Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by virus / malware


  • Please log in to reply
47 replies to this topic

#1 cpotter

cpotter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 15 August 2015 - 01:44 PM

Our computer is infected.  Can't search web.  Constant re-directs.  Multiple programs appear on computer, even after deletion.

 

Thanks in advance for all the great help.

Chad.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Chad (administrator) on KIDS-DESKTOP (15-08-2015 12:50:36)
Running from C:\Users\Chad\Desktop
Loaded Profiles: Chad (Available Profiles: Chad & Wendy & Courtney & Ethan & Alana & Austin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\shopperz12082015\csrcc.exe
() C:\Program Files\shopperz12082015\LuacRouct.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Cinema VideoV14.08) C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-1-6.exe
(Cinema VideoV14.08) C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-6.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
() C:\Program Files\shopperz12082015\Kfcurobg.exe
() C:\Program Files\shopperz12082015\Tuejet.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
() C:\Program Files\shopperz12082015\Tuejet64.exe
() C:\Program Files\shopperz12082015\Ideie.exe
() C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631\jnsg30A7.tmp
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Word Surfer) C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
() C:\Program Files\shopperz12082015\Uiviuuj.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
() C:\Users\Chad\AppData\Local\gmsd_us_005010060\upgmsd_us_005010060.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Web Bar Media) C:\Program Files\WebBar\2.0.5659.26749\wb.exe
() C:\Users\Chad\AppData\Local\Temp\isdkatBeOh6L\ISightHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files (x86)\WinPatrol\WinPatrol.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Nosibay) C:\Users\Chad\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(PCUtilities Software Limited) C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}\4219122282.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SoftBrain Technologies Ltd.) C:\Users\Chad\AppData\Local\SmartWeb\SMARTW~2.EXE
(PCUtilities Software Limited) C:\ProgramData\{2c474cc0-0dd8-f68e-2c47-74cc00dd3300}\5522860311.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
() C:\Program Files (x86)\gmsd_us_005010060\gmsd_us_005010060.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\StormWatch.exe
() C:\Program Files (x86)\StormWatch\StormWatchApp.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(PCUtilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.52\OptProReminder.exe
(Cinema PlusV14.08) C:\Program Files (x86)\CinemaPlus-3.2cV14.08\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-6.exe
(PCUtilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.52\OptimizerPro.exe
(SoftBrain Technologies Ltd.) C:\Users\Chad\AppData\Local\SmartWeb\SmartWebApp.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [shopperz12082015] => C:\Program Files\shopperz12082015\Tuejet.exe [433528 2015-08-12] ()
HKLM\...\Run: [shopperz1208201564] => C:\Program Files\shopperz12082015\Tuejet64.exe [464760 2015-08-12] ()
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Chad\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_us_005010060] => C:\Program Files (x86)\gmsd_us_005010060\gmsd_us_005010060.exe [3981968 2015-08-13] ()
HKLM-x32\...\RunOnce: [upgmsd_us_005010060.exe] => C:\Users\Chad\AppData\Local\gmsd_us_005010060\upgmsd_us_005010060.exe [3332240 2015-08-13] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [GoogleChromeAutoLaunch_86B1671634484E474EC7B4154262F61B] => C:\Program Files (x86)\Fast Browser\Application\chrome.exe [713728 2014-03-22] (Fast Browser)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.52\OptProLauncher.exe [1004584 2015-02-25] (PCUtilities Software Limited)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [WindApp] => "C:\Users\Chad\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Selection Tools] => C:\Users\Chad\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe [1510160 2015-03-02] (Nosibay)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247056 2015-08-09] (Client Connect LTD)
AppInit_DLLs:  C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [970752 2015-08-09] (FlashBeat)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219920 2015-08-09] (Client Connect LTD)
AppInit_DLLs-x32:  C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [765952 2015-08-09] (FlashBeat)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4219122282.lnk [2015-02-26]
ShortcutTarget: 4219122282.lnk -> C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}\4219122282.exe (PCUtilities Software Limited)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5522860311.lnk [2015-02-26]
ShortcutTarget: 5522860311.lnk -> C:\ProgramData\{2c474cc0-0dd8-f68e-2c47-74cc00dd3300}\5522860311.exe (PCUtilities Software Limited)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-01-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-14]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Chad\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk [2015-02-26]
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk [2015-02-26]
ShortcutTarget: StormWatchApp.lnk -> C:\Program Files (x86)\StormWatch\StormWatchApp.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
AlternateShell: lockcmd.exe
GroupPolicyUsers\S-1-5-21-708449748-1331662778-136288417-1007\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150226-120-ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M931A0CE8-D843-406B-82D4-3C1BC37278A2&SearchSource=55&CUI=&UM=8&UP=SPEFC6976C-3FC0-424C-8CB7-5F49501E4109&D=081415&SSPV=SP301081TB_sp_ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150226-120-ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D030515-AE7FF78344A184E0692F&form=CONBDF&conlogo=CT3331982&q={searchTerms}
BHO: shopperz12082015 -> {3ea54411-9f2a-4a18-a93a-84312350f7c1} -> C:\Program Files\shopperz12082015\Meieiwb64.dll [2015-08-12] ()
BHO-x32: shopperz12082015 -> {3ea54411-9f2a-4a18-a93a-84312350f7c1} -> C:\Program Files\shopperz12082015\Meieiwb.dll [2015-08-12] ()
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\Uiviuuj.dll [283464 2015-08-14] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Uiviuuj.dll [283464 2015-08-14] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Uiviuuj.dll [283464 2015-08-14] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Uiviuuj.dll [283464 2015-08-14] ()
Winsock: Catalog9 15 C:\Windows\SysWOW64\Uiviuuj.dll [283464 2015-08-14] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Uiviuuj64.dll [353608 2015-08-14] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Uiviuuj64.dll [353608 2015-08-14] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Uiviuuj64.dll [353608 2015-08-14] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Uiviuuj64.dll [353608 2015-08-14] ()
Winsock: Catalog9-x64 15 C:\Windows\system32\Uiviuuj64.dll [353608 2015-08-14] ()
Tcpip\Parameters: [DhcpNameServer] 208.67.220.220 208.67.222.222
Tcpip\..\Interfaces\{522CC9A3-8913-4390-9A52-FEB63846953C}: [DhcpNameServer] 208.67.220.220 208.67.222.222
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{BF53D017-3393-49A5-8C1B-3A559540193F}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{BF53D017-3393-49A5-8C1B-3A559540193F}: [DhcpNameServer] 208.67.220.220 208.67.222.222
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20150226-120-ie-sm

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-14] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-14] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{3ea54411-9f2a-4a18-a93a-84312350f7c1}] - C:\Program Files\shopperz12082015\Firefox
FF Extension: shopperz12082015 - C:\Program Files\shopperz12082015\Firefox [2015-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6660744\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{3ea54411-9f2a-4a18-a93a-84312350f7c1}] - C:\Program Files\shopperz12082015\Firefox
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20150226-120-ff-sm

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-24]
CHR Extension: (Google Docs) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24]
CHR Extension: (Google Drive) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24]
CHR Extension: (YouTube) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-24]
CHR Extension: (Todoist for Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgenfnodoocmhnlnpknojdbjjnmecff [2015-08-03]
CHR Extension: (Google Search) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-24]
CHR Extension: (Google Sheets) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Cinemax Video 1.9cV14.08) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-14]
CHR Extension: (Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3240208 2015-08-09] (Client Connect LTD)
R2 csrcc; C:\Program Files\shopperz12082015\csrcc.exe [1448824 2015-08-12] ()
R2 ElejooLyunp; C:\Program Files\shopperz12082015\LuacRouct.exe [171848 2015-08-12] ()
R2 f8794fcc; c:\Program Files (x86)\Optimizer Pro 3.52\OptProMon.dll [2018856 2015-02-26] () <==== ATTENTION
R2 fb34c88a-8ad6-4355-a5df-7f6d006d9cdb; C:\Program Files\shopperz12082015\Kfcurobg.exe [285560 2015-08-12] ()
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-14] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-14] (globalUpdate) [File not signed] <==== ATTENTION
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 shopperz12082015 Updater; C:\Program Files\shopperz12082015\Ideie.exe [174968 2015-08-12] ()
R2 sibehylo; C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631\jnsg30A7.tmp [193536 2015-03-05] () [File not signed]
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
R3 Uiviuuj; C:\Program Files\shopperz12082015\Uiviuuj.exe [2043720 2015-08-12] ()
S2 wbsvc; C:\Program Files\WebBar\wbsvc.exe [37144 2015-06-30] (Web Bar Media)
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-15] (Word Surfer)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-08-14] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-06-18] (Cherimoya Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-24] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [61312 2015-06-15] (Word Surfer)
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S1 tehetelu; \??\C:\Windows\system32\drivers\tehetelu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-15 12:50 - 2015-08-15 12:50 - 00029499 _____ C:\Users\Chad\Desktop\FRST.txt
2015-08-15 12:50 - 2015-08-15 12:50 - 00000000 ____D C:\FRST
2015-08-15 12:50 - 2015-08-15 12:08 - 02173952 _____ (Farbar) C:\Users\Chad\Desktop\FRST64.exe
2015-08-14 10:30 - 2015-08-14 10:30 - 00034712 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2015-08-14 10:29 - 2015-08-14 10:39 - 00000000 ____D C:\Users\Chad\AppData\Local\gmsd_us_005010060
2015-08-14 10:29 - 2015-08-14 10:30 - 00000000 ____D C:\Program Files (x86)\gmsd_us_005010060
2015-08-14 10:29 - 2015-08-14 10:29 - 00004180 _____ C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-08-14 10:29 - 2015-08-14 10:29 - 00004170 _____ C:\Windows\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-08-14 10:29 - 2015-08-14 10:29 - 00003472 _____ C:\Windows\System32\Tasks\bvxvyxvgy
2015-08-14 10:29 - 2015-08-14 10:29 - 00000000 ____D C:\Users\Chad\AppData\Local\bvxvyxvgy
2015-08-14 10:29 - 2015-08-14 10:29 - 00000000 ____D C:\Program Files (x86)\WordSurfer_1.10.0.19
2015-08-14 10:29 - 2015-08-14 10:29 - 00000000 ____D C:\Program Files (x86)\FriendlyError
2015-08-14 10:28 - 2015-08-14 10:29 - 00000000 ____D C:\Users\Chad\AppData\Local\SearchProtect
2015-08-14 10:28 - 2015-08-14 10:29 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-08-14 10:28 - 2015-08-14 10:28 - 00000000 ____D C:\Users\Chad\AppData\Local\SmartWeb
2015-08-14 10:27 - 2015-08-15 12:49 - 00003136 _____ C:\Windows\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-6.job
2015-08-14 10:27 - 2015-08-15 12:49 - 00000340 ____H C:\Windows\Tasks\WXIODXGEPYYMWODY.job
2015-08-14 10:27 - 2015-08-14 10:37 - 00006502 _____ C:\Windows\System32\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-7
2015-08-14 10:27 - 2015-08-14 10:37 - 00006164 _____ C:\Windows\System32\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-6
2015-08-14 10:27 - 2015-08-14 10:37 - 00005474 _____ C:\Windows\System32\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-5
2015-08-14 10:27 - 2015-08-14 10:37 - 00003472 _____ C:\Windows\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-7.job
2015-08-14 10:27 - 2015-08-14 10:37 - 00002444 _____ C:\Windows\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-5_user.job
2015-08-14 10:27 - 2015-08-14 10:37 - 00002444 _____ C:\Windows\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-5.job
2015-08-14 10:27 - 2015-08-14 10:37 - 00002110 _____ C:\Windows\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-10_user.job
2015-08-14 10:27 - 2015-08-14 10:34 - 00004680 _____ C:\Windows\SysWOW64\Uiviuuj.ini
2015-08-14 10:27 - 2015-08-14 10:34 - 00002400 _____ C:\Windows\SysWOW64\UiviuujOff.ini
2015-08-14 10:27 - 2015-08-14 10:34 - 00002400 _____ C:\Windows\system32\UiviuujOff.ini
2015-08-14 10:27 - 2015-08-14 10:33 - 00000338 _____ C:\Windows\Tasks\Superclean.job
2015-08-14 10:27 - 2015-08-14 10:33 - 00000328 _____ C:\Windows\Tasks\UFGIMDA1.job
2015-08-14 10:27 - 2015-08-14 10:32 - 00000000 ____D C:\Users\Chad\AppData\Local\WebBar
2015-08-14 10:27 - 2015-08-14 10:30 - 00000000 ____D C:\Program Files\shopperz12082015
2015-08-14 10:27 - 2015-08-14 10:27 - 00003784 _____ C:\Windows\System32\Tasks\WebBarUpdateTask
2015-08-14 10:27 - 2015-08-14 10:27 - 00003642 _____ C:\Windows\System32\Tasks\Jarmeee
2015-08-14 10:27 - 2015-08-14 10:27 - 00003372 _____ C:\Windows\System32\Tasks\WXIODXGEPYYMWODY
2015-08-14 10:27 - 2015-08-14 10:27 - 00003260 _____ C:\Windows\System32\Tasks\WebBarLaunchTask
2015-08-14 10:27 - 2015-08-14 10:27 - 00003248 _____ C:\Windows\System32\Tasks\Superclean
2015-08-14 10:27 - 2015-08-14 10:27 - 00002850 _____ C:\Windows\System32\Tasks\UFGIMDA1
2015-08-14 10:27 - 2015-08-14 10:27 - 00001092 _____ C:\Users\Chad\Desktop\Super Optimizer.lnk
2015-08-14 10:27 - 2015-08-14 10:27 - 00000045 _____ C:\user.js
2015-08-14 10:27 - 2015-08-14 10:27 - 00000000 ____D C:\Windows\system32\qij
2015-08-14 10:27 - 2015-08-14 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-08-14 10:27 - 2015-08-14 10:27 - 00000000 ____D C:\ProgramData\InstallSightSDK
2015-08-14 10:27 - 2015-08-14 10:27 - 00000000 ____D C:\ProgramData\{e1149c99-a280-4e88-e114-49c99a287266}
2015-08-14 10:27 - 2015-08-14 10:27 - 00000000 ____D C:\Program Files\WebBar
2015-08-14 10:27 - 2015-08-14 10:27 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-08-14 10:27 - 2015-08-14 10:27 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV14.08
2015-08-14 10:27 - 2015-08-12 03:45 - 00353608 _____ C:\Windows\system32\Uiviuuj64.dll
2015-08-14 10:27 - 2015-08-12 03:45 - 00283464 _____ C:\Windows\SysWOW64\Uiviuuj.dll
2015-08-14 10:27 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-08-14 10:26 - 2015-08-14 10:27 - 00000000 ____D C:\ProgramData\Service1291
2015-08-14 10:26 - 2015-08-14 10:27 - 00000000 ____D C:\ProgramData\FlashBeat
2015-08-14 10:26 - 2015-08-14 10:26 - 00004298 _____ C:\Windows\System32\Tasks\674FFA33-52FC-436A-AF66-F9E720F2237E
2015-08-14 10:26 - 2015-08-14 10:26 - 00000000 ____D C:\Users\Chad\AppData\Local\674FFA33-52FC-436A-AF66-F9E720F2237E
2015-08-14 10:26 - 2015-08-14 10:26 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-14 10:10 - 2015-08-14 10:34 - 00001012 _____ C:\Windows\Tasks\kcQG4y8Q7b0nJmGYU4EYSl.job
2015-08-14 10:10 - 2015-08-14 10:10 - 00004044 _____ C:\Windows\System32\Tasks\kcQG4y8Q7b0nJmGYU4EYSl
2015-08-14 10:09 - 2015-08-15 12:49 - 00005522 _____ C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-6.job
2015-08-14 10:09 - 2015-08-15 12:49 - 00003142 _____ C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-1-6.job
2015-08-14 10:09 - 2015-08-15 12:49 - 00002116 _____ C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-10_user.job
2015-08-14 10:09 - 2015-08-14 10:42 - 00000972 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-08-14 10:09 - 2015-08-14 10:42 - 00000968 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-14 10:09 - 2015-08-14 10:37 - 00003970 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-08-14 10:09 - 2015-08-14 10:37 - 00003716 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-08-14 10:09 - 2015-08-14 10:34 - 00005186 _____ C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-7.job
2015-08-14 10:09 - 2015-08-14 10:34 - 00004498 _____ C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-3.job
2015-08-14 10:09 - 2015-08-14 10:34 - 00003478 _____ C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-1-7.job
2015-08-14 10:09 - 2015-08-14 10:34 - 00002450 _____ C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-5_user.job
2015-08-14 10:09 - 2015-08-14 10:34 - 00002450 _____ C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-5.job
2015-08-14 10:09 - 2015-08-14 10:33 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-14 10:09 - 2015-08-14 10:09 - 00008550 _____ C:\Windows\System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-6
2015-08-14 10:09 - 2015-08-14 10:09 - 00008216 _____ C:\Windows\System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-7
2015-08-14 10:09 - 2015-08-14 10:09 - 00007528 _____ C:\Windows\System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-3
2015-08-14 10:09 - 2015-08-14 10:09 - 00006508 _____ C:\Windows\System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-1-7
2015-08-14 10:09 - 2015-08-14 10:09 - 00006170 _____ C:\Windows\System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-1-6
2015-08-14 10:09 - 2015-08-14 10:09 - 00005480 _____ C:\Windows\System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-5
2015-08-14 10:09 - 2015-08-14 10:09 - 00000000 ____D C:\Users\Chad\AppData\Local\globalUpdate
2015-08-14 10:09 - 2015-08-14 10:09 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-14 10:09 - 2015-08-14 10:09 - 00000000 ____D C:\Program Files (x86)\Cinemax Video 1.9cV14.08
2015-08-14 10:09 - 2015-08-14 10:09 - 00000000 ____D C:\Program Files (x86)\c6f24650-3a07-406f-b3dc-f0e5c4d7e8d9
2015-08-14 10:08 - 2015-08-14 10:10 - 00001682 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-08-14 10:04 - 2015-08-14 10:04 - 00000000 ____D C:\Users\Chad\Documents\Alice3
2015-08-12 20:03 - 2015-08-12 20:03 - 00000024 _____ C:\Users\Alana\AppData\Roaming\appdataFr25.bin
2015-08-12 20:03 - 2015-08-12 20:03 - 00000000 ____D C:\Users\Alana\AppData\Local\Google
2015-08-12 04:55 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:55 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 21:03 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 21:03 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 21:03 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 21:03 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 21:03 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 21:03 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 21:03 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 21:03 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 21:03 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 21:03 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 21:03 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 21:03 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 21:03 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 21:03 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 21:03 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 21:03 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 21:03 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 21:03 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 21:03 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 21:03 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 21:03 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 21:03 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 21:03 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 21:03 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 21:03 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 21:03 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 21:02 - 2015-07-30 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 21:02 - 2015-07-30 11:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 21:02 - 2015-07-30 11:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 21:02 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 21:02 - 2015-07-20 19:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 21:02 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 21:02 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-11 21:02 - 2015-07-16 15:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-11 21:02 - 2015-07-16 15:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 21:02 - 2015-07-16 15:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 21:02 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 21:02 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 21:02 - 2015-07-16 15:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 21:02 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 21:02 - 2015-07-16 15:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 21:02 - 2015-07-16 15:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 21:02 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 21:02 - 2015-07-16 15:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 21:02 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 21:02 - 2015-07-16 15:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 21:02 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-11 21:02 - 2015-07-16 15:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 21:02 - 2015-07-16 15:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 21:02 - 2015-07-16 15:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-11 21:02 - 2015-07-16 15:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 21:02 - 2015-07-16 14:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 21:02 - 2015-07-16 14:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 21:02 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 21:02 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 21:02 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 21:02 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 21:02 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 21:02 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 21:02 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 21:02 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 21:02 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 21:02 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 21:02 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 21:02 - 2015-07-16 14:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 21:02 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 21:02 - 2015-07-16 14:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 21:02 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 21:02 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 21:02 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 21:02 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 21:02 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 21:02 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 21:02 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 21:02 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 21:02 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 21:02 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 21:02 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 21:02 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 21:02 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 21:02 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 21:02 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 21:02 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 21:02 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 21:02 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 21:02 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 21:02 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 21:02 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 21:02 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 21:02 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 21:02 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 21:02 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 21:02 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 21:02 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 21:02 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 21:02 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 21:02 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 21:01 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 21:01 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 21:01 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 21:01 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 21:01 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 21:01 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-03 10:36 - 2015-08-03 10:36 - 00000024 _____ C:\Users\Courtney\AppData\Roaming\appdataFr25.bin
2015-08-03 10:33 - 2015-08-03 10:33 - 00000000 ____D C:\Program Files (x86)\Todoist for Gmail
2015-08-03 10:33 - 2015-08-03 10:33 - 00000000 ____D C:\Program Files (x86)\dealpeaaKK
2015-08-03 10:32 - 2015-08-03 10:32 - 00000020 _____ C:\Users\Courtney\AppData\Roaming\appdataFr2.bin
2015-08-03 10:32 - 2015-08-03 10:32 - 00000000 ____D C:\Users\Courtney\AppData\Local\Google
2015-08-03 10:32 - 2015-08-03 10:32 - 00000000 ____D C:\Program Files (x86)\deaLpeeak
2015-08-03 10:32 - 2015-08-03 10:32 - 00000000 ____D C:\Program Files (x86)\dealpeaak
2015-07-24 12:58 - 2015-07-24 12:58 - 00000020 _____ C:\Users\Chad\AppData\Roaming\appdataFr2.bin
2015-07-24 12:57 - 2015-08-14 10:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-23 03:20 - 2015-07-23 03:20 - 00000000 ____D C:\Users\Chad\AppData\Local\CEF
2015-07-22 13:43 - 2015-07-22 13:43 - 00000000 ____D C:\Users\Courtney\AppData\Local\CEF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-15 12:49 - 2014-08-21 13:04 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA.job
2015-08-15 12:49 - 2014-03-04 11:38 - 00000292 _____ C:\Windows\Tasks\SaveSense.job
2015-08-15 12:49 - 2013-04-09 14:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-15 12:49 - 2013-01-24 00:27 - 01985049 _____ C:\Windows\WindowsUpdate.log
2015-08-14 10:49 - 2015-02-26 13:52 - 00003258 _____ C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-08-14 10:42 - 2009-07-13 23:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-14 10:42 - 2009-07-13 23:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-14 10:36 - 2013-01-31 19:54 - 00000000 ___RD C:\Dropbox
2015-08-14 10:35 - 2013-01-31 17:17 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Dropbox
2015-08-14 10:34 - 2014-06-24 09:28 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-14 10:34 - 2013-01-31 13:37 - 00001998 _____ C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 10:33 - 2013-01-24 00:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-08-14 10:33 - 2013-01-24 00:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-08-14 10:33 - 2013-01-24 00:44 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-08-14 10:33 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-14 10:33 - 2009-07-13 23:51 - 00040559 _____ C:\Windows\setupact.log
2015-08-14 10:32 - 2010-11-20 22:47 - 00169734 _____ C:\Windows\PFRO.log
2015-08-14 10:27 - 2012-02-27 10:19 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-14 10:27 - 2012-02-27 10:19 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-14 10:17 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-14 10:10 - 2015-03-05 13:51 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Nosibay
2015-08-14 10:09 - 2014-04-03 17:29 - 00000000 ____D C:\Program Files (x86)\BigBrainz
2015-08-14 10:06 - 2015-02-27 04:17 - 00000000 ____D C:\Users\Chad\AppData\Local\StormWatch
2015-08-14 10:06 - 2014-11-18 14:29 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieBrowserModeList
2015-08-14 10:06 - 2014-09-17 19:31 - 00000000 ____D C:\Users\Chad\Ubiquiti UniFi
2015-08-14 10:06 - 2014-06-12 21:27 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieUserList
2015-08-14 10:06 - 2014-06-12 21:27 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieSiteList
2015-08-14 10:05 - 2015-03-05 13:51 - 00000000 ____D C:\Users\Chad\AppData\Local\4C4C4544-1425559902-5610-8036-C8C04F365631
2015-08-14 10:04 - 2013-01-31 13:36 - 00000000 ____D C:\Users\Chad\AppData\Local\VirtualStore
2015-08-14 10:03 - 2015-03-05 13:50 - 00000000 ____D C:\Users\Chad\Documents\ProPCCleaner
2015-08-14 00:18 - 2015-02-24 18:49 - 00000450 ____H C:\Windows\Tasks\Norton Security Scan for Courtney.job
2015-08-13 19:13 - 2014-08-21 13:04 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core.job
2015-08-13 11:11 - 2014-09-01 20:55 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{476E3A41-C099-4B2C-AE55-57CB34F65FC2}
2015-08-12 20:04 - 2013-03-08 10:45 - 00002169 _____ C:\Users\Alana\Desktop\50 Nifty United States.lnk
2015-08-12 10:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 05:15 - 2009-07-13 23:45 - 00307464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 05:12 - 2014-12-12 04:27 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 05:12 - 2014-05-06 08:26 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 04:56 - 2013-01-31 17:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 04:55 - 2013-03-14 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 04:54 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 04:54 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:13 - 2013-08-15 03:06 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:01 - 2013-01-31 14:33 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 20:57 - 2013-09-17 10:28 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1BCF057A-8DDD-4EFA-AA0C-47AD30C18362}
2015-08-11 20:39 - 2013-04-09 14:54 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 20:39 - 2013-04-09 14:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 20:39 - 2013-04-09 14:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 20:38 - 2015-04-14 14:11 - 08710344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-03 10:33 - 2015-02-26 13:54 - 00000000 ____D C:\ProgramData\10973181966752926390
2015-08-03 10:32 - 2013-02-15 10:37 - 00002216 _____ C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-12-11 10:24 - 00002126 _____ C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-03-08 10:53 - 00002126 _____ C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-01-31 19:58 - 00002126 _____ C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-23 08:42 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-20 19:35 - 2014-08-21 13:05 - 00002376 _____ C:\Users\Wendy\Desktop\Google Chrome.lnk
2015-07-20 19:08 - 2014-08-21 13:04 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA
2015-07-20 19:08 - 2014-08-21 13:04 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core
2015-07-17 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-16 05:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions

