-06-07 22:30 - 2015-06-07 22:30 - 05765530 _____ C:\Users\Robin\Downloads\nz5412(1).tif
2015-06-07 22:27 - 2015-06-07 22:28 - 05765530 _____ C:\Users\Robin\Downloads\nz5412.tif
2015-06-05 21:18 - 2015-05-23 06:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 21:18 - 2015-05-23 06:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 21:18 - 2015-05-23 06:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 21:18 - 2015-05-23 06:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 21:18 - 2015-05-23 06:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 21:18 - 2015-05-23 06:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 21:18 - 2015-05-23 06:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 21:18 - 2015-05-22 01:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-03 11:13 - 2015-06-04 10:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 10:28 - 2015-06-03 10:28 - 00000000 ____D C:\Users\Robin\AppData\Local\GWX
2015-06-02 22:44 - 2015-06-02 23:50 - 00000000 ____D C:\Users\Robin\Documents\Computer issue
2015-06-02 22:37 - 2015-06-02 22:39 - 00048363 _____ C:\Users\Robin\Downloads\Addition.txt
2015-06-02 22:36 - 2015-06-09 00:08 - 00020836 _____ C:\Users\Robin\Downloads\FRST.txt
2015-06-02 22:36 - 2015-06-09 00:08 - 00000000 ____D C:\FRST
2015-06-02 22:35 - 2015-06-02 22:35 - 02108928 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe
2015-06-02 17:38 - 2015-06-02 19:26 - 00000000 ____D C:\Users\Robin\Documents\Oil spill Pilot bay
2015-06-02 17:32 - 2015-06-02 17:36 - 00000000 ____D C:\Users\Robin\Documents\Go Pro Camera update
2015-06-02 17:32 - 2015-06-02 17:33 - 00000000 ____D C:\Users\Robin\Documents\Banking
2015-06-02 17:30 - 2015-06-02 17:35 - 00000000 ____D C:\Users\Robin\Documents\Mercer Kiwisaver
2015-06-02 17:29 - 2015-06-02 19:03 - 00000000 ____D C:\Users\Robin\Documents\payslips2015
2015-06-02 17:03 - 2015-06-02 17:41 - 00000000 ____D C:\Users\Robin\Documents\TAX STUFF
2015-06-01 14:23 - 2015-06-01 14:23 - 03480040 _____ (McAfee, Inc.) C:\Users\Robin\Downloads\MCPR.exe
2015-06-01 14:12 - 2015-06-01 14:12 - 02231296 _____ C:\Users\Robin\Downloads\adwcleaner_4.206.exe
2015-05-31 23:55 - 2015-05-31 23:55 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Robin\Downloads\rkill.exe
2015-05-31 23:54 - 2015-06-02 17:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-31 23:49 - 2015-05-31 23:50 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Robin\Downloads\mbar-1.09.1.1004.exe
2015-05-31 23:47 - 2015-06-05 21:08 - 00000000 ____D C:\Users\Robin\Desktop\Mal
2015-05-31 23:21 - 2015-05-31 23:21 - 00039327 _____ C:\Users\Robin\Documents\Result.txt
2015-05-31 23:15 - 2015-05-31 23:20 - 00039327 _____ C:\Users\Robin\Downloads\Result.txt
2015-05-31 23:12 - 2015-05-31 23:12 - 00403456 _____ (Farbar) C:\Users\Robin\Downloads\MiniToolBox.exe
2015-05-31 23:12 - 2015-05-31 23:12 - 00002351 _____ C:\Users\Robin\Documents\FSS.txt
2015-05-31 23:11 - 2015-05-31 23:11 - 00002351 _____ C:\Users\Robin\Downloads\FSS.txt
2015-05-31 23:10 - 2015-05-31 23:10 - 00415232 _____ (Farbar) C:\Users\Robin\Downloads\FSS.exe
2015-05-31 23:09 - 2015-05-31 23:09 - 00001118 _____ C:\Users\Robin\Documents\checkup.txt
2015-05-31 23:02 - 2015-05-31 23:02 - 00852639 _____ C:\Users\Robin\Downloads\SecurityCheck.exe
2015-05-29 11:09 - 2015-05-29 11:09 - 00000303 _____ C:\Windows\wininit.ini
2015-05-29 10:22 - 2015-04-11 15:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-29 10:18 - 2009-06-11 09:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150529-101819.backup
2015-05-29 10:09 - 2015-05-29 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-05-29 00:06 - 2015-05-29 05:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-05-29 00:06 - 2015-05-29 00:06 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-29 00:06 - 2015-05-29 00:06 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-05-29 00:06 - 2015-05-29 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-29 00:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-05-29 00:05 - 2015-05-29 00:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-28 23:59 - 2015-05-29 00:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Robin\Downloads\spybot-2.4.exe
2015-05-28 23:44 - 2015-05-28 23:45 - 00014922 _____ C:\Users\Robin\Documents\HitmanPro_20150528_2344.log
2015-05-28 23:27 - 2015-05-28 23:29 - 11024496 _____ (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro_x64(1).exe
2015-05-15 11:57 - 2015-05-31 23:31 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-05-15 11:55 - 2015-05-15 11:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Robin\Downloads\revosetup.exe
2015-05-13 23:17 - 2015-05-02 01:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:17 - 2015-05-02 01:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 20:10 - 2015-05-05 13:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 20:10 - 2015-05-05 13:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 20:10 - 2015-04-18 15:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 20:10 - 2015-04-18 14:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 20:09 - 2015-04-22 14:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 20:09 - 2015-04-22 13:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 20:09 - 2015-04-22 05:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 20:09 - 2015-04-22 05:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 20:09 - 2015-04-22 05:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 20:09 - 2015-04-22 04:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 20:09 - 2015-04-22 04:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 20:09 - 2015-04-22 04:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 20:09 - 2015-04-22 04:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 20:09 - 2015-04-22 04:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 20:09 - 2015-04-22 04:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 20:09 - 2015-04-22 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 20:09 - 2015-04-22 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 20:09 - 2015-04-22 04:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 20:09 - 2015-04-22 04:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 20:09 - 2015-04-22 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 20:09 - 2015-04-22 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 20:09 - 2015-04-22 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 20:09 - 2015-04-22 04:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 20:09 - 2015-04-22 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 20:09 - 2015-04-22 04:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 20:09 - 2015-04-22 04:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 20:09 - 2015-04-22 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 20:09 - 2015-04-22 04:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 20:09 - 2015-04-22 04:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 20:09 - 2015-04-22 04:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 20:09 - 2015-04-22 04:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 20:09 - 2015-04-22 04:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 20:09 - 2015-04-22 04:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 20:09 - 2015-04-22 04:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 20:09 - 2015-04-22 04:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 20:09 - 2015-04-22 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 20:09 - 2015-04-22 04:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 20:09 - 2015-04-22 04:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 20:09 - 2015-04-22 04:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 20:09 - 2015-04-22 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 20:09 - 2015-04-22 03:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 20:09 - 2015-04-22 03:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 20:09 - 2015-04-22 03:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 20:09 - 2015-04-22 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 20:09 - 2015-04-22 03:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 20:09 - 2015-04-22 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 20:09 - 2015-04-22 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 20:09 - 2015-04-22 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 20:09 - 2015-04-22 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 20:09 - 2015-04-22 03:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 20:09 - 2015-04-22 03:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 20:09 - 2015-04-22 03:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 20:09 - 2015-04-22 03:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 20:09 - 2015-04-22 03:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 