==================== Files in the root of some directories =======

2015-07-24 12:58 - 2015-07-24 12:58 - 0000020 _____ () C:\Users\Chad\AppData\Roaming\appdataFr2.bin
2015-03-05 13:51 - 2015-03-05 13:52 - 0001270 _____ () C:\Users\Chad\AppData\Roaming\Bubble Dock.boostrap.log
2015-03-05 13:51 - 2015-03-05 13:52 - 0005712 _____ () C:\Users\Chad\AppData\Roaming\Bubble Dock.installation.log
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Chad\AppData\Roaming\kcQG4y8Q7b0nJmGYU4EYSl
2015-04-20 09:05 - 2015-04-20 09:05 - 1579520 _____ () C:\Users\Chad\AppData\Roaming\kcQG4y8Q7b0nJmGYU4EYSl.exe
2015-03-05 13:52 - 2015-03-05 13:52 - 0000078 _____ () C:\Users\Chad\AppData\Roaming\Selection Tools.installation.log
2015-03-05 13:51 - 2015-03-05 13:51 - 0000097 _____ () C:\Users\Chad\AppData\Roaming\WindApp.boostrap.log
2015-03-05 13:52 - 2015-03-05 13:52 - 0000078 _____ () C:\Users\Chad\AppData\Roaming\WindApp.installation.log
2014-03-01 18:16 - 2014-03-01 18:16 - 0002763 _____ () C:\ProgramData\connector.swf
2013-12-04 12:11 - 2013-12-04 12:11 - 0000097 _____ () C:\ProgramData\SAH_Install.ini

Some files in TEMP:
====================
C:\Users\Alana\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Austin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Chad\AppData\Local\Temp\0327283293.exe
C:\Users\Chad\AppData\Local\Temp\0815656566.exe
C:\Users\Chad\AppData\Local\Temp\1232.exe
C:\Users\Chad\AppData\Local\Temp\1274569040.exe
C:\Users\Chad\AppData\Local\Temp\1384.exe
C:\Users\Chad\AppData\Local\Temp\2320007614.exe
C:\Users\Chad\AppData\Local\Temp\2924.exe
C:\Users\Chad\AppData\Local\Temp\2934.exe
C:\Users\Chad\AppData\Local\Temp\3042042023.exe
C:\Users\Chad\AppData\Local\Temp\3891870165.exe
C:\Users\Chad\AppData\Local\Temp\4219122282.exe
C:\Users\Chad\AppData\Local\Temp\4825511705.exe
C:\Users\Chad\AppData\Local\Temp\5522860311.exe
C:\Users\Chad\AppData\Local\Temp\5968294880.exe
C:\Users\Chad\AppData\Local\Temp\6246328847.exe
C:\Users\Chad\AppData\Local\Temp\6325631993.exe
C:\Users\Chad\AppData\Local\Temp\7780274947.exe
C:\Users\Chad\AppData\Local\Temp\7921266084.exe
C:\Users\Chad\AppData\Local\Temp\9213.exe
C:\Users\Chad\AppData\Local\Temp\9773639952.exe
C:\Users\Chad\AppData\Local\Temp\CitrixReceiver.exe
C:\Users\Chad\AppData\Local\Temp\clrvu.exe
C:\Users\Chad\AppData\Local\Temp\conduitsetup.exe
C:\Users\Chad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3mqigb.dll
C:\Users\Chad\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Chad\AppData\Local\Temp\fsd4192.exe
C:\Users\Chad\AppData\Local\Temp\Gre556B.exe
C:\Users\Chad\AppData\Local\Temp\GreD168.exe
C:\Users\Chad\AppData\Local\Temp\jue640F.exe
C:\Users\Chad\AppData\Local\Temp\mVOE2C0.exe
C:\Users\Chad\AppData\Local\Temp\ntwdblib.dll
C:\Users\Chad\AppData\Local\Temp\oprun17518.exe
C:\Users\Chad\AppData\Local\Temp\oprun21448.exe
C:\Users\Chad\AppData\Local\Temp\optprosetup.exe
C:\Users\Chad\AppData\Local\Temp\pfsetup.exe
C:\Users\Chad\AppData\Local\Temp\Pgs3582.exe
C:\Users\Chad\AppData\Local\Temp\Pgs794.exe
C:\Users\Chad\AppData\Local\Temp\Pgs859F.exe
C:\Users\Chad\AppData\Local\Temp\setacl.exe
C:\Users\Chad\AppData\Local\Temp\SpOrder.dll
C:\Users\Chad\AppData\Local\Temp\supoptsetup.exe
C:\Users\Chad\AppData\Local\Temp\Tem600A.exe
C:\Users\Chad\AppData\Local\Temp\TUp1EDD.exe
C:\Users\Chad\AppData\Local\Temp\Uninstall.exe
C:\Users\Chad\AppData\Local\Temp\UUC4C0B.exe
C:\Users\Chad\AppData\Local\Temp\UUCC61C.exe
C:\Users\Chad\AppData\Local\Temp\UUCF17F.exe
C:\Users\Chad\AppData\Local\Temp\wcdsetup.exe
C:\Users\Courtney\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Ethan\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Ethan\AppData\Local\Temp\Setup.exe
C:\Users\Ethan\AppData\Local\Temp\sysad.exe
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite19861.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite22545.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite23709.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite32676.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite46333.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite49519.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite50603.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite50639.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite51526.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite55350.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite55760.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite63081.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite68772.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite70136.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite78818.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite81072.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite84711.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite89341.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite90664.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite91926.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite95450.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite97662.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite97894.dll
C:\Users\Wendy\AppData\Local\Temp\Foxit Updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2012-02-27 10:19] - [2015-08-14 10:27] - 0357888 ____A (Microsoft Corporation) 9BC89E73F8693699116729697CE4F8F9

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-12 10:21

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Chad (2015-08-15 12:51:13)
Running from C:\Users\Chad\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-708449748-1331662778-136288417-500 - Administrator - Disabled)
Alana (S-1-5-21-708449748-1331662778-136288417-1009 - Limited - Enabled) => C:\Users\Alana
Austin (S-1-5-21-708449748-1331662778-136288417-1010 - Limited - Enabled) => C:\Users\Austin
Chad (S-1-5-21-708449748-1331662778-136288417-1003 - Administrator - Enabled) => C:\Users\Chad
Courtney (S-1-5-21-708449748-1331662778-136288417-1007 - Limited - Enabled) => C:\Users\Courtney
Ethan (S-1-5-21-708449748-1331662778-136288417-1008 - Limited - Enabled) => C:\Users\Ethan
Guest (S-1-5-21-708449748-1331662778-136288417-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-708449748-1331662778-136288417-1005 - Limited - Enabled)
Wendy (S-1-5-21-708449748-1331662778-136288417-1006 - Limited - Enabled) => C:\Users\Wendy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Alice Application (HKLM\...\nbi-aliceinstaller-3.1.92.0.0) (Version:  - )
Big Brainz Launcher (HKLM-x32\...\Big Brainz Launcher O) (Version: O - Big Brainz)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Bullzip PDF Printer 9.3.0.1516 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.3.0.1516 - Bullzip)
Chessmaster 10th Edition (HKLM-x32\...\InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}) (Version: 1.00.0000 - Ubisoft)
Chessmaster 10th Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
CinemaPlus-3.2cV14.08 (HKLM-x32\...\CinemaPlus-3.2cV14.08) (Version: 1.36.01.22 - Cinema PlusV14.08) <==== ATTENTION
Cinemax Video 1.9cV14.08 (HKLM-x32\...\Cinemax Video 1.9cV14.08) (Version: 1.36.01.22 - Cinema VideoV14.08) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
dealpeaaKK (HKLM-x32\...\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}) (Version:  - "") <==== ATTENTION
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)
Fast Browser (HKLM-x32\...\Chromium) (Version: 34.0.1848.0 - Fast Browser)
Fender FUSE (HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\3334146898.fuse.fender.com) (Version:  - fuse.fender.com)
Fender FUSE 2.7.0.23 (HKLM-x32\...\Fender FUSE) (Version:  - )
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Friendly Error (HKLM-x32\...\FriendlyError) (Version:  - )
GamesDesktop 025.005010060 (HKLM-x32\...\gmsd_us_005010060_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Like 1.5 (HKLM-x32\...\Like) (Version: 1.5 - Like)
LockHunter 2.0 beta 2, 64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 6.6.0 (HKLM-x32\...\MKVToolNix) (Version: 6.6.0 - Moritz Bunkus)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.31 - Symantec Corporation)
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PriceLEsos (HKLM-x32\...\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}) (Version:  - ) <==== ATTENTION
Railroad Tycoon II - Platinum (HKLM-x32\...\{BED27751-CD2A-4C2F-9813-00B9B60C76FE}) (Version:  - )
RandomDealApp (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - RandomDealApp) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.0.10.81 - Client Connect LTD) <==== ATTENTION
Selection Tools (HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Selection Tools) (Version:  - WTools) <==== ATTENTION
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
shopperz12082015 2.0.0.475 (HKLM\...\{3ea54411-9f2a-4a18-a93a-84312350f7c1}_is1) (Version: 2.0.0.475 - shopperz) <==== ATTENTION
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Simple 1.1 (HKLM-x32\...\Simple) (Version: 1.1 - Simple)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
SolveigMM AVI Trimmer (HKLM-x32\...\SolveigMM AVI Trimmer 2.1.1307.29) (Version: 2.1.1307.29 - Solveig Multimedia)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StormWatch (HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\StormWatch) (Version: 1.0.1.36 - StormWatch) <==== ATTENTION
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
Todoist for Gmail (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version:  - "") <==== ATTENTION
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Web Bar 2.0.5659.26749 (HKLM\...\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1) (Version: 2.0.5659.26749 - Web Bar Media) <==== ATTENTION
WindApp (HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\WindApp) (Version:  - Store) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.1.2014 - BillP Studios)
WordSurfer 1.10.0.19 (HKLM-x32\...\WordSurfer_1.10.0.19) (Version: 1.10.0.19 - WordSurfer)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
30-05-2015 16:56:38 Windows Update
03-06-2015 16:57:42 Windows Update
07-06-2015 17:00:59 Windows Update
11-06-2015 13:23:32 Windows Update
12-06-2015 03:00:28 Windows Update
15-06-2015 04:47:40 Windows Update
19-06-2015 04:48:41 Windows Update
23-06-2015 04:50:39 Windows Update
26-06-2015 07:21:59 Windows Update
30-06-2015 07:22:33 Windows Update
15-07-2015 10:33:19 Windows Update
16-07-2015 03:00:25 Windows Update
17-07-2015 03:00:12 Windows Update
20-07-2015 14:05:50 Windows Update
23-07-2015 03:00:10 Windows Update
01-08-2015 11:06:57 Windows Update
02-08-2015 03:00:10 Windows Update
11-08-2015 20:50:12 Windows Update
12-08-2015 03:00:45 Windows Update
14-08-2015 10:11:24 Removed Google Chrome
14-08-2015 10:16:54 Removed BlueStacks Notification Center
14-08-2015 10:18:35 LavasoftWeCompanion
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0065B546-2EB2-4CE4-BF5E-40EB27A56A89} - System32\Tasks\Superclean => c:\programdata\{e1149c99-a280-4e88-e114-49c99a287266}\hqghumeaylnlf.exe [2014-08-14] (Super PC Tools Ltd) <==== ATTENTION
Task: {03A32F87-6499-45E4-80C5-5522F8B0F794} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-06-30] (Web Bar Media) <==== ATTENTION
Task: {113E27C0-D653-42F4-913A-B36D1B54B79E} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {23AD32CF-B563-420B-8FB2-681F3DC97EF1} - System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-7 => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-7.exe [2015-08-14] (Cinema VideoV14.08) <==== ATTENTION
Task: {24CEC1F0-AF2A-4850-A20A-E2BED6E3641F} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-14] (globalUpdate) <==== ATTENTION
Task: {285E9EA0-A215-4A96-B2BA-5633050C2464} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.52\OptProLauncher.exe [2015-02-25] (PCUtilities Software Limited) <==== ATTENTION
Task: {2FFCF30E-6F81-4F08-A15F-BAFC7B2B4C25} - System32\Tasks\Selection Tools Update => C:\Users\Chad\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe [2015-03-02] (Nosibay) <==== ATTENTION
Task: {34FC2937-AF38-41B6-B9D4-37857F9E9E4E} - System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-10_user => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-10.exe [2015-08-14] (Cinema VideoV14.08) <==== ATTENTION
Task: {3825EA30-CF96-4FB6-9BD8-73A8A0C95910} - System32\Tasks\{F7D6BDA8-AD3A-40AF-8773-A66323F71320} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2015-07-14] (Microsoft Corporation)
Task: {45EFBACD-C417-4BC6-A2B3-24F2B09F479F} - System32\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV14.08\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-7.exe [2015-08-14] (Cinema PlusV14.08) <==== ATTENTION
Task: {47D185D6-09DC-43F1-B2E5-D04D10F84783} - System32\Tasks\SaveSense => C:\Users\Wendy\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4B0611D5-4040-4068-8092-B6B303B75AD7} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer)
Task: {4DB0485A-605C-4D3F-A216-2BC6CDF58D99} - System32\Tasks\{2EF30F3E-105C-431B-88FB-8C84708CE1D8} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2015-07-14] (Microsoft Corporation)
Task: {67550F40-7587-43F3-BD40-5CA293E35E53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core => C:\Users\Wendy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {6C46815E-04BA-4C69-A076-EB46BD89D945} - System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-1-7 => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-1-7.exe [2015-08-14] (Cinema VideoV14.08) <==== ATTENTION
Task: {6C77C6E9-85A8-444F-945C-634C9AE99688} - System32\Tasks\WindApp Update => C:\Users\Chad\AppData\Roaming\Store\WindApp\WindApp Update.exe [2015-02-20] (Nosibay) <==== ATTENTION
Task: {6D2A68A6-4C60-4264-B6A5-6A6257063419} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer)
Task: {6F08A72F-48D2-49DD-A0CF-152CF4748DF5} - System32\Tasks\UFGIMDA1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-08-09] (FlashBeat) <==== ATTENTION
Task: {74E700CE-BEF1-4F9F-B7B8-8D0C2446DCCC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {75EBDC16-2895-4A30-B3AB-53DD51E3E1B2} - System32\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV14.08\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-6.exe [2015-08-14] (Cinema PlusV14.08) <==== ATTENTION
Task: {761A91C6-7DEC-4518-A618-D0AE20725BD7} - System32\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV14.08\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-5.exe [2015-08-14] (Cinema PlusV14.08) <==== ATTENTION
Task: {7686A72E-B111-4537-9417-9B1B91D880F0} - \NSManager_1424999119 -> No File <==== ATTENTION
Task: {76E4791A-AFDA-4572-994D-005C59FAF927} - System32\Tasks\kcQG4y8Q7b0nJmGYU4EYSl => C:\Users\Chad\AppData\Roaming\kcQG4y8Q7b0nJmGYU4EYSl.exe [2015-04-20] () <==== ATTENTION
Task: {81ABF59C-305A-450F-8AA8-3852AD7AD72C} - System32\Tasks\674FFA33-52FC-436A-AF66-F9E720F2237E => C:\Users\Chad\AppData\Local\674FFA33-52FC-436A-AF66-F9E720F2237E\674FFA33-52FC-436A-AF66-F9E720F2237E.exe [2015-08-14] () <==== ATTENTION
Task: {82A7FF6C-4B73-41F3-847A-7B51DF7AA5F0} - System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-6 => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-6.exe [2015-08-14] (Cinema VideoV14.08) <==== ATTENTION
Task: {840A31BF-D1F2-4857-B57A-EDE17145F1E6} - System32\Tasks\bvxvyxvgy => C:\Users\Chad\AppData\Local\bvxvyxvgy\bvxvyxvgy.exe [2015-08-09] () <==== ATTENTION
Task: {893EEE60-D092-4C97-819C-2E1833454568} - System32\Tasks\Jarmeee => C:\Program Files\shopperz12082015\Hvnkaufcv.bat [2015-08-12] () <==== ATTENTION
Task: {8966C0E7-94A0-440A-9857-1C9BE97D83CD} - System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-5 => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-5.exe [2015-08-14] (Cinema VideoV14.08) <==== ATTENTION
Task: {8C5D940B-30DE-499D-A58F-D0A8939E6283} - System32\Tasks\{3A74EEE2-F0F5-4353-BD84-636DD0803D84} => C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [2008-12-24] (Brother Industries, Ltd.)
Task: {8E97174A-3A41-4F2A-8C76-8F470D659F37} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-06-30] (Web Bar Media) <==== ATTENTION
Task: {9BCF4996-94DE-45CD-B927-E58BA0E7DEA2} - System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-5_user => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-5.exe [2015-08-14] (Cinema VideoV14.08) <==== ATTENTION
Task: {9E352F36-C0BA-4C9F-AE93-9FB34689DBBA} - System32\Tasks\{A43E5F30-5F73-459D-B8CA-4C85E0BFDFA9} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {AE269C64-0B02-4757-A368-81C7E6EB576C} - System32\Tasks\{5EC2D0CC-29E1-455D-8A42-57A9B41770DD} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {AFA97FD4-3153-4338-8E10-9D5DD5947CC8} - System32\Tasks\{509A9ABA-3AB7-4BA8-B228-0DCB5C79704B} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {B0814CE5-9C86-4A2F-83FB-32A4988FF31B} - System32\Tasks\WXIODXGEPYYMWODY => C:\ProgramData\Service1291\Service1291.exe [2015-08-09] () <==== ATTENTION
Task: {B21CF51C-DA01-4D41-A00D-D9044F1864CF} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {B25A3E31-DC95-4E67-8A58-83530E36273B} - System32\Tasks\avayvxvaxc => C:\Users\Chad\AppData\Local\avayvxvaxc\avayvxvaxc.exe <==== ATTENTION
Task: {B5CC3836-975D-429E-A27C-0A80C05A3C68} - System32\Tasks\{C26A3FFB-CAE0-4751-8171-E6DA750D5E6C} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2015-07-14] (Microsoft Corporation)
Task: {BF559E7A-86A2-4A3B-B4C3-A3E38461B02C} - System32\Tasks\{4AC340CC-8E8C-4653-830C-F4CF2D34E670} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {C0C0031D-D710-4001-8E8E-5807A41A349B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA => C:\Users\Wendy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {C8759980-6FD5-4828-A343-C4E7FEBA6508} - System32\Tasks\{51D5E7D5-D3C3-44ED-8AFA-9F1E1641BD82} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {CECB3320-3927-4ED7-8CCE-999AD16DA1DF} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-14] (globalUpdate) <==== ATTENTION
Task: {DE739D0C-534E-467F-A6C1-3E9FFFD29092} - System32\Tasks\Norton Security Scan for Courtney => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.31\Nss.exe [2014-08-21] (Symantec Corporation)
Task: {E1FBC58B-5731-47AC-90B0-20A3F62BDB16} - System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-1-6 => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-1-6.exe [2015-08-14] (Cinema VideoV14.08) <==== ATTENTION
Task: {E75382F3-E1D1-47CF-84D4-8A8EFE80126C} - System32\Tasks\{4687D03B-0494-466E-883C-2CC15EA6E7E3} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {E7C430DD-F1CE-415A-993E-7A7F0EEAC045} - System32\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV14.08\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-10.exe [2015-08-14] (Cinema PlusV14.08) <==== ATTENTION
Task: {E7E73D5C-07A5-427B-BAF9-5807E3F653DE} - System32\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-3 => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-3.exe [2015-08-14] (Cinema VideoV14.08) <==== ATTENTION
Task: {EA194504-1515-4561-9D3D-EAF4AB03A6C0} - System32\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-5 => C:\Program Files (x86)\CinemaPlus-3.2cV14.08\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-5.exe [2015-08-14] (Cinema PlusV14.08) <==== ATTENTION
Task: {ED89A120-4373-48A3-A7CF-EC630BC9E11C} - System32\Tasks\{2CA32FA7-83AE-480F-A2D8-9FC088994810} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {F05E707D-3092-445B-94BC-2162D7C0D964} - System32\Tasks\Component System\Component => C:\Users\Chad\AppData\Local\Component\com.exe [2015-02-26] ()
Task: {FD94F924-FC23-4220-B7A6-228594F6DEE3} - System32\Tasks\{EC54ACBA-640B-468E-A82C-CE1B778DCC8B} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-1-6.job => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-1-7.job => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-10_user.job => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-3.job => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-5.job => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-5_user.job => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-6.job => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\97761141-f15e-4eed-a15b-1908f94c40a7-7.job => C:\Program Files (x86)\Cinemax Video 1.9cV14.08\97761141-f15e-4eed-a15b-1908f94c40a7-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV14.08\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV14.08\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV14.08\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV14.08\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV14.08\b19a8ec3-86f8-44f9-ad77-4696f381a7ac-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core.job => C:\Users\Wendy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA.job => C:\Users\Wendy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\kcQG4y8Q7b0nJmGYU4EYSl.job => C:\Users\Chad\AppData\Roaming\kcQG4y8Q7b0nJmGYU4EYSl.exe <==== ATTENTION
Task: C:\Windows\Tasks\Norton Security Scan for Courtney.job => 0x0106010000032A87A1C7A84EB98EB5298133034B4600900100000000D0020100200000000074B7012413048000130400D0228021DF07080005000E00000012000000A40100002D0043003A005C00500052004F004700520041007E0032005C004E004F00520054004F004E007E0032005C0045006E00670069006E0065005C003400310030007E0031002E00330031005C004E00730073002E00650078006500000017002F007300630061006E002D0071007500690063006B0020002F007300630068006500640075006C006500640000003C0043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004E006F00720074006F006E0020005300650063007500720069007400790020005300630061006E005C0045006E00670069006E0065005C0034002E0031002E0030002E0033003100000005004300680061006400000015004E006F00720074006F006E0020005300650063007500720069007400790020005300630061006E000000000008000000000000000000010030000000DF07020018000000000000000C0012000000000000000000000000000200000001007F000000000000000000
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\Wendy\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{e1149c99-a280-4e88-e114-49c99a287266}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\UFGIMDA1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\WXIODXGEPYYMWODY.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-14 10:27 - 2015-08-12 03:45 - 00353608 _____ () C:\Windows\system32\Uiviuuj64.dll
2015-08-14 10:27 - 2015-08-12 14:00 - 01448824 _____ () C:\Program Files\shopperz12082015\csrcc.exe
2015-08-12 03:45 - 2015-08-12 03:45 - 00171848 _____ () C:\Program Files\shopperz12082015\LuacRouct.exe
2015-08-14 10:27 - 2015-08-12 14:00 - 00297848 _____ () C:\Program Files\shopperz12082015\Yyoihge64.DLL
2015-08-14 10:27 - 2015-08-12 14:00 - 00285560 _____ () C:\Program Files\shopperz12082015\Kfcurobg.exe
2015-08-14 10:27 - 2015-08-12 14:00 - 00433528 _____ () C:\Program Files\shopperz12082015\Tuejet.exe
2015-08-14 10:27 - 2015-08-12 14:00 - 00464760 _____ () C:\Program Files\shopperz12082015\Tuejet64.exe
2015-08-14 10:27 - 2015-08-12 14:00 - 00631160 _____ () C:\Program Files\shopperz12082015\Vocvo64.DLL
2015-08-14 10:27 - 2015-08-12 14:00 - 00277880 _____ () C:\Program Files\shopperz12082015\Uizoa64.DLL
2015-08-14 10:27 - 2015-08-12 14:00 - 00337272 _____ () C:\Program Files\shopperz12082015\Pjepmjl64.DLL
2015-08-14 10:27 - 2015-08-12 14:00 - 00174968 _____ () C:\Program Files\shopperz12082015\Ideie.exe
2015-03-05 13:50 - 2015-03-05 13:50 - 00193536 _____ () C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631\jnsg30A7.tmp
2013-01-31 17:03 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2013-01-24 00:44 - 2012-01-26 22:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2015-08-12 03:45 - 2015-08-12 03:45 - 02043720 _____ () C:\Program Files\shopperz12082015\Uiviuuj.exe
2015-08-14 10:29 - 2015-08-13 04:45 - 03332240 _____ () C:\Users\Chad\AppData\Local\gmsd_us_005010060\upgmsd_us_005010060.exe
2015-08-14 10:27 - 2015-05-12 15:20 - 00808960 _____ () C:\Program Files\WebBar\2.0.5659.26749\ISightSDK_x64.dll
2015-08-14 10:34 - 2015-08-14 10:34 - 00003072 _____ () C:\Users\Chad\AppData\Local\Temp\isdkatBeOh6L\ISightHost.exe
2015-08-14 10:34 - 2015-05-12 15:20 - 00808960 _____ () C:\Users\Chad\AppData\Local\Temp\isdkatBeOh6L\ISightSDK.DLL
2013-01-24 02:04 - 2012-03-19 15:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-28 19:23 - 2013-08-28 19:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-08-14 10:29 - 2015-08-13 04:45 - 03981968 _____ () C:\Program Files (x86)\gmsd_us_005010060\gmsd_us_005010060.exe
2014-11-25 14:47 - 2014-11-25 14:47 - 01465880 _____ () C:\Program Files (x86)\StormWatch\StormWatchApp.exe
2015-02-26 13:52 - 2015-02-26 13:52 - 02018856 _____ () c:\Program Files (x86)\Optimizer Pro 3.52\OptProMon.dll
2015-08-14 10:27 - 2015-08-12 14:00 - 00291704 _____ () C:\Program Files\shopperz12082015\Yyoihge.DLL
2015-08-14 10:27 - 2015-08-12 14:00 - 00620408 _____ () C:\Program Files\shopperz12082015\Vocvo.DLL
2015-08-14 10:27 - 2015-08-12 14:00 - 00243576 _____ () C:\Program Files\shopperz12082015\Uizoa.DLL
2015-08-14 10:27 - 2015-08-12 14:00 - 00312184 _____ () C:\Program Files\shopperz12082015\Pjepmjl.DLL
2014-03-07 06:30 - 2014-02-17 22:46 - 00643948 ____N () C:\Program Files (x86)\WinPatrol\sqlite3.dll
2014-05-16 17:36 - 2015-07-03 11:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 04:17 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 04:17 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 04:17 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-29 09:37 - 2015-07-23 18:24 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 03:17 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 03:17 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 03:17 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 03:17 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 03:17 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-05-29 09:36 - 2015-07-23 18:23 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 13:43 - 2015-07-07 15:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2013-01-31 17:03 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-08-28 19:25 - 2013-08-28 19:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-01 15:35 - 2015-07-03 11:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"="lockcmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uiviuuj => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\coxhealth.com -> hxxps://sra.coxhealth.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{BEF5AFB5-B58D-4747-BA8F-6BBF9B4BE5FA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{BFE258E5-B2AB-40DA-9021-1D7A311E5E50}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{5AECB04D-B30E-4FE9-A912-D0E731328485}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6CB6DBA5-AA2E-482D-B930-A70C6DE02926}] => (Allow) LPort=2869
FirewallRules: [{D3D4C3FE-CE60-49D1-8464-C31B8408E034}] => (Allow) LPort=1900
FirewallRules: [{B01F5744-714D-4C67-AADB-48608A8C1449}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8E2D6300-548C-4656-84DA-6A56863C4C22}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{D390E428-E256-4D15-9149-C2DEE496B512}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{78922532-130C-47BB-877D-337AD0E1D8D9}] => (Allow) LPort=54925
FirewallRules: [{21B433C3-CD4E-4296-ADB0-3D940BD7CC4F}] => (Allow) C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6846653E-F418-4CB4-B6D0-562E2369A188}] => (Allow) C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{C0900857-0002-4197-AE6E-4F226CC8CB63}C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6CC33E03-4767-44CE-96A4-63FCC43DCAD3}C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{25FEB17B-F16C-423E-A71E-CBE6F61CF0CF}C:\program files (x86)\chessmaster\game.exe] => (Block) C:\program files (x86)\chessmaster\game.exe
FirewallRules: [UDP Query User{F56304FF-105F-4BF0-BFDC-3D8926184A45}C:\program files (x86)\chessmaster\game.exe] => (Block) C:\program files (x86)\chessmaster\game.exe
FirewallRules: [PotPlayer(PotPlayerMini.exe)] => (Allow) C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{96C29C36-A092-4BDD-98C7-FDB36332BABB}] => (Allow) C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{3B75A6DA-B7B2-46C3-BF19-5C28BDD7D875}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9CE3ABFB-2A9D-46C6-A273-E4505AC53953}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{43FFCDFD-E7DB-4EE5-A9C3-7154C9785D3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{FA548EE2-D9BC-49CF-95BA-56169DECA1B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{C8D87718-F97E-4899-B64F-3D74E177B45A}C:\program files\java\jdk1.8.0_05\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_05\bin\jmc.exe
FirewallRules: [UDP Query User{789275C9-7446-4626-AA24-C1600F346216}C:\program files\java\jdk1.8.0_05\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_05\bin\jmc.exe
FirewallRules: [{8BD77F53-28AE-499C-BE9A-3BA431423F7E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A6BA9CCE-D785-49E7-8C30-2781DE37152C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FEAC71C4-423D-47D3-ACF0-D13FD52EA44F}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{B868C5F3-FAC3-4E14-9B91-572A226FC856}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{7BA9AB8C-FE75-4AE0-A32D-6364ED3A8C2C}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{DA54F007-1BDF-4F29-ABB9-53A097B33BAF}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{D8AB13C8-C5A2-4D86-8D0E-F58A57632A03}] => (Allow) C:\Users\Chad\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{F59A8A25-D37A-4566-AAE4-40730160062A}] => (Allow) C:\Users\Chad\Ubiquiti UniFi\bin\mongod.exe
 