20:09 - 2015-04-22 03:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 20:09 - 2015-04-22 03:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 20:09 - 2015-04-22 03:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 20:09 - 2015-04-22 03:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 20:09 - 2015-04-22 03:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 20:09 - 2015-04-22 03:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 20:09 - 2015-04-22 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 20:09 - 2015-04-22 03:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 20:09 - 2015-04-22 02:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 20:09 - 2015-04-22 02:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 20:09 - 2015-04-13 15:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 20:06 - 2015-04-28 07:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 20:06 - 2015-04-28 07:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 20:06 - 2015-04-28 07:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 20:06 - 2015-04-28 07:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 20:06 - 2015-04-28 07:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 20:06 - 2015-04-28 07:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 20:06 - 2015-04-28 07:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 20:06 - 2015-04-28 07:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 20:06 - 2015-04-28 07:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 07:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 20:06 - 2015-04-28 07:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 20:06 - 2015-04-28 07:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 20:06 - 2015-04-28 07:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 20:06 - 2015-04-28 07:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 20:06 - 2015-04-28 07:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 20:06 - 2015-04-28 07:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 20:06 - 2015-04-28 07:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 20:06 - 2015-04-28 07:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 20:06 - 2015-04-28 07:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 20:06 - 2015-04-28 07:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 20:06 - 2015-04-28 07:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 20:06 - 2015-04-28 07:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 20:06 - 2015-04-28 07:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 20:06 - 2015-04-28 07:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 20:06 - 2015-04-28 07:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 20:06 - 2015-04-28 07:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 20:06 - 2015-04-28 07:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 06:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 20:06 - 2015-04-28 05:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 20:06 - 2015-04-28 05:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 20:06 - 2015-04-28 05:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 05:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 05:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 20:06 - 2015-04-28 05:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 20:05 - 2015-04-28 07:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 20:05 - 2015-04-28 07:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 20:05 - 2015-04-28 07:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 20:05 - 2015-04-28 07:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 20:05 - 2015-04-28 07:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 20:05 - 2015-04-28 06:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 20:05 - 2015-04-20 15:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 20:05 - 2015-04-20 15:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 20:05 - 2015-04-20 14:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 20:05 - 2015-04-20 14:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 20:05 - 2015-04-08 15:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 20:05 - 2015-04-08 15:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 23:59 - 2014-06-28 10:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 23:25 - 2015-03-17 21:13 - 00009216 _____ C:\My3DGraph.grf
2015-06-08 23:25 - 2010-10-24 16:25 - 00000000 ____D C:\ProgramData\Temp
2015-06-08 22:33 - 2014-06-30 21:18 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-06-08 22:31 - 2011-03-10 20:44 - 01069802 _____ C:\Windows\WindowsUpdate.log
2015-06-08 22:30 - 2009-07-14 16:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 22:30 - 2009-07-14 16:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 22:12 - 2009-07-14 17:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 22:12 - 2009-07-14 16:51 - 00095370 _____ C:\Windows\setupact.log
2015-06-07 17:42 - 2014-06-26 14:18 - 00000000 ____D C:\Users\Robin\AppData\Local\CrashDumps
2015-06-07 17:37 - 2009-07-14 17:13 - 00797498 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-06 19:36 - 2015-05-05 14:21 - 00000000 ____D C:\Users\Robin\Desktop\Randoms
2015-06-06 19:31 - 2014-12-15 11:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-06 19:31 - 2014-07-10 20:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-05 21:10 - 2014-07-22 13:58 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRobin
2015-06-05 21:10 - 2014-06-25 23:38 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForRobin.job
2015-06-04 10:53 - 2014-06-26 03:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 10:53 - 2014-06-26 01:15 - 00284878 _____ C:\Windows\PFRO.log
2015-06-02 22:42 - 2014-12-01 16:08 - 00000000 ____D C:\Users\Robin\.gimp-2.8
2015-06-02 17:40 - 2015-02-23 17:23 - 00000000 ____D C:\Users\Robin\Documents\contract notes-Craigs Stuff
2015-06-02 17:08 - 2014-06-26 02:36 - 00000000 ____D C:\Users\Robin
2015-06-02 11:14 - 2014-07-28 23:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 11:12 - 2014-07-28 23:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-01 14:57 - 2014-06-26 00:01 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-01 14:48 - 2014-06-26 00:01 - 00000000 ____D C:\Users\Robin\AppData\Local\Google
2015-06-01 14:16 - 2014-06-26 20:23 - 00000000 ____D C:\AdwCleaner
2015-05-29 10:18 - 2009-07-14 14:34 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20150529-103902.backup
2015-05-29 10:09 - 2014-12-17 12:30 - 00000000 ____D C:\Program Files\HitmanPro
2015-05-28 20:24 - 2014-08-13 20:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-26 14:35 - 2009-07-14 15:20 - 00000000 ____D C:\Windows\rescache
2015-05-22 09:26 - 2014-06-28 10:01 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-22 09:26 - 2014-06-28 10:01 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-22 09:26 - 2014-06-28 10:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-22 09:24 - 2014-07-25 15:53 - 00000000 ____D C:\Users\Robin\AppData\Local\Adobe
2015-05-20 22:31 - 2015-04-04 20:31 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 22:31 - 2015-04-04 20:31 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-18 22:46 - 2014-12-16 09:12 - 00000000 ____D C:\Users\Robin\Documents\Wondershare Video Editor
2015-05-14 09:25 - 2014-07-14 22:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 08:42 - 2009-07-14 16:45 - 00421544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 23:40 - 2014-06-25 23:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-13 23:36 - 2014-06-26 22:28 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 23:28 - 2014-06-26 22:28 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 23:17 - 2014-08-03 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 23:15 - 2014-08-03 16:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 23:15 - 2014-08-03 16:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2014-06-26 15:15 - 2014-06-26 15:15 - 0000036 _____ () C:\Users\Robin\AppData\Local\housecall.guid.cache
2011-03-10 21:06 - 2011-03-10 21:06 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-10-24 16:37 - 2010-10-24 16:38 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-03-10 21:06 - 2011-03-10 21:06 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-10-24 16:31 - 2010-10-24 16:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-03-10 21:05 - 2011-03-10 21:05 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-03-10 21:06 - 2011-03-10 21:06 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-10-24 16:31 - 2010-10-24 16:31 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-24 16:33 - 2010-10-24 16:37 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-10-24 16:38 - 2011-03-10 21:07 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-26 14:28

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Robin at 2015-06-09 00:09:11
Running from C:\Users\Robin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1980509205-770425902-735787935-500 - Administrator - Disabled)
Guest (S-1-5-21-1980509205-770425902-735787935-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1980509205-770425902-735787935-1003 - Limited - Enabled)
Robin (S-1-5-21-1980509205-770425902-735787935-1001 - Administrator - Enabled) => C:\Users\Robin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.506.5829 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.506.5829 - ABBYY) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{28FA742C-DC52-9804-7116-E198E0AEFAE4}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0929.2212.37971 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3320 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Easy Photo Print 2 (HKLM-x32\...\{4FB984CB-4CE4-4104-A554-D04CEFE3D690}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON TX120 NX120 Series Manual (HKLM-x32\...\EPSON TX120 NX120 Series Manual) (Version: - )
EPSON TX120 NX120 Series Printer Uninstall (HKLM\...\EPSON TX120 NX120 Series) (Version: - SEIKO EPSON Corporation)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GoPro Studio 2.5.4 (HKLM-x32\...\GoPro Studio) (Version: 2.5.4 - GoPro, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{C84FFB07-C687-45CF-91C8-868DB8D8C8CD}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version: - Zecter Inc.)
HP Documentation (HKLM-x32\...\{0408422C-BE82-446A-8A8D-1431F4D35245}) (Version: 1.3.0.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4521 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{09BDCC02-80F2-4EFB-8F1B-A807D2C38E31}) (Version: 1.0.1.2 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4604 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{BE6725F2-6D15-477C-86C6-4522B8569D62}) (Version: 3.1.2.2 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.3303 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.4042 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{AF306BD8-F9D1-4627-89B9-246E59074A05}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EF682D1C-591D-48B5-9803-628DA622C281}) (Version: 2.2.7 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6B114F59-6732-4EA5-A33E-ACC6DEC49B61}) (Version: 4.0.70.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
Java™ 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Java™ 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3220 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
OLYMPUS A-GPS Utility (HKLM-x32\...\{1D4B5706-4D1C-46BB-B19B-4814D845AFF4}) (Version: 1.9.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{52F02F20-77E1-41A6-9758-7C8751D880A2}) (Version: 1.4.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 3 (HKLM-x32\...\{B8737126-7348-4F84-93BF-D4A82E653CA7}) (Version: 1.1.0 - OLYMPUS IMAGING CORP.)
OPUS Device Manager (HKLM-x32\...\{85AD6901-2774-4161-926E-84529F8D7B53}) (Version: 01.07 - Philips)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
PIXresizer (HKLM-x32\...\PIXresizer_is1) (Version: 2.0.7 - Bluefive software)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4419 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3320 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SoftStylus (HKLM-x32\...\{4D31A225-453B-4798-8452-9F2181CA6971}) (Version: 2.2.135.3 - Motorola)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Telecom Connection Manager (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 0.2 - )
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
World Cup Cricket 20-20 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