==================== Faulty Device Manager Devices =============
 
Name: qrnfd_1_10_0_9
Description: qrnfd_1_10_0_9
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: qrnfd_1_10_0_9
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Dell Wireless 1506 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1506 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/14/2015 10:35:14 AM) (Source: TOASTER.EXE) (EventID: 0) (User: )
Description: An Unhandled Exception occured.
Width and Height must be non-negative.
   at System.Windows.Rect..ctor(Double x, Double y, Double width, Double height)
   at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
   at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
Error: (08/14/2015 10:34:16 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (7924) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (08/14/2015 10:34:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/14/2015 10:30:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program fsd4192.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1584
 
Start Time: 01d0d6a61d303c99
 
Termination Time: 0
 
Application Path: C:\Users\Chad\AppData\Local\Temp\fsd4192.exe
 
Report Id: 66d87136-4299-11e5-a17b-d4bed9e1d989
 
Error: (08/14/2015 10:27:44 AM) (Source: TOASTER.EXE) (EventID: 0) (User: )
Description: An Unhandled Exception occured.
Width and Height must be non-negative.
   at System.Windows.Rect..ctor(Double x, Double y, Double width, Double height)
   at Toaster.Core.AppBarFunctions.ABSetPos(ABEdge edge, Window appbarWindow)
   at Toaster.Core.AppBarFunctions.RegisterInfo.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
Error: (08/14/2015 10:24:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: qrsvc.exe, version: 1.10.0.9, time stamp: 0x54d51cc7
Faulting module name: qrsvc.exe, version: 1.10.0.9, time stamp: 0x54d51cc7
Exception code: 0x40000015
Fault offset: 0x000250fc
Faulting process id: 0xacc
Faulting application start time: 0xqrsvc.exe0
Faulting application path: qrsvc.exe1
Faulting module path: qrsvc.exe2
Report Id: qrsvc.exe3
 
Error: (08/14/2015 10:20:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cf0
 
Start Time: 01d0d6a427f0d2f8
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: f0036c24-4297-11e5-a17b-d4bed9e1d989
 
Error: (08/14/2015 10:02:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/14/2015 09:59:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WeatherBug.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 21e4
 
Start Time: 01d0d522bd6c584a
 
Termination Time: 671
 
Application Path: C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
 
Report Id: 110b4aac-4295-11e5-a901-d4bed9e1d989
 
Error: (08/12/2015 10:23:09 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072F78) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f
 
 
System errors:
=============
Error: (08/14/2015 10:36:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (08/14/2015 10:33:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
qrnfd_1_10_0_9
 
Error: (08/14/2015 10:03:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (08/14/2015 10:01:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error: 
%%3
 
Error: (08/14/2015 10:00:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service;gadgetDataDir=C:\ProgramData\BlueStacks\UserData\Gadget" service failed to start due to the following error: 
%%2
 
Error: (08/14/2015 10:00:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error: 
%%2
 
Error: (08/14/2015 10:00:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error: 
%%3
 
Error: (08/14/2015 05:26:20 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 115.3.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/14/2015 05:26:20 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.203.2139.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (08/14/2015 05:26:20 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.203.2139.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office:
=========================
Error: (10/07/2014 12:06:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 33%
Total physical RAM: 6013.55 MB
Available physical RAM: 4026.86 MB
Total Virtual: 12025.3 MB
Available Virtual: 8609.97 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:917.84 GB) (Free:727.75 GB) NTFS
Drive d: (RCTYCOON) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C5E7756A)
Partition 1: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 62.5 MB) (Disk ID: B69F7E9F)
Partition 1: (Active) - (Size=62 MB) - (Type=06)
 
==================== End of log ============================

Attached Files


Edited by xXToffeeXx, 15 August 2015 - 01:54 PM.
Added addition log~


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:36 PM

Posted 15 August 2015 - 02:20 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Let's get going now :thumbup2:

==========================
 
Hi cpotter,
 
We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

CinemaPlus-3.2cV14.08
Cinemax Video 1.9cV14.08
dealpeaaKK
FlashBeat
Friendly Error
GamesDesktop 025.005010060
globalupdate Helper
Optimizer Pro v3.2
PriceLEsos
RandomDealApp
Search Protect
Selection Tools
Setup
Simple 1.1
SmartWeb
StormWatch
Super Optimizer v3.2
Todoist for Gmail
Web Bar 2.0.5659.26749
WindApp
WordSurfer 1.10.0.19

Additional instructions can be found here if needed.
 
--------------
 
We need to search for a file with FRST:

  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: dnsapi.dll
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Any errors with uninstalling programs
  • Search.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 15 August 2015 - 06:09 PM

Removed all programs without problem.  Search.txt file:

 

 

Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Chad (2015-08-15 18:03:06)
Running from C:\Users\Chad\Desktop
Boot Mode: Normal

================== Search Files: "dnsapi.dll" =============

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
[2012-02-27 10:19][2015-08-14 10:28] 0270336 ____A (Microsoft Corporation) 135D360C34DBCDE355BFBB42A070A4B7

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
[2012-02-27 10:19][2015-08-14 10:28] 0270336 ____A (Microsoft Corporation) AEA96FBA092B5A5095562913827E8769

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
[2010-11-20 22:24][2015-08-14 10:28] 0270336 ____A (Microsoft Corporation) 81A76DE1F3980745BA5A5FC9F589AC2A

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
[2012-02-27 10:19][2015-08-14 10:28] 0357888 ____A (Microsoft Corporation) 23ADF879B1427F036BB56DA3AE5E8DF2

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
[2012-02-27 10:19][2015-08-14 10:28] 0357888 ____A (Microsoft Corporation) 9BC89E73F8693699116729697CE4F8F9

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2010-11-20 22:24][2015-08-14 10:28] 0357888 ____A (Microsoft Corporation) A916733411703910DCC60E3F61D114AE

C:\Windows\SysWOW64\dnsapi.dll
[2012-02-27 10:19][2015-08-14 10:27] 0270336 ____A (Microsoft Corporation) AEA96FBA092B5A5095562913827E8769

C:\Windows\System32\dnsapi.dll
[2012-02-27 10:19][2015-08-14 10:27] 0357888 ____A (Microsoft Corporation) 9BC89E73F8693699116729697CE4F8F9

====== End of Search ======



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:36 PM

Posted 16 August 2015 - 04:18 AM

Hi cpotter,
 
Virustotal scan:

  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\System32\dnsapi.dll

C:\Windows\SysWOW64\dnsapi.dll

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply

--------------
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Virustotal link
  • FRST.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 16 August 2015 - 01:55 PM

C:\Windows\System32\dnsapi.dll:

 

https://www.virustotal.com/en/file/7d72a09c2839319b63db606961b81f0550ecd8906524fc40db6bc49b94ef6149/analysis/1439746294/

 

 

 

C:\Windows\SysWOW64\dnsapi.dll

 

https://www.virustotal.com/en/file/7d72a09c2839319b63db606961b81f0550ecd8906524fc40db6bc49b94ef6149/analysis/1439746800/

 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Chad (administrator) on KIDS-DESKTOP (16-08-2015 12:45:17)
Running from C:\Users\Chad\Desktop
Loaded Profiles: Chad (Available Profiles: Chad & Wendy & Courtney & Ethan & Alana & Austin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\shopperz12082015\csrcc.exe
() C:\Program Files\shopperz12082015\LuacRouct.exe
() C:\Program Files\shopperz12082015\Kfcurobg.exe
() C:\Program Files\shopperz12082015\Tuejet.exe
() C:\Program Files\shopperz12082015\Tuejet64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
() C:\Program Files\shopperz12082015\Ideie.exe
() C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631\jnsg30A7.tmp
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files (x86)\WinPatrol\WinPatrol.exe
(PCUtilities Software Limited) C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}\4219122282.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(PCUtilities Software Limited) C:\ProgramData\{2c474cc0-0dd8-f68e-2c47-74cc00dd3300}\5522860311.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\shopperz12082015\Uiviuuj.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Cinema PlusV16.08) C:\Program Files (x86)\CinemaPlus-3.2cV16.08\c6c83e61-312e-41f7-8150-c9e5ef879cc0-1-6.exe
(Cinema PlusV16.08) C:\Program Files (x86)\CinemaPlus-3.2cV16.08\c6c83e61-312e-41f7-8150-c9e5ef879cc0-10.exe
(Cinema PlusV16.08) C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-6.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [shopperz12082015] => C:\Program Files\shopperz12082015\Tuejet.exe [433528 2015-08-12] ()
HKLM\...\Run: [shopperz1208201564] => C:\Program Files\shopperz12082015\Tuejet64.exe [464760 2015-08-12] ()
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_us_005010060] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [GoogleChromeAutoLaunch_86B1671634484E474EC7B4154262F61B] => C:\Program Files (x86)\Fast Browser\Application\chrome.exe [713728 2014-03-22] (Fast Browser)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [WindApp] => "C:\Users\Chad\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Selection Tools] => "C:\Users\Chad\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
AppInit_DLLs-x32: c:\programdata\flashbeat\flashbeat32.dll => "c:\programdata\flashbeat\flashbeat32.dll" File not found
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4219122282.lnk [2015-02-26]
ShortcutTarget: 4219122282.lnk -> C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}\4219122282.exe (PCUtilities Software Limited)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5522860311.lnk [2015-02-26]
ShortcutTarget: 5522860311.lnk -> C:\ProgramData\{2c474cc0-0dd8-f68e-2c47-74cc00dd3300}\5522860311.exe (PCUtilities Software Limited)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-01-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
AlternateShell: lockcmd.exe
GroupPolicyUsers\S-1-5-21-708449748-1331662778-136288417-1007\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150226-120-ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M931A0CE8-D843-406B-82D4-3C1BC37278A2&SearchSource=55&CUI=&UM=8&UP=SPEFC6976C-3FC0-424C-8CB7-5F49501E4109&D=081415&SSPV=SP301081TB_sp_ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150226-120-ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D030515-AE7FF78344A184E0692F&form=CONBDF&conlogo=CT3331982&q={searchTerms}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\Uiviuuj.dll [283464 2015-08-14] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Uiviuuj.dll [283464 2015-08-14] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Uiviuuj.dll [283464 2015-08-14] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Uiviuuj.dll [283464 2015-08-14] ()
Winsock: Catalog9 15 C:\Windows\SysWOW64\Uiviuuj.dll [283464 2015-08-14] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Uiviuuj64.dll [353608 2015-08-14] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Uiviuuj64.dll [353608 2015-08-14] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Uiviuuj64.dll [353608 2015-08-14] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Uiviuuj64.dll [353608 2015-08-14] ()
Winsock: Catalog9-x64 15 C:\Windows\system32\Uiviuuj64.dll [353608 2015-08-14] ()
Tcpip\Parameters: [DhcpNameServer] 208.67.220.220 208.67.222.222
Tcpip\..\Interfaces\{522CC9A3-8913-4390-9A52-FEB63846953C}: [DhcpNameServer] 208.67.220.220 208.67.222.222
Tcpip\..\Interfaces\{BF53D017-3393-49A5-8C1B-3A559540193F}: [DhcpNameServer] 208.67.220.220 208.67.222.222
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20150226-120-ie-sm

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-16] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-16] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{3ea54411-9f2a-4a18-a93a-84312350f7c1}] - C:\Program Files\shopperz12082015\Firefox
FF Extension: shopperz12082015 - C:\Program Files\shopperz12082015\Firefox [2015-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6660744\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{3ea54411-9f2a-4a18-a93a-84312350f7c1}] - C:\Program Files\shopperz12082015\Firefox
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20150226-120-ff-sm

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-24]
CHR Extension: (Google Docs) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24]
CHR Extension: (Google Drive) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24]
CHR Extension: (YouTube) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-24]
CHR Extension: (Todoist for Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgenfnodoocmhnlnpknojdbjjnmecff [2015-08-03]
CHR Extension: (Google Search) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-24]
CHR Extension: (Google Sheets) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
R2 csrcc; C:\Program Files\shopperz12082015\csrcc.exe [1448824 2015-08-12] ()
R2 ElejooLyunp; C:\Program Files\shopperz12082015\LuacRouct.exe [171848 2015-08-12] ()
R2 fb34c88a-8ad6-4355-a5df-7f6d006d9cdb; C:\Program Files\shopperz12082015\Kfcurobg.exe [285560 2015-08-12] ()
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-16] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-16] (globalUpdate) [File not signed] <==== ATTENTION
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 shopperz12082015 Updater; C:\Program Files\shopperz12082015\Ideie.exe [174968 2015-08-12] ()
R2 sibehylo; C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631\jnsg30A7.tmp [193536 2015-03-05] () [File not signed]
R3 Uiviuuj; C:\Program Files\shopperz12082015\Uiviuuj.exe [2043720 2015-08-12] ()
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-08-14] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-06-18] (Cherimoya Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-24] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
S1 tehetelu; \??\C:\Windows\system32\drivers\tehetelu.sys [X]
S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 12:45 - 2015-08-16 12:45 - 00024687 _____ C:\Users\Chad\Desktop\FRST.txt
2015-08-16 12:45 - 2015-08-16 12:45 - 00000000 ____D C:\Users\Chad\Desktop\FRST-OlderVersion
2015-08-16 12:44 - 2015-08-16 12:44 - 00000254 _____ C:\Users\Chad\Desktop\Virus Total.txt
2015-08-16 12:23 - 2015-08-16 12:23 - 00000000 ____D C:\Users\Chad\AppData\Local\GWX
2015-08-16 12:06 - 2015-08-16 12:06 - 00005474 _____ C:\Windows\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5
2015-08-16 12:06 - 2015-08-16 12:06 - 00002444 _____ C:\Windows\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user.job
2015-08-16 12:06 - 2015-08-16 12:06 - 00002444 _____ C:\Windows\Tasks\753e7b31-8664-4662-a958-e1e075582739-5.job
2015-08-16 12:05 - 2015-08-16 12:06 - 00006164 _____ C:\Windows\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6
2015-08-16 12:05 - 2015-08-16 12:05 - 00006502 _____ C:\Windows\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7
2015-08-16 12:05 - 2015-08-16 12:05 - 00003472 _____ C:\Windows\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7.job
2015-08-16 12:05 - 2015-08-16 12:05 - 00003136 _____ C:\Windows\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6.job
2015-08-16 12:05 - 2015-08-16 12:05 - 00002110 _____ C:\Windows\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user.job
2015-08-16 10:06 - 2015-08-16 12:10 - 00000972 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-08-16 10:06 - 2015-08-16 12:10 - 00000968 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-16 10:06 - 2015-08-16 12:06 - 00003136 _____ C:\Windows\Tasks\c6c83e61-312e-41f7-8150-c9e5ef879cc0-1-6.job
2015-08-16 10:06 - 2015-08-16 12:06 - 00002110 _____ C:\Windows\Tasks\c6c83e61-312e-41f7-8150-c9e5ef879cc0-10_user.job
2015-08-16 10:06 - 2015-08-16 12:05 - 00003970 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-08-16 10:06 - 2015-08-16 12:05 - 00003716 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-08-16 10:06 - 2015-08-16 10:06 - 00006502 _____ C:\Windows\System32\Tasks\c6c83e61-312e-41f7-8150-c9e5ef879cc0-1-7
2015-08-16 10:06 - 2015-08-16 10:06 - 00006164 _____ C:\Windows\System32\Tasks\c6c83e61-312e-41f7-8150-c9e5ef879cc0-1-6
2015-08-16 10:06 - 2015-08-16 10:06 - 00005474 _____ C:\Windows\System32\Tasks\c6c83e61-312e-41f7-8150-c9e5ef879cc0-5
2015-08-16 10:06 - 2015-08-16 10:06 - 00003472 _____ C:\Windows\Tasks\c6c83e61-312e-41f7-8150-c9e5ef879cc0-1-7.job
2015-08-16 10:06 - 2015-08-16 10:06 - 00002444 _____ C:\Windows\Tasks\c6c83e61-312e-41f7-8150-c9e5ef879cc0-5_user.job
2015-08-16 10:06 - 2015-08-16 10:06 - 00002444 _____ C:\Windows\Tasks\c6c83e61-312e-41f7-8150-c9e5ef879cc0-5.job
2015-08-16 10:05 - 2015-08-16 12:06 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV16.08
2015-08-15 16:27 - 2015-08-15 16:27 - 00000000 ____D C:\ProgramData\48fb485c00001bbd
2015-08-15 16:26 - 2015-08-15 16:26 - 00000000 ____D C:\Program Files (x86)\predm
2015-08-15 12:50 - 2015-08-16 12:45 - 02173440 _____ (Farbar) C:\Users\Chad\Desktop\FRST64.exe
2015-08-15 12:50 - 2015-08-16 12:45 - 00000000 ____D C:\FRST
2015-08-14 10:30 - 2015-08-14 10:30 - 00034712 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2015-08-14 10:28 - 2015-08-15 16:29 - 00000000 ____D C:\Users\Chad\AppData\Local\SmartWeb
2015-08-14 10:27 - 2015-08-16 10:32 - 00000340 ____H C:\Windows\Tasks\WXIODXGEPYYMWODY.job
2015-08-14 10:27 - 2015-08-16 10:27 - 00000338 _____ C:\Windows\Tasks\Superclean.job
2015-08-14 10:27 - 2015-08-15 18:09 - 00000328 _____ C:\Windows\Tasks\UFGIMDA1.job
2015-08-14 10:27 - 2015-08-15 18:00 - 00004632 _____ C:\Windows\SysWOW64\Uiviuuj.ini
2015-08-14 10:27 - 2015-08-15 18:00 - 00002352 _____ C:\Windows\SysWOW64\UiviuujOff.ini
2015-08-14 10:27 - 2015-08-15 18:00 - 00002352 _____ C:\Windows\system32\UiviuujOff.ini
2015-08-14 10:27 - 2015-08-14 10:30 - 00000000 ____D C:\Program Files\shopperz12082015
2015-08-14 10:27 - 2015-08-14 10:27 - 00003642 _____ C:\Windows\System32\Tasks\Jarmeee
2015-08-14 10:27 - 2015-08-14 10:27 - 00003372 _____ C:\Windows\System32\Tasks\WXIODXGEPYYMWODY
2015-08-14 10:27 - 2015-08-14 10:27 - 00003248 _____ C:\Windows\System32\Tasks\Superclean
2015-08-14 10:27 - 2015-08-14 10:27 - 00002850 _____ C:\Windows\System32\Tasks\UFGIMDA1
2015-08-14 10:27 - 2015-08-14 10:27 - 00000045 _____ C:\user.js
2015-08-14 10:27 - 2015-08-14 10:27 - 00000000 ____D C:\Windows\system32\qij
2015-08-14 10:27 - 2015-08-14 10:27 - 00000000 ____D C:\ProgramData\{e1149c99-a280-4e88-e114-49c99a287266}
2015-08-14 10:27 - 2015-08-12 03:45 - 00353608 _____ C:\Windows\system32\Uiviuuj64.dll
2015-08-14 10:27 - 2015-08-12 03:45 - 00283464 _____ C:\Windows\SysWOW64\Uiviuuj.dll
2015-08-14 10:27 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-08-14 10:26 - 2015-08-15 18:09 - 00000000 ____D C:\ProgramData\FlashBeat
2015-08-14 10:26 - 2015-08-14 10:27 - 00000000 ____D C:\ProgramData\Service1291
2015-08-14 10:26 - 2015-08-14 10:26 - 00004298 _____ C:\Windows\System32\Tasks\674FFA33-52FC-436A-AF66-F9E720F2237E
2015-08-14 10:26 - 2015-08-14 10:26 - 00000000 ____D C:\Users\Chad\AppData\Local\674FFA33-52FC-436A-AF66-F9E720F2237E
2015-08-14 10:26 - 2015-08-14 10:26 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-14 10:10 - 2015-08-16 10:10 - 00001012 _____ C:\Windows\Tasks\kcQG4y8Q7b0nJmGYU4EYSl.job
2015-08-14 10:10 - 2015-08-14 10:10 - 00004044 _____ C:\Windows\System32\Tasks\kcQG4y8Q7b0nJmGYU4EYSl
2015-08-14 10:09 - 2015-08-16 12:05 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-14 10:09 - 2015-08-16 10:06 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-14 10:09 - 2015-08-14 10:09 - 00000000 ____D C:\Users\Chad\AppData\Local\globalUpdate
2015-08-14 10:08 - 2015-08-14 10:10 - 00001682 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-08-14 10:04 - 2015-08-14 10:04 - 00000000 ____D C:\Users\Chad\Documents\Alice3
2015-08-12 20:03 - 2015-08-12 20:03 - 00000024 _____ C:\Users\Alana\AppData\Roaming\appdataFr25.bin
2015-08-12 20:03 - 2015-08-12 20:03 - 00000000 ____D C:\Users\Alana\AppData\Local\Google
2015-08-12 04:55 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:55 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 21:03 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 21:03 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 21:03 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 21:03 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 21:03 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 21:03 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 21:03 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 21:03 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 21:03 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 21:03 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 21:03 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 21:03 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 21:03 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 21:03 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 21:03 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 21:03 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 21:03 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 21:03 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 21:03 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 21:03 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 21:03 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 21:03 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 21:03 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 21:03 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 21:03 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 21:03 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 21:02 - 2015-07-30 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 21:02 - 2015-07-30 11:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 21:02 - 2015-07-30 11:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 21:02 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 21:02 - 2015-07-20 19:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 21:02 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 21:02 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-11 21:02 - 2015-07-16 15:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-11 21:02 - 2015-07-16 15:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 21:02 - 2015-07-16 15:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 21:02 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 21:02 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 21:02 - 2015-07-16 15:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 21:02 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 21:02 - 2015-07-16 15:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 21:02 - 2015-07-16 15:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 21:02 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 21:02 - 2015-07-16 15:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 21:02 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 21:02 - 2015-07-16 15:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 21:02 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-11 21:02 - 2015-07-16 15:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 21:02 - 2015-07-16 15:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 21:02 - 2015-07-16 15:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-11 21:02 - 2015-07-16 15:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 21:02 - 2015-07-16 14:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 21:02 - 2015-07-16 14:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 21:02 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 21:02 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 21:02 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 21:02 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 21:02 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 21:02 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 21:02 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 21:02 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 21:02 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 21:02 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 21:02 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 21:02 - 2015-07-16 14:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 21:02 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 21:02 - 2015-07-16 14:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 21:02 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 21:02 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 21:02 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 21:02 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 21:02 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 21:02 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 21:02 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 21:02 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 21:02 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 21:02 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 21:02 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 21:02 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 21:02 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 21:02 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 21:02 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 21:02 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 21:02 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 21:02 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 21:02 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 21:02 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 21:02 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 21:02 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 21:02 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 21:02 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 21:02 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 21:02 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 21:02 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 21:02 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 21:02 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 21:02 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 21:01 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 21:01 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 21:01 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 21:01 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 21:01 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 21:01 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-03 10:36 - 2015-08-03 10:36 - 00000024 _____ C:\Users\Courtney\AppData\Roaming\appdataFr25.bin
2015-08-03 10:32 - 2015-08-03 10:32 - 00000020 _____ C:\Users\Courtney\AppData\Roaming\appdataFr2.bin
2015-08-03 10:32 - 2015-08-03 10:32 - 00000000 ____D C:\Users\Courtney\AppData\Local\Google
2015-08-03 10:32 - 2015-08-03 10:32 - 00000000 ____D C:\Program Files (x86)\deaLpeeak
2015-08-03 10:32 - 2015-08-03 10:32 - 00000000 ____D C:\Program Files (x86)\dealpeaak
2015-07-24 12:58 - 2015-07-24 12:58 - 00000020 _____ C:\Users\Chad\AppData\Roaming\appdataFr2.bin
2015-07-24 12:57 - 2015-08-14 10:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-23 03:20 - 2015-07-23 03:20 - 00000000 ____D C:\Users\Chad\AppData\Local\CEF
2015-07-22 13:43 - 2015-07-22 13:43 - 00000000 ____D C:\Users\Courtney\AppData\Local\CEF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 12:38 - 2014-03-04 11:38 - 00000292 _____ C:\Windows\Tasks\SaveSense.job
2015-08-16 12:31 - 2013-01-24 00:27 - 01414609 _____ C:\Windows\WindowsUpdate.log
2015-08-16 12:28 - 2009-07-13 23:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-16 12:28 - 2009-07-13 23:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-16 12:13 - 2014-08-21 13:04 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA.job
2015-08-16 12:11 - 2013-04-09 14:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-16 10:18 - 2013-01-31 19:54 - 00000000 ___RD C:\Dropbox
2015-08-16 09:59 - 2013-01-31 17:17 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Dropbox
2015-08-16 09:45 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-16 09:44 - 2014-08-21 13:04 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core.job
2015-08-16 09:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-15 18:00 - 2014-06-24 09:28 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-15 18:00 - 2013-01-24 00:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-08-15 18:00 - 2013-01-24 00:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-08-15 18:00 - 2013-01-24 00:44 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-08-15 18:00 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-15 18:00 - 2009-07-13 23:51 - 00040671 _____ C:\Windows\setupact.log
2015-08-15 17:59 - 2015-02-24 18:49 - 00000000 ____D C:\ProgramData\Yahoo!
2015-08-15 17:59 - 2010-11-20 22:47 - 00174906 _____ C:\Windows\PFRO.log
2015-08-15 17:56 - 2015-03-05 13:52 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Store
2015-08-15 16:29 - 2015-03-05 13:52 - 00000000 ____D C:\Users\Chad\AppData\Roaming\WTools
2015-08-15 16:29 - 2015-02-26 13:47 - 00000000 ____D C:\Program Files (x86)\Simple
2015-08-15 16:25 - 2014-04-03 17:29 - 00000000 ____D C:\Program Files (x86)\BigBrainz
2015-08-15 13:06 - 2015-02-24 18:49 - 00000450 ____H C:\Windows\Tasks\Norton Security Scan for Courtney.job
2015-08-15 12:52 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-14 10:34 - 2013-01-31 13:37 - 00001998 _____ C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 10:27 - 2012-02-27 10:19 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-14 10:27 - 2012-02-27 10:19 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-14 10:17 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-14 10:10 - 2015-03-05 13:51 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Nosibay
2015-08-14 10:06 - 2014-11-18 14:29 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieBrowserModeList
2015-08-14 10:06 - 2014-09-17 19:31 - 00000000 ____D C:\Users\Chad\Ubiquiti UniFi
2015-08-14 10:06 - 2014-06-12 21:27 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieUserList
2015-08-14 10:06 - 2014-06-12 21:27 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieSiteList
2015-08-14 10:05 - 2015-03-05 13:51 - 00000000 ____D C:\Users\Chad\AppData\Local\4C4C4544-1425559902-5610-8036-C8C04F365631
2015-08-14 10:04 - 2013-01-31 13:36 - 00000000 ____D C:\Users\Chad\AppData\Local\VirtualStore
2015-08-14 10:03 - 2015-03-05 13:50 - 00000000 ____D C:\Users\Chad\Documents\ProPCCleaner
2015-08-13 11:11 - 2014-09-01 20:55 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{476E3A41-C099-4B2C-AE55-57CB34F65FC2}
2015-08-12 20:04 - 2013-03-08 10:45 - 00002169 _____ C:\Users\Alana\Desktop\50 Nifty United States.lnk
2015-08-12 10:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 05:15 - 2009-07-13 23:45 - 00307464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 05:12 - 2014-12-12 04:27 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 05:12 - 2014-05-06 08:26 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 04:56 - 2013-01-31 17:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 04:55 - 2013-03-14 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 04:54 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 04:54 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:13 - 2013-08-15 03:06 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:01 - 2013-01-31 14:33 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 20:57 - 2013-09-17 10:28 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1BCF057A-8DDD-4EFA-AA0C-47AD30C18362}
2015-08-11 20:39 - 2013-04-09 14:54 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 20:39 - 2013-04-09 14:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 20:39 - 2013-04-09 14:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 20:38 - 2015-04-14 14:11 - 08710344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-03 10:33 - 2015-02-26 13:54 - 00000000 ____D C:\ProgramData\10973181966752926390
2015-08-03 10:32 - 2013-02-15 10:37 - 00002216 _____ C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-12-11 10:24 - 00002126 _____ C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-03-08 10:53 - 00002126 _____ C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-01-31 19:58 - 00002126 _____ C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-23 08:42 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-20 19:35 - 2014-08-21 13:05 - 00002376 _____ C:\Users\Wendy\Desktop\Google Chrome.lnk
2015-07-20 19:08 - 2014-08-21 13:04 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA
2015-07-20 19:08 - 2014-08-21 13:04 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core
2015-07-17 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX

==================== Files in the root of some directories =======

2015-07-24 12:58 - 2015-07-24 12:58 - 0000020 _____ () C:\Users\Chad\AppData\Roaming\appdataFr2.bin
2015-03-05 13:51 - 2015-03-05 13:52 - 0001270 _____ () C:\Users\Chad\AppData\Roaming\Bubble Dock.boostrap.log
2015-03-05 13:51 - 2015-03-05 13:52 - 0005712 _____ () C:\Users\Chad\AppData\Roaming\Bubble Dock.installation.log
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Chad\AppData\Roaming\kcQG4y8Q7b0nJmGYU4EYSl
2015-04-20 09:05 - 2015-04-20 09:05 - 1579520 _____ () C:\Users\Chad\AppData\Roaming\kcQG4y8Q7b0nJmGYU4EYSl.exe
2015-03-05 13:52 - 2015-03-05 13:52 - 0000078 _____ () C:\Users\Chad\AppData\Roaming\Selection Tools.installation.log
2015-03-05 13:51 - 2015-03-05 13:51 - 0000097 _____ () C:\Users\Chad\AppData\Roaming\WindApp.boostrap.log
2015-03-05 13:52 - 2015-03-05 13:52 - 0000078 _____ () C:\Users\Chad\AppData\Roaming\WindApp.installation.log
2014-03-01 18:16 - 2014-03-01 18:16 - 0002763 _____ () C:\ProgramData\connector.swf
2013-12-04 12:11 - 2013-12-04 12:11 - 0000097 _____ () C:\ProgramData\SAH_Install.ini

Some files in TEMP:
====================
C:\Users\Alana\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Austin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Chad\AppData\Local\Temp\0327283293.exe
C:\Users\Chad\AppData\Local\Temp\0815656566.exe
C:\Users\Chad\AppData\Local\Temp\120.exe
C:\Users\Chad\AppData\Local\Temp\1232.exe
C:\Users\Chad\AppData\Local\Temp\1274569040.exe
C:\Users\Chad\AppData\Local\Temp\1384.exe
C:\Users\Chad\AppData\Local\Temp\2320007614.exe
C:\Users\Chad\AppData\Local\Temp\2453.exe
C:\Users\Chad\AppData\Local\Temp\2924.exe
C:\Users\Chad\AppData\Local\Temp\2934.exe
C:\Users\Chad\AppData\Local\Temp\3042042023.exe
C:\Users\Chad\AppData\Local\Temp\3891870165.exe
C:\Users\Chad\AppData\Local\Temp\4219122282.exe
C:\Users\Chad\AppData\Local\Temp\4825511705.exe
C:\Users\Chad\AppData\Local\Temp\5522860311.exe
C:\Users\Chad\AppData\Local\Temp\586.exe
C:\Users\Chad\AppData\Local\Temp\5968294880.exe
C:\Users\Chad\AppData\Local\Temp\6246328847.exe
C:\Users\Chad\AppData\Local\Temp\6325631993.exe
C:\Users\Chad\AppData\Local\Temp\714.exe
C:\Users\Chad\AppData\Local\Temp\7780274947.exe
C:\Users\Chad\AppData\Local\Temp\7921266084.exe
C:\Users\Chad\AppData\Local\Temp\9213.exe
C:\Users\Chad\AppData\Local\Temp\9773639952.exe
C:\Users\Chad\AppData\Local\Temp\CitrixReceiver.exe
C:\Users\Chad\AppData\Local\Temp\clrvu.exe
C:\Users\Chad\AppData\Local\Temp\conduitsetup.exe
C:\Users\Chad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd0gq08.dll
C:\Users\Chad\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Chad\AppData\Local\Temp\fsd4192.exe
C:\Users\Chad\AppData\Local\Temp\Gre556B.exe
C:\Users\Chad\AppData\Local\Temp\GreD168.exe
C:\Users\Chad\AppData\Local\Temp\jue640F.exe
C:\Users\Chad\AppData\Local\Temp\mVOE2C0.exe
C:\Users\Chad\AppData\Local\Temp\ntwdblib.dll
C:\Users\Chad\AppData\Local\Temp\oprun17518.exe
C:\Users\Chad\AppData\Local\Temp\oprun21448.exe
C:\Users\Chad\AppData\Local\Temp\optprosetup.exe
C:\Users\Chad\AppData\Local\Temp\pfsetup.exe
C:\Users\Chad\AppData\Local\Temp\Pgs3582.exe
C:\Users\Chad\AppData\Local\Temp\Pgs794.exe
C:\Users\Chad\AppData\Local\Temp\Pgs859F.exe
C:\Users\Chad\AppData\Local\Temp\setacl.exe
C:\Users\Chad\AppData\Local\Temp\SpOrder.dll
C:\Users\Chad\AppData\Local\Temp\supoptsetup.exe
C:\Users\Chad\AppData\Local\Temp\Tem600A.exe
C:\Users\Chad\AppData\Local\Temp\TUp1EDD.exe
C:\Users\Chad\AppData\Local\Temp\Uninstall.exe
C:\Users\Chad\AppData\Local\Temp\UUC4C0B.exe
C:\Users\Chad\AppData\Local\Temp\UUCC61C.exe
C:\Users\Chad\AppData\Local\Temp\UUCF17F.exe
C:\Users\Chad\AppData\Local\Temp\wcdsetup.exe
C:\Users\Courtney\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Ethan\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Ethan\AppData\Local\Temp\Setup.exe
C:\Users\Ethan\AppData\Local\Temp\sysad.exe
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite19861.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite22545.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite23709.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite32676.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite46333.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite49519.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite50603.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite50639.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite51526.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite55350.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite55760.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite63081.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite68772.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite70136.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite78818.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite81072.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite84711.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite89341.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite90664.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite91926.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite95450.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite97662.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite97894.dll
C:\Users\Wendy\AppData\Local\Temp\Foxit Updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2012-02-27 10:19] - [2015-08-14 10:27] - 0357888 ____A (Microsoft Corporation) 9BC89E73F8693699116729697CE4F8F9

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-12 10:21

==================== End of log ============================


Edited by xXToffeeXx, 16 August 2015 - 02:00 PM.
Removed formatting from the log~


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:36 PM

Posted 16 August 2015 - 02:04 PM

Hi cpotter,
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner scan log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 16 August 2015 - 02:39 PM

# AdwCleaner v5.000 - Logfile created 16/08/2015 at 14:31:50
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Chad - KIDS-DESKTOP
# Running from : C:\Users\Chad\Desktop\AdwCleaner2.exe
# Option : Scan

***** [ Services ] *****

Service Found : bsdriver
Service Found : cherimoya
Service Found : csrcc
Service Found : globalUpdate
Service Found : globalUpdatem
Service Found : qrnfd_1_10_0_9
Service Found : wsafd_1_10_0_19
Service Found : fb34c88a-8ad6-4355-a5df-7f6d006d9cdb