13-05-2015 23:13:24 Windows Update
20-05-2015 13:26:33 Windows Update
20-05-2015 22:30:49 Windows Update
26-05-2015 18:31:28 Windows Update
29-05-2015 09:29:00 Checkpoint by HitmanPro
29-05-2015 09:30:05 Checkpoint by HitmanPro
29-05-2015 10:23:02 Windows Update
03-06-2015 10:46:50 Windows Update
05-06-2015 23:15:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 14:34 - 2015-05-29 10:39 - 00450771 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00039F0B-4F03-4A0A-AE84-11B554F4CE90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {0E6B796B-4403-4963-97A9-578C4D98B920} - System32\Tasks\{434C39CA-72EA-414D-8014-6D8DDC67E092} => Chrome.exe
Task: {1D65183E-AA41-445B-B01A-1B764345DB7A} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-17] (Microsoft Corporation)
Task: {3370D5C9-D009-4C29-B0D4-ADC2DEBAC5BC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5C1E836D-6F00-4494-A49A-F8FCEE538110} - System32\Tasks\{26A333A6-A740-4ED6-A486-E93DDF7629E9} => C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe [2014-12-17] ()
Task: {5C7E7B5C-05B5-495C-9197-9C4387A535EB} - System32\Tasks\{9B86B478-807F-4995-A210-59700CB93D24} => C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe [2014-12-17] ()
Task: {5CED15F2-173B-4979-AB1D-2951AFDE50E4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {628B5908-AA3B-49D1-B790-645238776C38} - System32\Tasks\{396A0824-A2C2-48D9-A9F9-67944519AFD0} => C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe [2014-12-17] ()
Task: {634CDD4B-427D-4B79-9729-82BE21F52CEA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {672F1DB1-8E19-42AD-BDEC-434FEB891EFE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {75B91A0C-B80F-4FEA-9952-5CF7F8BEC60E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {7A142417-CCF8-4199-AB4A-4C53820ED01A} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] ()
Task: {7ED9A161-13DA-4712-B1F7-1CC2C568FA60} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7EE30CB6-78D0-420A-80FD-B3AEE30A7D1A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {85B038FD-1BBE-4BA9-8914-B681F04B194F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8C447A03-EADD-4B06-8EE0-ABFDA67DBC35} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {910093CC-1616-452C-AD48-DFBA9F7E2E5E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-04] (CyberLink)
Task: {9DFA98B6-AD53-4D9E-89C7-133073242B0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A75994C3-BA36-4974-8400-9E5452BB2061} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-07] (Trend Micro Inc.)
Task: {AAB2B8C2-EDBB-42D9-ABF7-1FEDE174E188} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-06-26] (Microsoft Corporation)
Task: {B0BEA2F6-3475-4804-887A-C8A2D2E7553B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {B162DF71-F99A-46CA-97FB-130292C2F3AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-22] (Adobe Systems Incorporated)
Task: {C2ED31F9-AA36-4CAA-8004-169177BE2654} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-06-04] (Microsoft)
Task: {C6510E30-EACF-4075-9AFA-DE8909A29112} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {CA73CE4A-95F4-4562-AC43-DA439552C54B} - System32\Tasks\{159361F6-3E9B-4E68-BA65-4360EF4DCECD} => Chrome.exe http://ui.skype.com/ui/0/4.2.0.166.324/en/go/help.faq.installer?LastError=1618
Task: {D71C14DC-A3F1-4481-A9F9-27AE765AEDBA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {EB9DC86D-DDF3-4623-87EA-3688670C0936} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {EF7CFDA1-081D-41B8-B4BF-7FF74D26A9CF} - System32\Tasks\HPCeeScheduleForRobin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {EFD18E83-FCC2-4DE8-A9FE-159E190BDC70} - System32\Tasks\{463995E0-9EEF-432A-94B1-0391533B5EB2} => C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe [2014-12-17] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRobin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-06-26 02:11 - 2013-01-16 14:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-06-26 02:11 - 2013-04-02 16:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-06-26 02:11 - 2013-01-16 14:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-06-26 02:11 - 2012-12-19 08:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-06-26 02:11 - 2013-01-16 14:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2014-06-26 01:55 - 2013-07-24 03:28 - 00247352 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2010-09-01 13:16 - 2010-09-01 13:16 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-06-26 02:26 - 2013-12-19 01:33 - 00057584 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2014-06-25 23:53 - 2010-09-09 17:40 - 00253264 _____ () C:\Program Files (x86)\Telecom Connection Manager\AssistantServices.exe
2010-07-22 09:33 - 2010-07-22 09:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-22 09:33 - 2010-07-22 09:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-07-22 09:33 - 2010-07-22 09:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2015-05-29 00:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-29 00:06 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-29 00:06 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-05-29 00:06 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-29 00:06 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-01 11:11 - 2015-06-01 11:11 - 01020928 _____ () C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\zaua3jzx.default-1433111190705\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2014-12-17 10:37 - 2014-12-17 10:37 - 01800192 _____ () C:\Program Files (x86)\GoPro\Tools\Importer\GPSDKAnalyticsNet.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1980509205-770425902-735787935-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GoPro Importer.lnk => C:\Windows\pss\GoPro Importer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear OPUS Device Manager.lnk => C:\Windows\pss\Philips GoGear OPUS Device Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: OV3_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe" /OS
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E0069537-79EA-4C7C-A54A-17652E45EA8A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{260AF3E6-0072-4B75-A0DA-DB6C4BF7993A}] => (Allow) LPort=2869
FirewallRules: [{2B0B1E45-38F5-46DA-B6C0-9D2B43C6E602}] => (Allow) LPort=1900
FirewallRules: [{DD85F34E-AFC7-43B9-B722-9D3D51CBCDA7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EE273926-1E11-49E7-94DB-7DC4D4191B59}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{F426020A-7FCE-465B-A84F-D5C88AB46E04}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{EB07816E-20F9-4D2D-8D15-4B5D781F3CA1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{8398E352-C716-4E23-81F1-EA7CE52D2517}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{4A203A70-5040-47A9-87E5-04CA1177AAC4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{04D3EAF6-E301-4842-BA21-93454CEBA781}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{D3918954-DCB2-47E8-A152-9691B96D7381}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{F9911836-FD9A-46D4-993D-99B0F3A3F7AE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{5F009B5F-B77C-4737-82C0-2865AF5BAEDB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{AA0744BA-CEB3-4261-822D-3F4BB826AE2D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{06D8072E-FA67-47C5-8D28-416F436065EC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{4A549F41-6FB7-41C9-89FA-8BB444AA59B5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [TCP Query User{6284B80A-8B75-4F25-BB83-1B71CB72FF29}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{A36238DE-5026-448F-9089-C2DFDFC4A22C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{6B5CD0FB-D797-4E65-9CDB-C3B28A85706D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C994933C-B7C7-4D91-BBD7-5A3D116D1C34}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{CCA29F5A-E73B-4D7C-848F-680AC8192EB8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3A7D86A0-1A72-4A21-9E8E-297FC4A1FCE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC988FAC-8B84-4BE6-B63C-658C1A852E31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D712B1E3-4CB2-4DE4-BE82-8025C9B67297}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{0B19AA91-2161-44BD-9C41-66FB543A0D80}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{DECD5851-D48F-4C01-B2C7-3B2AECD1CCED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E2D5DADE-DAF1-4EF0-BCAB-77B607FC062E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E58EF548-5833-4B9D-B0DE-994276A46C95}] => (Allow) C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
FirewallRules: [{371293A6-885A-4840-89D2-2E50B603C3A4}] => (Allow) C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
FirewallRules: [{919F4E16-DABF-4344-B4CC-0749FDBD9A04}] => (Allow) C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
FirewallRules: [{AEFEF2C2-B20E-4437-85B1-1A39E9E27EE2}] => (Allow) C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
FirewallRules: [{9E102CFD-13E3-4DB3-B82D-D1C7F1843AD0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{3993A34B-7313-4D9C-BC9C-6A949E4506BD}] => (Allow) C:\Users\Robin\AppData\Local\Temp\nspBB93.tmp\CnetInstaller-75974744.exe
FirewallRules: [{519F7E80-85C4-44CB-9F11-45CA4FE5E607}] => (Allow) C:\Users\Robin\AppData\Local\Temp\nspBB93.tmp\CnetInstaller-75974744.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2015 05:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoPro Importer.exe, version: 2.5.2.213, time stamp: 0x5490b40a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x1558
Faulting application start time: 0xGoPro Importer.exe0
Faulting application path: GoPro Importer.exe1
Faulting module path: GoPro Importer.exe2
Report Id: GoPro Importer.exe3