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\igs
Folder Found : C:\Program Files (x86)\coupoonPPeak
Folder Found : C:\Program Files (x86)\dealpeaak
Folder Found : C:\Program Files (x86)\deaLpeeak
Folder Found : C:\Program Files (x86)\DealssFFiindeRPrO
Folder Found : C:\Program Files (x86)\deuaLpeak
Folder Found : C:\Program Files (x86)\doeal2dealit
Folder Found : C:\Program Files (x86)\FloashCoupon
Folder Found : C:\Program Files (x86)\FluAshCOaupoN
Folder Found : C:\Program Files (x86)\LLucikyCouepon
Folder Found : C:\Program Files (x86)\LUCkyCoupon
Folder Found : C:\Program Files (x86)\LuckyoCoupOn
Folder Found : C:\Program Files (x86)\PriceLEsos
Folder Found : C:\Program Files (x86)\PriincceCouponn
Folder Found : C:\Program Files (x86)\QueenCoouPoone
Folder Found : C:\Program Files (x86)\QuieennCoupon
Folder Found : C:\Program Files (x86)\RoYalShopperAPp
Folder Found : C:\Program Files (x86)\SalesoMagneT
Folder Found : C:\Program Files (x86)\TicTaCioupoun
Folder Found : C:\Program Files (x86)\TicTaCouoPonn
Folder Found : C:\Program Files (x86)\TicTiaoCaooupoN
Folder Found : C:\Program Files (x86)\WowCouapon
Folder Found : C:\Program Files (x86)\CinemaPlus-3.2cV16.08
Folder Found : C:\ProgramData\RandomDealApp
Folder Found : C:\ProgramData\FlashBeat
Folder Found : C:\ProgramData\48fb485c00001bbd
Folder Found : C:\ProgramData\{03b822de-584e-9463-03b8-822de5848b79}
Folder Found : C:\ProgramData\{2c474cc0-0dd8-f68e-2c47-74cc00dd3300}
Folder Found : C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}
Folder Found : C:\ProgramData\{e1149c99-a280-4e88-e114-49c99a287266}
Folder Found : C:\ProgramData\jkdopenjhjkigclomhfeeclfemipeelm
Folder Found : C:\Users\Chad\AppData\Local\globalUpdate
Folder Found : C:\Users\Chad\AppData\Local\SmartWeb
Folder Found : C:\Users\Chad\AppData\Local\4C4C4544-1425559902-5610-8036-C8C04F365631
Folder Found : C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgenfnodoocmhnlnpknojdbjjnmecff
Folder Found : C:\Users\Chad\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Found : C:\Users\Chad\AppData\Roaming\Nosibay
Folder Found : C:\Users\Chad\AppData\Roaming\Store
Folder Found : C:\Users\Chad\AppData\Roaming\WTools
Folder Found : C:\Users\Courtney\AppData\LocalLow\visi_coupon
Folder Found : C:\Users\Courtney\AppData\LocalLow\YahooCouponAddOn
Folder Found : C:\Users\Courtney\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Ethan\AppData\Local\StormWatch
Folder Found : C:\Users\Ethan\AppData\Local\Search Extensions
Folder Found : C:\Users\Ethan\AppData\Roaming\ShopAtHome
Folder Found : C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgenfnodoocmhnlnpknojdbjjnmecff
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect

***** [ Files ] *****

File Found : C:\END
File Found : C:\Users\Alana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Alana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Chad\AppData\Roaming\Bubble Dock.boostrap.log
File Found : C:\Users\Chad\AppData\Roaming\Bubble Dock.installation.log
File Found : C:\Users\Chad\AppData\Roaming\Selection Tools.installation.log
File Found : C:\Users\Chad\AppData\Roaming\WindApp.boostrap.log
File Found : C:\Users\Chad\AppData\Roaming\WindApp.installation.log
File Found : C:\Users\Chad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eBay.lnk
File Found : C:\Users\Chad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Facebook.lnk
File Found : C:\Users\Chad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Youtube.lnk
File Found : C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
File Found : C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk
File Found : C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Windows\Sysnative\drivers\bsdriver.sys
File Found : C:\Windows\Sysnative\drivers\cherimoya.sys

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
Task Found : SaveSense
Task Found : Superclean
Task Found : 753e7b31-8664-4662-a958-e1e075582739-1-6
Task Found : 753e7b31-8664-4662-a958-e1e075582739-1-7
Task Found : 753e7b31-8664-4662-a958-e1e075582739-10_user
Task Found : 753e7b31-8664-4662-a958-e1e075582739-5
Task Found : 753e7b31-8664-4662-a958-e1e075582739-5_user
Task Found : c6c83e61-312e-41f7-8150-c9e5ef879cc0-1-6
Task Found : c6c83e61-312e-41f7-8150-c9e5ef879cc0-1-7
Task Found : c6c83e61-312e-41f7-8150-c9e5ef879cc0-10_user
Task Found : c6c83e61-312e-41f7-8150-c9e5ef879cc0-5
Task Found : c6c83e61-312e-41f7-8150-c9e5ef879cc0-5_user
Task Found : 753e7b31-8664-4662-a958-e1e075582739-1-6
Task Found : 753e7b31-8664-4662-a958-e1e075582739-1-7
Task Found : 753e7b31-8664-4662-a958-e1e075582739-10_user
Task Found : 753e7b31-8664-4662-a958-e1e075582739-5
Task Found : 753e7b31-8664-4662-a958-e1e075582739-5_user
Task Found : b19a8ec3-86f8-44f9-ad77-4696f381a7ac-10_user
Task Found : c6c83e61-312e-41f7-8150-c9e5ef879cc0-1-6
Task Found : c6c83e61-312e-41f7-8150-c9e5ef879cc0-1-7
Task Found : c6c83e61-312e-41f7-8150-c9e5ef879cc0-10_user
Task Found : c6c83e61-312e-41f7-8150-c9e5ef879cc0-5
Task Found : c6c83e61-312e-41f7-8150-c9e5ef879cc0-5_user
Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]
Key Found : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Key Found : HKLM\SOFTWARE\Classes\P02d790d0_a434_4baa_814d_01ab5e443417_.P02d790d0_a434_4baa_814d_01ab5e443417_
Key Found : HKLM\SOFTWARE\Classes\P02d790d0_a434_4baa_814d_01ab5e443417_.P02d790d0_a434_4baa_814d_01ab5e443417_.9
Key Found : HKLM\SOFTWARE\Classes\P50ABDBDE_F0DF_49E8_8EC5_607044640D0D_.P50ABDBDE_F0DF_49E8_8EC5_607044640D0D_
Key Found : HKLM\SOFTWARE\Classes\P50ABDBDE_F0DF_49E8_8EC5_607044640D0D_.P50ABDBDE_F0DF_49E8_8EC5_607044640D0D_.9
Key Found : HKLM\SOFTWARE\Classes\P597a0c5c_312e_4d3d_a390_78fd5b0809c1_.P597a0c5c_312e_4d3d_a390_78fd5b0809c1_
Key Found : HKLM\SOFTWARE\Classes\P597a0c5c_312e_4d3d_a390_78fd5b0809c1_.P597a0c5c_312e_4d3d_a390_78fd5b0809c1_.9
Key Found : HKLM\SOFTWARE\Classes\P97ca89fe_201e_4b24_a703_bc5390411fc5_.P97ca89fe_201e_4b24_a703_bc5390411fc5_
Key Found : HKLM\SOFTWARE\Classes\P97ca89fe_201e_4b24_a703_bc5390411fc5_.P97ca89fe_201e_4b24_a703_bc5390411fc5_.9
Key Found : HKLM\SOFTWARE\Classes\Pc482e92d_9bc4_4f7b_9270_fbc1b40ef7a5_.Pc482e92d_9bc4_4f7b_9270_fbc1b40ef7a5_
Key Found : HKLM\SOFTWARE\Classes\Pc482e92d_9bc4_4f7b_9270_fbc1b40ef7a5_.Pc482e92d_9bc4_4f7b_9270_fbc1b40ef7a5_.9
Key Found : HKLM\SOFTWARE\Classes\Pd431d442_a26b_4027_af62_4371e102155d_.Pd431d442_a26b_4027_af62_4371e102155d_
Key Found : HKLM\SOFTWARE\Classes\Pd431d442_a26b_4027_af62_4371e102155d_.Pd431d442_a26b_4027_af62_4371e102155d_.9
Key Found : HKLM\SOFTWARE\Classes\PFA23B9A8_6B0B_4B4B_A979_3E608D6BA055_.PFA23B9A8_6B0B_4B4B_A979_3E608D6BA055_
Key Found : HKLM\SOFTWARE\Classes\PFA23B9A8_6B0B_4B4B_A979_3E608D6BA055_.PFA23B9A8_6B0B_4B4B_A979_3E608D6BA055_.9
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_005010060]
Key Found : HKLM\SOFTWARE\f57a0513-818b-717c-793e-3a7a5acbda46
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{3ea54411-9f2a-4a18-a93a-84312350f7c1}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{3ea54411-9f2a-4a18-a93a-84312350f7c1}]
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3EA54411-9F2A-4A18-A93A-84312350F7C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02d790d0-a434-4baa-814d-01ab5e443417}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{50ABDBDE-F0DF-49E8-8EC5-607044640D0D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{597a0c5c-312e-4d3d-a390-78fd5b0809c1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97ca89fe-201e-4b24-a703-bc5390411fc5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{c482e92d-9bc4-4f7b-9270-fbc1b40ef7a5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{d431d442-a26b-4027-af62-4371e102155d}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FA23B9A8-6B0B-4B4B-A979-3E608D6BA055}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{318C7F13-3498-459E-BF35-12865E6D005C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{60785AD5-B5CA-4D2D-ABB6-537D4186EE67}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1965763-A486-4E1E-B574-19E44B3842E8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4D1C553-99C0-48E5-B0A7-B1E00163715C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CE081F59-EB60-475A-86B5-F0F28AA5CAF7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EA54411-9F2A-4A18-A93A-84312350F7C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EA54411-9F2A-4A18-A93A-84312350F7C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02d790d0-a434-4baa-814d-01ab5e443417}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50ABDBDE-F0DF-49E8-8EC5-607044640D0D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{597a0c5c-312e-4d3d-a390-78fd5b0809c1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{97ca89fe-201e-4b24-a703-bc5390411fc5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c482e92d-9bc4-4f7b-9270-fbc1b40ef7a5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FA23B9A8-6B0B-4B4B-A979-3E608D6BA055}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{02d790d0-a434-4baa-814d-01ab5e443417}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{50ABDBDE-F0DF-49E8-8EC5-607044640D0D}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{597a0c5c-312e-4d3d-a390-78fd5b0809c1}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{97ca89fe-201e-4b24-a703-bc5390411fc5}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{c482e92d-9bc4-4f7b-9270-fbc1b40ef7a5}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{d431d442-a26b-4027-af62-4371e102155d}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FA23B9A8-6B0B-4B4B-A979-3E608D6BA055}]
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3EA54411-9F2A-4A18-A93A-84312350F7C1}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{02d790d0-a434-4baa-814d-01ab5e443417}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{50ABDBDE-F0DF-49E8-8EC5-607044640D0D}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{597a0c5c-312e-4d3d-a390-78fd5b0809c1}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{97ca89fe-201e-4b24-a703-bc5390411fc5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{c482e92d-9bc4-4f7b-9270-fbc1b40ef7a5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{FA23B9A8-6B0B-4B4B-A979-3E608D6BA055}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Nosibay
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\Store
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\StormWatchApp
Key Found : HKCU\Software\GAMESDESKTOP
Key Found : HKCU\Software\WTools
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\CrossBrowser
Key Found : HKCU\Software\Crossbrowse
Key Found : HKCU\Software\YorkNewCin
Key Found : HKCU\Software\HighDefAction
Key Found : HKCU\Software\ArenaHD
Key Found : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKCU\Software\DAILYPCCLEAN
Key Found : HKCU\Software\CinemaPlus-3.2cV16.08
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\InstallIQ
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\IGS
Key Found : HKLM\SOFTWARE\FlashBeat
Key Found : HKLM\SOFTWARE\Crossbrowse
Key Found : HKLM\SOFTWARE\YorkNewCin
Key Found : HKLM\SOFTWARE\HighDefAction
Key Found : HKLM\SOFTWARE\ArenaHD
Key Found : HKLM\SOFTWARE\CinemaPlus-3.2cV16.08
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B114619-78B7-1CFF-55EF-74266954F883}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV16.08
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Nosibay
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\Store
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\StormWatchApp
Key Found : [x64] HKCU\Software\GAMESDESKTOP
Key Found : [x64] HKCU\Software\WTools
Key Found : [x64] HKCU\Software\Super Optimizer
Key Found : [x64] HKCU\Software\CrossBrowser
Key Found : [x64] HKCU\Software\Crossbrowse
Key Found : [x64] HKCU\Software\YorkNewCin
Key Found : [x64] HKCU\Software\HighDefAction
Key Found : [x64] HKCU\Software\ArenaHD
Key Found : [x64] HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : [x64] HKCU\Software\DAILYPCCLEAN
Key Found : [x64] HKCU\Software\CinemaPlus-3.2cV16.08
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\FlashBeat
Key Found : [x64] HKLM\SOFTWARE\WebBar
Key Found : [x64] HKLM\SOFTWARE\YorkNewCin
Key Found : [x64] HKLM\SOFTWARE\HighDefAction
Key Found : [x64] HKLM\SOFTWARE\ArenaHD
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M931A0CE8-D843-406B-82D4-3C1BC37278A2&SearchSource=55&CUI=&UM=8&UP=SPEFC6976C-3FC0-424C-8CB7-5F49501E4109&D=081415&SSPV=SP301081TB_sp_ie
Data Found : HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M931A0CE8-D843-406B-82D4-3C1BC37278A2&SearchSource=55&CUI=&UM=8&UP=SPEFC6976C-3FC0-424C-8CB7-5F49501E4109&D=081415&SSPV=SP301081TB_sp_ie
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\programdata\flashbeat\flashbeat32.dll

***** [ Web browsers ] *****

[C:\Users\Alana\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Alana\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.search
[C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Found : ",
         "id" : "7",
         "instant_url" : "",
         "keyword" : "trovi.search",
         "new_tab_url" : "hxxps://www.trovi.com/?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=8&UP=SPFB6F70C1-B281-4AAD-9A22-557CF657A6BA&SAT=CNTS&D=081315
[C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=M4380354F-26A1-45FE-A476-EE46CAB4890D&SearchSource=58&CUI=&UM=8&UP=SPFB6F70C1-B281-4AAD-9A22-557CF657A6BA&D=081315&q={searchTerms}&SSPV=
[C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www.trovi.com/?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=M4380354F-26A1-45FE-A476-EE46CAB4890D&SearchSource=55&CUI=&UM=8&UP=SPFB6F70C1-B281-4AAD-9A22-557CF657A6BA&D=081315&SSPV=
[C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.trovi.com/?gd=&ctid=CT3335139&octid=EB_ORIGINAL_CTID&ISID=M4380354F-26A1-45FE-A476-EE46CAB4890D&SearchSource=55&CUI=&UM=8&UP=SPFB6F70C1-B281-4AAD-9A22-557CF657A6BA&D=081315&SSPV=
[C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

*************************

C:\AdwCleaner[S1].txt - [26845 octets] - [16/08/2015 14:31:50]

########## EOF - C:\AdwCleaner[S1].txt - [26909 octets] ##########



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:36 PM

Posted 16 August 2015 - 03:07 PM

Hi cpotter,
 
Double click on AdwCleaner.exe to run the tool again.

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner clean log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 16 August 2015 - 03:46 PM

Tried cleaning.  ADW showed as "finished", but program hung.  I had to manually reboot.  Didn't get log file at restart.  So, ran ADW again.  Worked correctly with the below log file created at startup.  Because of the confusion, I ran an ADW scan again (after 2nd cleaning).  I have attached this scan log, should you need it.

 

 

 

# AdwCleaner v5.000 - Logfile created 16/08/2015 at 15:37:07
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Chad - KIDS-DESKTOP
# Running from : C:\Users\Chad\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[-] Service Deleted : bsdriver
[-] Service Deleted : consumerinput_update
[-] Service Deleted : consumerinput_updatem
[-] Service Deleted : globalUpdate
[-] Service Deleted : globalUpdatem

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\SpaceSoundPro
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\Consumer Input
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro
[-] Folder Deleted : C:\Program Files (x86)\CinemaPlus-3.2cV16.08
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro_v89.1486
[-] Folder Deleted : C:\Users\Chad\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Chad\AppData\Local\Consumer Input
[-] Folder Deleted : C:\Users\Chad\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Chad\Desktop\SpaceSoundPro.lnk
[-] File Deleted : C:\Windows\Sysnative\drivers\bsdriver.sys
[-] File Deleted : C:\Windows\Sysnative\drivers\cherimoya.sys

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : ConsumerInputUpdateTaskMachineCore
[-] Task Deleted : ConsumerInputUpdateTaskMachineUA
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA
[-] Task Deleted : 753e7b31-8664-4662-a958-e1e075582739-1-6
[-] Task Deleted : 753e7b31-8664-4662-a958-e1e075582739-1-7
[-] Task Deleted : 753e7b31-8664-4662-a958-e1e075582739-10_user
[-] Task Deleted : 753e7b31-8664-4662-a958-e1e075582739-5
[-] Task Deleted : 753e7b31-8664-4662-a958-e1e075582739-5_user
[-] Task Deleted : 753e7b31-8664-4662-a958-e1e075582739-1-6
[-] Task Deleted : 753e7b31-8664-4662-a958-e1e075582739-1-7
[-] Task Deleted : 753e7b31-8664-4662-a958-e1e075582739-10_user
[-] Task Deleted : 753e7b31-8664-4662-a958-e1e075582739-5
[-] Task Deleted : 753e7b31-8664-4662-a958-e1e075582739-5_user
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
[-] Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
[-] Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [ConsumerInput@Compete]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\Compete
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\CrossBrowser
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\CinemaPlus-3.2cV16.08
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\SpaceSondPro
[-] Key Deleted : HKLM\SOFTWARE\CinemaPlus-3.2cV16.08
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV16.08
[!] Key Not Deleted : [x64] HKCU\Software\Compete
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\CrossBrowser
[!] Key Not Deleted : [x64] HKCU\Software\Crossbrowse
[!] Key Not Deleted : [x64] HKCU\Software\YorkNewCin
[!] Key Not Deleted : [x64] HKCU\Software\HighDefAction
[!] Key Not Deleted : [x64] HKCU\Software\ArenaHD
[!] Key Not Deleted : [x64] HKCU\Software\CinemaPlus-3.2cV16.08
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : [x64] HKLM\SOFTWARE\SpaceSoundPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpaceSoundPro
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Web browsers ] *****

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [28973 octets] - [16/08/2015 15:25:49]
C:\AdwCleaner[C2].txt - [12086 octets] - [16/08/2015 15:37:07]
C:\AdwCleaner[S1].txt - [27175 octets] - [16/08/2015 14:31:50]
C:\AdwCleaner[S2].txt - [11344 octets] - [16/08/2015 15:35:48]

########## EOF - C:\AdwCleaner[C2].txt - [12278 octets] ##########

 

 

Attached Files



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:36 PM

Posted 17 August 2015 - 04:55 AM

Hi cpotter,

 

Please run the clean option again on AdwCleaner and then post the log. Looks like some entries are still hanging around.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 17 August 2015 - 04:58 PM

Steps I took:

 

1) After running most recent scan yesterday, I left AdwCleaner open.  Under services, only "bsdriver" was showing.  As you said, I re-ran cleaner.  Worked correctly.

2) Computer restarted with log posted below in-line.

3) Out of curiosity, I ran AdwCleaner scan again.  When I did this, the following services were shown: 1) bsdriver, 2) globalupdate, and 3) globalupdatem

4)  Given above services, I re-ran cleaner again.  Worked correctly.

5)  Computer restarted with log attached to this message. 

6) I reran AdwCleaner scan again.  Again, this showed 1) bsdriver, 2) globalupdate, and 3)globalupdatem services.

 

Chad

 

 

 

 

 

# AdwCleaner v5.000 - Logfile created 17/08/2015 at 16:43:21

# Updated 14/08/2015 by Xplode

# Database : 2015-08-16.2 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Chad - KIDS-DESKTOP

# Running from : C:\Users\Chad\Desktop\AdwCleaner.exe

# Option : Cleaning

***** [ Services ] *****

[-] Service Deleted : bsdriver

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Chad\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}

***** [ Files ] *****

[-] File Deleted : C:\Windows\Sysnative\drivers\bsdriver.sys

[-] File Deleted : C:\Windows\Sysnative\drivers\cherimoya.sys

***** [ Shortcuts ] *****

 

***** [ Scheduled tasks ] *****

[-] Task Deleted : globalUpdateUpdateTaskMachineCore

[-] Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe

[-] Key Deleted : HKCU\Software\CrossBrowser

[-] Key Deleted : HKCU\Software\Crossbrowse

[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider

[-] Key Deleted : HKLM\SOFTWARE\Crossbrowse

[!] Key Not Deleted : [x64] HKCU\Software\CrossBrowser

[!] Key Not Deleted : [x64] HKCU\Software\Crossbrowse

[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Web browsers ] *****

 

*************************

:: Proxy settings cleared

:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [28973 octets] - [16/08/2015 15:25:49]

C:\AdwCleaner[C2].txt - [12428 octets] - [16/08/2015 15:37:07]

C:\AdwCleaner[C3].txt - [4125 octets] - [17/08/2015 16:43:21]

C:\AdwCleaner[S1].txt - [27175 octets] - [16/08/2015 14:31:50]

C:\AdwCleaner[S2].txt - [11344 octets] - [16/08/2015 15:35:48]

C:\AdwCleaner[S3].txt - [4067 octets] - [16/08/2015 15:39:57]

########## EOF - C:\AdwCleaner[C3].txt - [4379 octets] ##########

Attached Files



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:36 PM

Posted 18 August 2015 - 03:31 AM

Hi cpotter,
 
Weird, let's see what FRST shows. Could be an AdwCleaner error.
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 18 August 2015 - 07:19 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Chad (administrator) on KIDS-DESKTOP (18-08-2015 07:15:47)
Running from C:\Users\Chad\Desktop
Loaded Profiles: Chad (Available Profiles: Chad & Wendy & Courtney & Ethan & Alana & Austin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\shopperz12082015\LuacRouct.exe
(Cinema PlusV17.08) C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-1-6.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
() C:\Program Files\shopperz12082015\Ideie.exe
() C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631\jnsg30A7.tmp
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cinema PlusV17.08) C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-10.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\shopperz12082015\Uiviuuj.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\shopperz12082015\Tuejet.exe
() C:\Program Files\shopperz12082015\Tuejet64.exe
(BillP Studios) C:\Program Files (x86)\WinPatrol\WinPatrol.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Cinema PlusV18.08) C:\Users\Chad\AppData\Local\Temp\918.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Cinema PlusV18.08) C:\Users\Chad\AppData\Local\Temp\nslA2E4.tmp\Monfnuwkzdyosd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [shopperz12082015] => C:\Program Files\shopperz12082015\Tuejet.exe [433528 2015-08-12] ()
HKLM\...\Run: [shopperz1208201564] => C:\Program Files\shopperz12082015\Tuejet64.exe [464760 2015-08-12] ()
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2899136 2015-08-12] (Valve Corporation)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [GoogleChromeAutoLaunch_86B1671634484E474EC7B4154262F61B] => C:\Program Files (x86)\Fast Browser\Application\chrome.exe [713728 2014-03-22] (Fast Browser)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
AppInit_DLLs-x32: c:\programdata\flashbeat\flashbeat32.dll => "c:\programdata\flashbeat\flashbeat32.dll" File not found
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4219122282.lnk [2015-02-26]
ShortcutTarget: 4219122282.lnk -> C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}\4219122282.exe (No File)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5522860311.lnk [2015-02-26]
ShortcutTarget: 5522860311.lnk -> C:\ProgramData\{2c474cc0-0dd8-f68e-2c47-74cc00dd3300}\5522860311.exe (No File)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-01-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
AlternateShell: lockcmd.exe
GroupPolicyUsers\S-1-5-21-708449748-1331662778-136288417-1007\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-708449748-1331662778-136288417-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150226-120-ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150226-120-ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D030515-AE7FF78344A184E0692F&form=CONBDF&conlogo=CT3331982&q={searchTerms}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.220.220 208.67.222.222
Tcpip\..\Interfaces\{522CC9A3-8913-4390-9A52-FEB63846953C}: [DhcpNameServer] 208.67.220.220 208.67.222.222
Tcpip\..\Interfaces\{BF53D017-3393-49A5-8C1B-3A559540193F}: [DhcpNameServer] 208.67.220.220 208.67.222.222
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20150226-120-ie-sm

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-17] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-17] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6660744\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack}
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20150226-120-ff-sm

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-24]
CHR Extension: (Google Docs) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24]
CHR Extension: (Google Drive) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24]
CHR Extension: (YouTube) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-24]
CHR Extension: (Google Search) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-24]
CHR Extension: (edacconmaakjimmfgnblocblbcdcpbko) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-08-17]
CHR Extension: (Google Sheets) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
R2 ElejooLyunp; C:\Program Files\shopperz12082015\LuacRouct.exe [171848 2015-08-12] ()
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-17] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-17] (globalUpdate) [File not signed] <==== ATTENTION
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 shopperz12082015 Updater; C:\Program Files\shopperz12082015\Ideie.exe [174968 2015-08-12] ()
R2 sibehylo; C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631\jnsg30A7.tmp [193536 2015-03-05] () [File not signed]
R3 Uiviuuj; C:\Program Files\shopperz12082015\Uiviuuj.exe [2043720 2015-08-12] ()
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-08-14] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-24] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 tehetelu; \??\C:\Windows\system32\drivers\tehetelu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 07:16 - 2015-08-18 07:16 - 00006502 _____ C:\Windows\System32\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-7
2015-08-18 07:16 - 2015-08-18 07:16 - 00006164 _____ C:\Windows\System32\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-6
2015-08-18 07:16 - 2015-08-18 07:16 - 00003472 _____ C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-7.job
2015-08-18 07:16 - 2015-08-18 07:16 - 00003136 _____ C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-6.job
2015-08-18 07:15 - 2015-08-18 07:16 - 00022407 _____ C:\Users\Chad\Desktop\FRST.txt
2015-08-18 07:15 - 2015-08-18 07:15 - 00002110 _____ C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-10_user.job
2015-08-18 07:15 - 2015-08-18 07:15 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV18.08
2015-08-17 16:52 - 2015-08-18 07:14 - 00002444 _____ C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-5_user.job
2015-08-17 16:52 - 2015-08-18 07:14 - 00002444 _____ C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-5.job
2015-08-17 16:52 - 2015-08-17 16:52 - 00005474 _____ C:\Windows\System32\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-5
2015-08-17 16:51 - 2015-08-18 07:16 - 00003970 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-08-17 16:51 - 2015-08-18 07:16 - 00003716 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-08-17 16:51 - 2015-08-18 07:16 - 00000972 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-08-17 16:51 - 2015-08-18 07:16 - 00000968 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-17 16:51 - 2015-08-18 07:13 - 00003472 _____ C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-7.job
2015-08-17 16:51 - 2015-08-18 07:13 - 00003136 _____ C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-6.job
2015-08-17 16:51 - 2015-08-18 07:13 - 00002110 _____ C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-10_user.job
2015-08-17 16:51 - 2015-08-17 16:52 - 00005031 _____ C:\AdwCleaner[S5].txt
2015-08-17 16:51 - 2015-08-17 16:52 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV17.08
2015-08-17 16:51 - 2015-08-17 16:51 - 00006502 _____ C:\Windows\System32\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-7
2015-08-17 16:51 - 2015-08-17 16:51 - 00006164 _____ C:\Windows\System32\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-6
2015-08-17 16:51 - 2015-08-17 16:51 - 00000000 ____D C:\Users\Chad\AppData\Local\globalUpdate
2015-08-17 16:51 - 2015-08-17 16:51 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-17 16:48 - 2015-08-17 16:48 - 00010417 _____ C:\AdwCleaner[C4].txt
2015-08-17 16:47 - 2015-08-17 16:48 - 00009501 _____ C:\AdwCleaner[S4].txt
2015-08-17 16:43 - 2015-08-17 16:43 - 00004456 _____ C:\AdwCleaner[C3].txt
2015-08-16 15:39 - 2015-08-16 15:41 - 00004067 _____ C:\AdwCleaner[S3].txt
2015-08-16 15:37 - 2015-08-16 15:37 - 00012428 _____ C:\AdwCleaner[C2].txt
2015-08-16 15:35 - 2015-08-16 15:36 - 00011344 _____ C:\AdwCleaner[S2].txt
2015-08-16 15:34 - 2015-08-18 07:16 - 00000358 _____ C:\Windows\Tasks\CIMT_S-1-5-21-708449748-1331662778-136288417-1003.job
2015-08-16 15:34 - 2015-08-16 15:39 - 00000392 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-708449748-1331662778-136288417-1003.job
2015-08-16 15:34 - 2015-08-16 15:34 - 00003394 _____ C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-708449748-1331662778-136288417-1003
2015-08-16 15:34 - 2015-08-16 15:34 - 00003270 _____ C:\Windows\System32\Tasks\CIMT_S-1-5-21-708449748-1331662778-136288417-1003
2015-08-16 15:34 - 2015-08-16 15:34 - 00000000 ____D C:\Program Files (x86)\Setup Support for Consumer Input
2015-08-16 15:25 - 2015-08-16 15:25 - 00028973 _____ C:\AdwCleaner[C1].txt
2015-08-16 14:31 - 2015-08-16 15:25 - 00000000 ____D C:\AdwCleaner
2015-08-16 14:31 - 2015-08-16 14:33 - 00027175 _____ C:\AdwCleaner[S1].txt
2015-08-16 14:30 - 2015-08-16 14:28 - 01563648 _____ C:\Users\Chad\Desktop\AdwCleaner.exe
2015-08-16 12:23 - 2015-08-16 12:23 - 00000000 ____D C:\Users\Chad\AppData\Local\GWX
2015-08-15 12:50 - 2015-08-18 07:15 - 00000000 ____D C:\FRST
2015-08-15 12:50 - 2015-08-16 12:45 - 02173440 _____ (Farbar) C:\Users\Chad\Desktop\FRST64.exe
2015-08-14 10:30 - 2015-08-14 10:30 - 00034712 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2015-08-14 10:27 - 2015-08-18 07:14 - 00004680 _____ C:\Windows\SysWOW64\Uiviuuj.ini
2015-08-14 10:27 - 2015-08-18 07:14 - 00002400 _____ C:\Windows\SysWOW64\UiviuujOff.ini
2015-08-14 10:27 - 2015-08-18 07:14 - 00002400 _____ C:\Windows\system32\UiviuujOff.ini
2015-08-14 10:27 - 2015-08-18 07:13 - 00000328 _____ C:\Windows\Tasks\UFGIMDA1.job
2015-08-14 10:27 - 2015-08-14 10:30 - 00000000 ____D C:\Program Files\shopperz12082015
2015-08-14 10:27 - 2015-08-14 10:27 - 00003642 _____ C:\Windows\System32\Tasks\Jarmeee
2015-08-14 10:27 - 2015-08-14 10:27 - 00002850 _____ C:\Windows\System32\Tasks\UFGIMDA1
2015-08-14 10:27 - 2015-08-14 10:27 - 00000045 _____ C:\user.js
2015-08-14 10:27 - 2015-08-14 10:27 - 00000000 ____D C:\Windows\system32\qij
2015-08-14 10:27 - 2015-08-12 03:45 - 00353608 _____ C:\Windows\system32\Uiviuuj64.dll
2015-08-14 10:27 - 2015-08-12 03:45 - 00283464 _____ C:\Windows\SysWOW64\Uiviuuj.dll
2015-08-14 10:27 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-08-14 10:26 - 2015-08-17 16:46 - 00000000 ____D C:\ProgramData\Service1291
2015-08-14 10:26 - 2015-08-14 10:26 - 00004298 _____ C:\Windows\System32\Tasks\674FFA33-52FC-436A-AF66-F9E720F2237E
2015-08-14 10:26 - 2015-08-14 10:26 - 00000000 ____D C:\Users\Chad\AppData\Local\674FFA33-52FC-436A-AF66-F9E720F2237E
2015-08-14 10:26 - 2015-08-14 10:26 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-14 10:09 - 2015-08-18 07:15 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-14 10:08 - 2015-08-14 10:10 - 00001682 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-08-14 10:04 - 2015-08-14 10:04 - 00000000 ____D C:\Users\Chad\Documents\Alice3
2015-08-12 20:03 - 2015-08-12 20:03 - 00000024 _____ C:\Users\Alana\AppData\Roaming\appdataFr25.bin
2015-08-12 20:03 - 2015-08-12 20:03 - 00000000 ____D C:\Users\Alana\AppData\Local\Google
2015-08-12 04:55 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:55 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 21:03 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 21:03 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 21:03 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 21:03 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 21:03 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 21:03 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 21:03 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 21:03 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 21:03 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 21:03 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 21:03 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 21:03 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 21:03 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 21:03 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 21:03 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 21:03 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 21:03 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 21:03 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 21:03 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 21:03 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 21:03 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 21:03 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 21:03 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 21:03 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 21:03 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 21:03 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 21:02 - 2015-07-30 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 21:02 - 2015-07-30 11:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 21:02 - 2015-07-30 11:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 21:02 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 21:02 - 2015-07-20 19:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 21:02 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 21:02 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-11 21:02 - 2015-07-16 15:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-11 21:02 - 2015-07-16 15:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 21:02 - 2015-07-16 15:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 21:02 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 21:02 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 21:02 - 2015-07-16 15:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 21:02 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 21:02 - 2015-07-16 15:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 21:02 - 2015-07-16 15:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 21:02 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 21:02 - 2015-07-16 15:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 21:02 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 21:02 - 2015-07-16 15:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 21:02 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-11 21:02 - 2015-07-16 15:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 21:02 - 2015-07-16 15:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 21:02 - 2015-07-16 15:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-11 21:02 - 2015-07-16 15:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 21:02 - 2015-07-16 14:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 21:02 - 2015-07-16 14:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 21:02 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 21:02 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 21:02 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 21:02 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 21:02 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 21:02 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 21:02 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 21:02 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 21:02 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 21:02 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 21:02 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 21:02 - 2015-07-16 14:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 21:02 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 21:02 - 2015-07-16 14:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 21:02 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 21:02 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 21:02 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 21:02 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 21:02 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 21:02 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 21:02 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 21:02 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 21:02 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 21:02 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 21:02 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 21:02 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 21:02 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 21:02 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 21:02 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 21:02 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 21:02 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 21:02 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 21:02 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 21:02 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 21:02 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 21:02 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 21:02 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 21:02 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 21:02 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 21:02 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 21:02 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 21:02 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 21:02 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 21:02 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 21:01 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 21:01 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 21:01 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 21:01 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 21:01 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 21:01 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-03 10:36 - 2015-08-03 10:36 - 00000024 _____ C:\Users\Courtney\AppData\Roaming\appdataFr25.bin
2015-08-03 10:32 - 2015-08-03 10:32 - 00000020 _____ C:\Users\Courtney\AppData\Roaming\appdataFr2.bin
2015-08-03 10:32 - 2015-08-03 10:32 - 00000000 ____D C:\Users\Courtney\AppData\Local\Google
2015-07-24 12:58 - 2015-07-24 12:58 - 00000020 _____ C:\Users\Chad\AppData\Roaming\appdataFr2.bin
2015-07-24 12:57 - 2015-08-14 10:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-23 03:20 - 2015-07-23 03:20 - 00000000 ____D C:\Users\Chad\AppData\Local\CEF
2015-07-22 13:43 - 2015-07-22 13:43 - 00000000 ____D C:\Users\Courtney\AppData\Local\CEF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 07:15 - 2014-06-24 09:28 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-18 07:15 - 2013-01-31 19:54 - 00000000 ___RD C:\Dropbox
2015-08-18 07:15 - 2013-01-31 17:17 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Dropbox
2015-08-18 07:14 - 2013-01-24 00:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-08-18 07:14 - 2013-01-24 00:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-08-18 07:14 - 2013-01-24 00:44 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-08-18 07:13 - 2014-08-21 13:04 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA.job
2015-08-18 07:13 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 07:13 - 2009-07-13 23:51 - 00040951 _____ C:\Windows\setupact.log
2015-08-18 07:12 - 2013-01-24 00:27 - 01827139 _____ C:\Windows\WindowsUpdate.log
2015-08-18 07:11 - 2013-04-09 14:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-18 07:07 - 2014-08-21 13:04 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core.job
2015-08-17 16:58 - 2009-07-13 23:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-17 16:58 - 2009-07-13 23:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-16 15:32 - 2010-11-20 22:47 - 00175398 _____ C:\Windows\PFRO.log
2015-08-16 13:00 - 2015-02-24 18:49 - 00000450 ____H C:\Windows\Tasks\Norton Security Scan for Courtney.job
2015-08-16 09:45 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-16 09:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-15 17:59 - 2015-02-24 18:49 - 00000000 ____D C:\ProgramData\Yahoo!
2015-08-15 16:29 - 2015-02-26 13:47 - 00000000 ____D C:\Program Files (x86)\Simple
2015-08-15 16:25 - 2014-04-03 17:29 - 00000000 ____D C:\Program Files (x86)\BigBrainz
2015-08-15 12:52 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-14 10:34 - 2013-01-31 13:37 - 00001998 _____ C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 10:27 - 2012-02-27 10:19 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-14 10:27 - 2012-02-27 10:19 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-14 10:17 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-14 10:06 - 2014-11-18 14:29 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieBrowserModeList
2015-08-14 10:06 - 2014-09-17 19:31 - 00000000 ____D C:\Users\Chad\Ubiquiti UniFi
2015-08-14 10:06 - 2014-06-12 21:27 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieUserList
2015-08-14 10:06 - 2014-06-12 21:27 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieSiteList
2015-08-14 10:04 - 2013-01-31 13:36 - 00000000 ____D C:\Users\Chad\AppData\Local\VirtualStore
2015-08-14 10:03 - 2015-03-05 13:50 - 00000000 ____D C:\Users\Chad\Documents\ProPCCleaner
2015-08-13 11:11 - 2014-09-01 20:55 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{476E3A41-C099-4B2C-AE55-57CB34F65FC2}
2015-08-12 20:04 - 2013-03-08 10:45 - 00002169 _____ C:\Users\Alana\Desktop\50 Nifty United States.lnk
2015-08-12 10:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 05:15 - 2009-07-13 23:45 - 00307464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 05:12 - 2014-12-12 04:27 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 05:12 - 2014-05-06 08:26 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 04:56 - 2013-01-31 17:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 04:55 - 2013-03-14 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 04:54 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 04:54 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:13 - 2013-08-15 03:06 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:01 - 2013-01-31 14:33 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 20:57 - 2013-09-17 10:28 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1BCF057A-8DDD-4EFA-AA0C-47AD30C18362}
2015-08-11 20:39 - 2013-04-09 14:54 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 20:39 - 2013-04-09 14:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 20:39 - 2013-04-09 14:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 20:38 - 2015-04-14 14:11 - 08710344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-03 10:33 - 2015-02-26 13:54 - 00000000 ____D C:\ProgramData\10973181966752926390
2015-08-03 10:32 - 2013-02-15 10:37 - 00002216 _____ C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-12-11 10:24 - 00002126 _____ C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-03-08 10:53 - 00002126 _____ C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-01-31 19:58 - 00002126 _____ C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-23 08:42 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-20 19:35 - 2014-08-21 13:05 - 00002376 _____ C:\Users\Wendy\Desktop\Google Chrome.lnk
2015-07-20 19:08 - 2014-08-21 13:04 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA
2015-07-20 19:08 - 2014-08-21 13:04 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core