Error: (06/07/2015 05:42:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GoPro Importer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
at System.Diagnostics.Process.Start()
at GoProImporter.ImportController.LaunchGoProStudio(System.String)
at GoProImporter.ImportController+<>c__DisplayClass2a.<ImportController_ImportDone>b__29()
at System.Windows.Threading.Dispatcher.Invoke(System.Action, System.Windows.Threading.DispatcherPriority, System.Threading.CancellationToken, System.TimeSpan)
at System.Windows.Threading.Dispatcher.Invoke(System.Action)
at GoProImporter.ImportController.ImportController_ImportDone(GoProImporter.Device)
at GoProImporter.ImportController.FireImportDone(GoProImporter.Device)
at GoProImporter.ImportController.ImportController_DeleteDone(GoProImporter.Device)
at GoProImporter.ImportController.FireDeleteDone(GoProImporter.Device)
at GoProImporter.UserControlDeleteHero3Plus.ButtonLearnMore_Click(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs)
at System.Windows.UIElement.OnMouseLeftButtonUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
at System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent)
at System.Windows.UIElement.OnMouseUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
at System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs, Boolean)
at System.Windows.Input.InputManager.ProcessStagingArea()
at System.Windows.Input.InputManager.ProcessInput(System.Windows.Input.InputEventArgs)
at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at GoProImporter.App.Main(System.String[])

Error: (06/04/2015 10:54:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDTray.exe, version: 2.4.40.129, time stamp: 0x535a51a2
Faulting module name: rasadhlp.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdad6
Exception code: 0xc0000005
Fault offset: 0x730011b0
Faulting process id: 0xf00
Faulting application start time: 0xSDTray.exe0
Faulting application path: SDTray.exe1
Faulting module path: SDTray.exe2
Report Id: SDTray.exe3

Error: (05/31/2015 10:12:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (05/29/2015 09:37:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x1acc
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3

Error: (05/29/2015 09:32:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18839, time stamp: 0x553e88ab
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x14ac
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002e8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002E3F280.72). hr = 0x80070005, Access is denied.
.

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000ab8,(null),0,REG_BINARY,0000000006BEE3F0.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {a63e55a1-9d54-4b4b-8cab-43f01cc00b31}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002a4,(null),0,REG_BINARY,000000000787DE00.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d590562a-f7ea-4ea3-a90a-25ba8f8e307c}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007cc,(null),0,REG_BINARY,00000000039EE330.72). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {dab010f9-7efe-43b7-8ced-9d147d4224a4}


System errors:
=============
Error: (06/06/2015 07:36:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Wireless Assistant Service service failed to start due to the following error:
%%1053

Error: (06/06/2015 07:36:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.

Error: (06/06/2015 07:35:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%1053

Error: (06/06/2015 07:35:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

Error: (06/01/2015 02:16:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/01/2015 02:16:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/01/2015 02:16:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/01/2015 02:16:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/01/2015 02:16:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/01/2015 02:16:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (06/07/2015 05:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoPro Importer.exe2.5.2.2135490b40aKERNELBASE.dll6.1.7601.18839553e88abe04343520000c42d155801d0a0e39871c4d3C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exeC:\Windows\syswow64\KERNELBASE.dll06f7b007-0cd8-11e5-a4ce-f24e19265da9

Error: (06/07/2015 05:42:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GoPro Importer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
at System.Diagnostics.Process.Start()
at GoProImporter.ImportController.LaunchGoProStudio(System.String)
at GoProImporter.ImportController+<>c__DisplayClass2a.<ImportController_ImportDone>b__29()
at System.Windows.Threading.Dispatcher.Invoke(System.Action, System.Windows.Threading.DispatcherPriority, System.Threading.CancellationToken, System.TimeSpan)
at System.Windows.Threading.Dispatcher.Invoke(System.Action)
at GoProImporter.ImportController.ImportController_ImportDone(GoProImporter.Device)
at GoProImporter.ImportController.FireImportDone(GoProImporter.Device)
at GoProImporter.ImportController.ImportController_DeleteDone(GoProImporter.Device)
at GoProImporter.ImportController.FireDeleteDone(GoProImporter.Device)
at GoProImporter.UserControlDeleteHero3Plus.ButtonLearnMore_Click(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(System.Windows.Input.MouseButtonEventArgs)
at System.Windows.UIElement.OnMouseLeftButtonUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
at System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.ReRaiseEventAs(System.Windows.DependencyObject, System.Windows.RoutedEventArgs, System.Windows.RoutedEvent)
at System.Windows.UIElement.OnMouseUpThunk(System.Object, System.Windows.Input.MouseButtonEventArgs)
at System.Windows.Input.MouseButtonEventArgs.InvokeEventHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventArgs.InvokeHandler(System.Delegate, System.Object)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseTrustedEvent(System.Windows.RoutedEventArgs)
at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs, Boolean)
at System.Windows.Input.InputManager.ProcessStagingArea()
at System.Windows.Input.InputManager.ProcessInput(System.Windows.Input.InputEventArgs)
at System.Windows.Input.InputProviderSite.ReportInput(System.Windows.Input.InputReport)
at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr, System.Windows.Input.InputMode, Int32, System.Windows.Input.RawMouseActions, Int32, Int32, Int32)
at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr, Boolean ByRef)
at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at GoProImporter.App.Main(System.String[])

Error: (06/04/2015 10:54:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDTray.exe2.4.40.129535a51a2rasadhlp.dll_unloaded0.0.0.04a5bdad6c0000005730011b0f0001d09e50334287caC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exerasadhlp.dll7a40357b-0a43-11e5-b381-f494ac2fa4a9

Error: (05/31/2015 10:12:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (05/29/2015 09:37:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDUpdate.exe2.4.40.9453ad3eeeKERNELBASE.dll6.1.7601.18839553e88ab0eedfade0000c42d1acc01d0998e7d2ce1e8C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dllbaf89da6-0581-11e5-b88c-9ee9577fd9ab

Error: (05/29/2015 09:32:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDUpdate.exe2.4.40.9453ad3eeeKERNELBASE.dll6.1.7601.18839553e88ab0eedfade0000c42d14ac01d0998dca5aafbdC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\Windows\syswow64\KERNELBASE.dll0937eac0-0581-11e5-b88c-9ee9577fd9ab

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002e8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002E3F280.72)0x80070005, Access is denied.

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000ab8,(null),0,REG_BINARY,0000000006BEE3F0.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {a63e55a1-9d54-4b4b-8cab-43f01cc00b31}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002a4,(null),0,REG_BINARY,000000000787DE00.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d590562a-f7ea-4ea3-a90a-25ba8f8e307c}

Error: (05/29/2015 09:30:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000007cc,(null),0,REG_BINARY,00000000039EE330.72)0x80070005, Access is denied.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {dab010f9-7efe-43b7-8ced-9d147d4224a4}


==================== Memory info ===========================

Processor: AMD Phenom™ II N970 Quad-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 7930.9 MB
Available physical RAM: 5596.16 MB
Total Pagefile: 15860.01 MB
Available Pagefile: 12969.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:444.56 GB) (Free:301.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.91 GB) (Free:3.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6F960EAA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of log ============================

Attached Files


Edited by Oh My!, 12 June 2015 - 09:19 AM.


#5 blackrobin

blackrobin
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:N.Z
  • Local time:08:03 PM

Posted 08 June 2015 - 07:23 AM

NO, I do not have the Windows CD or DVD, it came with it loaded from the shop



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:03 AM

Posted 12 June 2015 - 09:40 AM

Greetings Robin and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please cut and paste FRST.exe from your Downloads folder to your desktop.

 

Running from C:\Users\Robin\Downloads


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1980509205-770425902-735787935-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:054203E4
FirewallRules: [{3993A34B-7313-4D9C-BC9C-6A949E4506BD}] => (Allow) C:\Users\Robin\AppData\Local\Temp\nspBB93.tmp\CnetInstaller-75974744.exe
FirewallRules: [{519F7E80-85C4-44CB-9F11-45CA4FE5E607}] => (Allow) C:\Users\Robin\AppData\Local\Temp\nspBB93.tmp\CnetInstaller-75974744.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

System Summary Information

--------------------

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Fixlog
  • System Summary Information
  • Update on computer performance

Edited by Oh My!, 12 June 2015 - 09:51 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 blackrobin

blackrobin
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:N.Z
  • Local time:08:03 PM

Posted 13 June 2015 - 06:16 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Robin at 2015-06-13 22:56:12 Run:1
Running from C:\Users\Robin\Desktop
Loaded Profiles: Robin (Available Profiles: Robin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1980509205-770425902-735787935-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:054203E4
FirewallRules: [{3993A34B-7313-4D9C-BC9C-6A949E4506BD}] => (Allow) C:\Users\Robin\AppData\Local\Temp\nspBB93.tmp\CnetInstaller-75974744.exe
FirewallRules: [{519F7E80-85C4-44CB-9F11-45CA4FE5E607}] => (Allow) C:\Users\Robin\AppData\Local\Temp\nspBB93.tmp\CnetInstaller-75974744.exe
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1980509205-770425902-735787935-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dflinnddekagfkncpgojoppgnppfkbkj" => key removed successfully
Amsp => Unable to stop service.
Amsp => Service could not remove
esgiguard => Service removed successfully
C:\ProgramData\Temp => ":054203E4" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3993A34B-7313-4D9C-BC9C-6A949E4506BD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{519F7E80-85C4-44CB-9F11-45CA4FE5E607} => value removed successfully

==== End of Fixlog 22:56:17 ====

Attached Files



#8 blackrobin

blackrobin
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:N.Z
  • Local time:08:03 PM

Posted 13 June 2015 - 06:32 AM

OK update on how the computer is going. I did what you said ( I hope) and I have not been using Firefox for facebook since ( used IE which i normally don't like using, but just to check Facebook once a day. However after doing what you said, I just tried it now on Firefox and its still doing it- getting the strange emoji but this time they are smaller but still there and still lingering after I finish Facebook and log out- will send you the screenshots to show you what I mean. However - I didn't do a restart as you never said to.Maybe that would have made a difference.

Look i am going to visit grandchildren in another town but will take the laptop with me, and thanks so much, I hope you understand how much this means to me (to have some help) Robin

Attached Files



#9 blackrobin

blackrobin
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:N.Z
  • Local time:08:03 PM

Posted 13 June 2015 - 06:37 AM

one other thing, I did update the adobe reader today when I first started up my computer- not sure how these things work.... it is probably not important for you to know anyway



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:03 AM

Posted 13 June 2015 - 07:42 AM

Hi Robin,

It is my pleasure to work alongside you to try to resolve this issue. You did not mention any difficulty with Internet Explorer so I am assuming this is limited to Firefox. Please do this.

===================================================

Running Firefox in Browser Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the run box and press Enter

firefox --safe-mode

  • Select Start in Safe Mode
  • Test your computer and report the results
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • How is your computer behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 blackrobin

blackrobin
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:N.Z
  • Local time:08:03 PM

Posted 13 June 2015 - 04:36 PM

Hi there, thanks so much. I did start Firefox in safe mode ( for about 45 mins with no emoji showing up) Was I supposed to run anything to get logs to post back?? (I didn't think so, hope thats right) Then I restarted Firefox in normal mode (since last night I never restarted after the fix ) After 30 mins, no emoji there. So that is good.

 

To give you the history of some of my plug-in protective stuff on Firefox. I only put it there after resetting Firefox a week or so ago as part of my own system of trying to fix it, then put on some recommended plug-ins which nicely got rid of ads and stuff but not the offending emoji.

About IE- I personally just don't use it, but there were no issues there, you are correct.

 

I have to drive for many hours now and won't be able to check the computer again for about 34 hours. I will then and repost how its getting on, unless you ask me to do something else.

Regards, your expertise is amazing.... fingers crossed, ROBIN



#12 blackrobin

blackrobin
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:N.Z
  • Local time:08:03 PM

Posted 13 June 2015 - 04:44 PM

o dear, just logging out and noticed they were back!!!! (some times they take a while, especially they seem to know you are looking for them )However I am not on safe mode, So I will try that again and report back again - not leaving for a while, packing etc

Attached Files



#13 blackrobin

blackrobin
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:N.Z
  • Local time:08:03 PM

Posted 13 June 2015 - 05:57 PM

so far, when logged onto Firefox safe mode- no emoji- this situation is the same after..56..... mins

hmmm hope this helps



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:03 AM

Posted 13 June 2015 - 06:26 PM

Hi Robin.

Thank you for letting me know of your delay and also your very kind words. I will try to live up to them. :)

Thanks for all the detailed information, it does help a lot. It appears there is a corruption of some sort with Firefox. The first thing we want to do is address your add-ons since that is a common culprit. This may take you some time to troubleshoot since you will have to wait to see if the symptoms reoccur.

Please do this.

===================================================

Manually Troubleshooting Firefox Add-Ons

-------------------
  • Launch Firefox normally
  • Click Tools, then Add-ons
  • Disable half of the Add-ons, restart Firefox, then check for symptoms
  • If the symptoms remain, disable an additional Add-on, restart Firefox, then check for symptoms. Repeat as necessary
  • If the symptoms disappear after disabling half of the Add-ons, Enable an Add-on, restart Firefox and check for symptoms. Repeat as necessary
  • Report the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to identify a problem add-on(s)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 blackrobin

blackrobin
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:N.Z
  • Local time:08:03 PM

Posted 15 June 2015 - 06:34 AM

ok I will try and do this, bit limited in time though over the next few days. Also are plug ins the same as add- ons.? Also, will the computer go as well? Also, since the beginning of the EMOJI problem, I reset Firefox then added a lot of add ons to see if this would help- mainly ad ware stoppers and things - do i have to take all that off as well (since they were only added laterly) Weirdly, I would go back to using Chrome but my computer refuses to download and add it (I had uninstalled about a year ago because of TALKING ADS!!!! and when I tried to reinstall, I could not. Don't worry I am not asking you about that one, just the emoji which at this stage are still appearing on Firefox but not IE

 

I almost feel I don't know where to start, and then when the computer was turned on- it uninstalled my Trend Micro, then reinstalled it with a Whole lot of browser add ons which I was worried about installing but then in a sudden rush of blood to the head- did  and now I just feel buried in this all


o yes, I had totally uninstalled and reinstalled Firefox too a few weeks back trying to get rid of the emoji with no joy






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users