==================== Files in the root of some directories =======

2015-07-24 12:58 - 2015-07-24 12:58 - 0000020 _____ () C:\Users\Chad\AppData\Roaming\appdataFr2.bin
2014-03-01 18:16 - 2014-03-01 18:16 - 0002763 _____ () C:\ProgramData\connector.swf
2013-12-04 12:11 - 2013-12-04 12:11 - 0000097 _____ () C:\ProgramData\SAH_Install.ini

Some files in TEMP:
====================
C:\Users\Alana\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Austin\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Chad\AppData\Local\Temp\0327283293.exe
C:\Users\Chad\AppData\Local\Temp\0815656566.exe
C:\Users\Chad\AppData\Local\Temp\120.exe
C:\Users\Chad\AppData\Local\Temp\1232.exe
C:\Users\Chad\AppData\Local\Temp\1274569040.exe
C:\Users\Chad\AppData\Local\Temp\1384.exe
C:\Users\Chad\AppData\Local\Temp\204484.exe
C:\Users\Chad\AppData\Local\Temp\2320007614.exe
C:\Users\Chad\AppData\Local\Temp\2453.exe
C:\Users\Chad\AppData\Local\Temp\2924.exe
C:\Users\Chad\AppData\Local\Temp\2934.exe
C:\Users\Chad\AppData\Local\Temp\3042042023.exe
C:\Users\Chad\AppData\Local\Temp\3891870165.exe
C:\Users\Chad\AppData\Local\Temp\4219122282.exe
C:\Users\Chad\AppData\Local\Temp\4786.exe
C:\Users\Chad\AppData\Local\Temp\4825511705.exe
C:\Users\Chad\AppData\Local\Temp\5295.exe
C:\Users\Chad\AppData\Local\Temp\5323.exe
C:\Users\Chad\AppData\Local\Temp\5522860311.exe
C:\Users\Chad\AppData\Local\Temp\586.exe
C:\Users\Chad\AppData\Local\Temp\5968294880.exe
C:\Users\Chad\AppData\Local\Temp\6246328847.exe
C:\Users\Chad\AppData\Local\Temp\6325631993.exe
C:\Users\Chad\AppData\Local\Temp\714.exe
C:\Users\Chad\AppData\Local\Temp\724.exe
C:\Users\Chad\AppData\Local\Temp\7780274947.exe
C:\Users\Chad\AppData\Local\Temp\7921266084.exe
C:\Users\Chad\AppData\Local\Temp\918.exe
C:\Users\Chad\AppData\Local\Temp\9213.exe
C:\Users\Chad\AppData\Local\Temp\946.exe
C:\Users\Chad\AppData\Local\Temp\9773639952.exe
C:\Users\Chad\AppData\Local\Temp\9944.exe
C:\Users\Chad\AppData\Local\Temp\CitrixReceiver.exe
C:\Users\Chad\AppData\Local\Temp\clrvu.exe
C:\Users\Chad\AppData\Local\Temp\compete.exe
C:\Users\Chad\AppData\Local\Temp\conduitsetup.exe
C:\Users\Chad\AppData\Local\Temp\cw.exe
C:\Users\Chad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprmcinh.dll
C:\Users\Chad\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Chad\AppData\Local\Temp\fsd4192.exe
C:\Users\Chad\AppData\Local\Temp\Gre556B.exe
C:\Users\Chad\AppData\Local\Temp\GreD168.exe
C:\Users\Chad\AppData\Local\Temp\jue640F.exe
C:\Users\Chad\AppData\Local\Temp\mVOE2C0.exe
C:\Users\Chad\AppData\Local\Temp\ntwdblib.dll
C:\Users\Chad\AppData\Local\Temp\oprun17518.exe
C:\Users\Chad\AppData\Local\Temp\oprun21448.exe
C:\Users\Chad\AppData\Local\Temp\optprosetup.exe
C:\Users\Chad\AppData\Local\Temp\pfsetup.exe
C:\Users\Chad\AppData\Local\Temp\Pgs3582.exe
C:\Users\Chad\AppData\Local\Temp\Pgs794.exe
C:\Users\Chad\AppData\Local\Temp\Pgs859F.exe
C:\Users\Chad\AppData\Local\Temp\setacl.exe
C:\Users\Chad\AppData\Local\Temp\SpOrder.dll
C:\Users\Chad\AppData\Local\Temp\supoptsetup.exe
C:\Users\Chad\AppData\Local\Temp\Tem600A.exe
C:\Users\Chad\AppData\Local\Temp\TUp1EDD.exe
C:\Users\Chad\AppData\Local\Temp\Uninstall.exe
C:\Users\Chad\AppData\Local\Temp\UUC4C0B.exe
C:\Users\Chad\AppData\Local\Temp\UUCC61C.exe
C:\Users\Chad\AppData\Local\Temp\UUCF17F.exe
C:\Users\Chad\AppData\Local\Temp\wcdsetup.exe
C:\Users\Courtney\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Ethan\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Ethan\AppData\Local\Temp\Setup.exe
C:\Users\Ethan\AppData\Local\Temp\sysad.exe
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite19861.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite22545.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite23709.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite32676.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite46333.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite49519.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite50603.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite50639.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite51526.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite55350.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite55760.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite63081.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite68772.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite70136.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite78818.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite81072.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite84711.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite89341.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite90664.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite91926.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite95450.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite97662.dll
C:\Users\Ethan\AppData\Local\Temp\System.Data.SQLite97894.dll
C:\Users\Wendy\AppData\Local\Temp\Foxit Updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2012-02-27 10:19] - [2015-08-14 10:27] - 0357888 ____A (Microsoft Corporation) 9BC89E73F8693699116729697CE4F8F9

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-12 10:21

==================== End of log ============================



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:36 PM

Posted 18 August 2015 - 01:05 PM

Hi cpotter,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
CloseProcesses:
HKLM\...\Run: [shopperz12082015] => C:\Program Files\shopperz12082015\Tuejet.exe [433528 2015-08-12] ()
HKLM\...\Run: [shopperz1208201564] => C:\Program Files\shopperz12082015\Tuejet64.exe [464760 2015-08-12] ()
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
C:\Program Files\shopperz12082015
C:\Program Files\SpaceSoundPro
c:\programdata\flashbeat
C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}
C:\Program Files (x86)\globalUpdate
C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631
C:\Windows\system32\drivers\tehetelu.sys
AppInit_DLLs-x32: c:\programdata\flashbeat\flashbeat32.dll => "c:\programdata\flashbeat\flashbeat32.dll" File not found
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4219122282.lnk [2015-02-26]
ShortcutTarget: 4219122282.lnk -> C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}\4219122282.exe (No File)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5522860311.lnk [2015-02-26]
ShortcutTarget: 5522860311.lnk -> C:\ProgramData\{2c474cc0-0dd8-f68e-2c47-74cc00dd3300}\5522860311.exe (No File)
AlternateShell: lockcmd.exe
GroupPolicyUsers\S-1-5-21-708449748-1331662778-136288417-1007\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150226-120-ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150226-120-ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}21-708449748-1331662778-136288417-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20150226-120-ie-sm
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6660744\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack}
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20150226-120-ff-sm
R2 ElejooLyunp; C:\Program Files\shopperz12082015\LuacRouct.exe [171848 2015-08-12] ()
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-17] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-17] (globalUpdate) [File not signed] <==== ATTENTION
R2 shopperz12082015 Updater; C:\Program Files\shopperz12082015\Ideie.exe [174968 2015-08-12] ()
R2 sibehylo; C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631\jnsg30A7.tmp [193536 2015-03-05] () [File not signed]
R3 Uiviuuj; C:\Program Files\shopperz12082015\Uiviuuj.exe [2043720 2015-08-12] ()
S1 tehetelu; \??\C:\Windows\system32\drivers\tehetelu.sys [X]
EmptyTemp:
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Please re-run FRST from the desktop (like you did before), put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • New FRST.txt
  • New Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 18 August 2015 - 09:05 PM

No problems with steps.  Logs you requested:

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Chad (2015-08-18 20:53:15) Run:1
Running from C:\Users\Chad\Desktop
Loaded Profiles: Chad (Available Profiles: Chad & Wendy & Courtney & Ethan & Alana & Austin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKLM\...\Run: [shopperz12082015] => C:\Program Files\shopperz12082015\Tuejet.exe [433528 2015-08-12] ()
HKLM\...\Run: [shopperz1208201564] => C:\Program Files\shopperz12082015\Tuejet64.exe [464760 2015-08-12] ()
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
C:\Program Files\shopperz12082015
C:\Program Files\SpaceSoundPro
c:\programdata\flashbeat
C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}
C:\Program Files (x86)\globalUpdate
C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631
C:\Windows\system32\drivers\tehetelu.sys
AppInit_DLLs-x32: c:\programdata\flashbeat\flashbeat32.dll => "c:\programdata\flashbeat\flashbeat32.dll" File not found
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4219122282.lnk [2015-02-26]
ShortcutTarget: 4219122282.lnk -> C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}\4219122282.exe (No File)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5522860311.lnk [2015-02-26]
ShortcutTarget: 5522860311.lnk -> C:\ProgramData\{2c474cc0-0dd8-f68e-2c47-74cc00dd3300}\5522860311.exe (No File)
AlternateShell: lockcmd.exe
GroupPolicyUsers\S-1-5-21-708449748-1331662778-136288417-1007\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150226-120-ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.safesear.ch/?type=20150226-120-ie
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}21-708449748-1331662778-136288417-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20150226-120-ie-sm
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 6660744\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack}
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20150226-120-ff-sm
R2 ElejooLyunp; C:\Program Files\shopperz12082015\LuacRouct.exe [171848 2015-08-12] ()
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-17] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-17] (globalUpdate) [File not signed] <==== ATTENTION
R2 shopperz12082015 Updater; C:\Program Files\shopperz12082015\Ideie.exe [174968 2015-08-12] ()
R2 sibehylo; C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631\jnsg30A7.tmp [193536 2015-03-05] () [File not signed]
R3 Uiviuuj; C:\Program Files\shopperz12082015\Uiviuuj.exe [2043720 2015-08-12] ()
S1 tehetelu; \??\C:\Windows\system32\drivers\tehetelu.sys [X]
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\shopperz12082015 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\shopperz1208201564 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpaceSoundPro => value removed successfully
C:\Program Files\shopperz12082015 => moved successfully.
"C:\Program Files\SpaceSoundPro" => File/Folder not found.
"c:\programdata\flashbeat" => File/Folder not found.
"C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}" => File/Folder not found.
C:\Program Files (x86)\globalUpdate => moved successfully.
C:\Users\Chad\AppData\Roaming\4C4C4544-1425559828-5610-8036-C8C04F365631 => moved successfully.
"C:\Windows\system32\drivers\tehetelu.sys" => File/Folder not found.
"c:\programdata\flashbeat\flashbeat32.dll" => Value data removed successfully.
C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4219122282.lnk => moved successfully.
C:\ProgramData\{a6dd972c-2772-bf6a-a6dd-d972c2775cb0}\4219122282.exe not found.
C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5522860311.lnk => moved successfully.
C:\ProgramData\{2c474cc0-0dd8-f68e-2c47-74cc00dd3300}\5522860311.exe not found.
hklm\System\CurrentControlSet\Control\SafeBoot\\AlternateShell => value restored successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-708449748-1331662778-136288417-1007\User => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-HKLM\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{jid1-eFRcA0eiPxecTQ@jetpack} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{jid1-vS7biDmom8YxhA@jetpack} => value removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => value restored successfully
ElejooLyunp => service removed successfully
globalUpdate => service removed successfully
globalUpdatem => service removed successfully
shopperz12082015 Updater => service removed successfully
sibehylo => service removed successfully
Uiviuuj => service removed successfully
tehetelu => service removed successfully
EmptyTemp: => 2.3 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 20:55:05 ====

 

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Chad (administrator) on KIDS-DESKTOP (18-08-2015 20:58:53)
Running from C:\Users\Chad\Desktop
Loaded Profiles: Chad (Available Profiles: Chad & Wendy & Courtney & Ethan & Alana & Austin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cinema PlusV18.08) C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-10.exe
(Cinema PlusV17.08) C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-10.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Cinema PlusV18.08) C:\Program Files (x86)\CinemaPlus-3.2cV18.08\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-6.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files (x86)\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
(Cinema PlusV18.08) C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-10.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Cinema PlusV18.08) C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-1-6.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\winpatrol.exe [496192 2014-02-25] (BillP Studios)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2899136 2015-08-12] (Valve Corporation)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [GoogleChromeAutoLaunch_86B1671634484E474EC7B4154262F61B] => C:\Program Files (x86)\Fast Browser\Application\chrome.exe [713728 2014-03-22] (Fast Browser)
HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-01-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-708449748-1331662778-136288417-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
HKU\S-1-5-21-708449748-1331662778-136288417-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.safesear.ch/web/?type=20150226-120-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-708449748-1331662778-136288417-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D030515-AE7FF78344A184E0692F&form=CONBDF&conlogo=CT3331982&q={searchTerms}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.220.220 208.67.222.222
Tcpip\..\Interfaces\{522CC9A3-8913-4390-9A52-FEB63846953C}: [DhcpNameServer] 208.67.220.220 208.67.222.222
Tcpip\..\Interfaces\{BF53D017-3393-49A5-8C1B-3A559540193F}: [DhcpNameServer] 208.67.220.220 208.67.222.222

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-18] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-18] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-24]
CHR Extension: (Google Docs) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24]
CHR Extension: (Google Drive) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24]
CHR Extension: (YouTube) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-24]
CHR Extension: (Google Search) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-24]
CHR Extension: (edacconmaakjimmfgnblocblbcdcpbko) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-08-17]
CHR Extension: (Google Sheets) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-18] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-18] (globalUpdate) [File not signed] <==== ATTENTION
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-08-14] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-24] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 20:58 - 2015-08-18 20:59 - 00019798 _____ C:\Users\Chad\Desktop\FRST.txt
2015-08-18 20:58 - 2015-08-18 20:58 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-18 20:50 - 2015-08-18 20:58 - 00006502 _____ C:\Windows\System32\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-1-7
2015-08-18 20:50 - 2015-08-18 20:58 - 00006164 _____ C:\Windows\System32\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-1-6
2015-08-18 20:50 - 2015-08-18 20:58 - 00005474 _____ C:\Windows\System32\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-5
2015-08-18 20:50 - 2015-08-18 20:58 - 00003472 _____ C:\Windows\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-1-7.job
2015-08-18 20:50 - 2015-08-18 20:58 - 00003136 _____ C:\Windows\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-1-6.job
2015-08-18 20:50 - 2015-08-18 20:58 - 00002444 _____ C:\Windows\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-5_user.job
2015-08-18 20:50 - 2015-08-18 20:58 - 00002444 _____ C:\Windows\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-5.job
2015-08-18 20:50 - 2015-08-18 20:58 - 00002110 _____ C:\Windows\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-10_user.job
2015-08-18 07:16 - 2015-08-18 20:56 - 00003472 _____ C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-7.job
2015-08-18 07:16 - 2015-08-18 20:56 - 00003136 _____ C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-6.job
2015-08-18 07:16 - 2015-08-18 20:56 - 00002444 _____ C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-5_user.job
2015-08-18 07:16 - 2015-08-18 20:56 - 00002444 _____ C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-5.job
2015-08-18 07:16 - 2015-08-18 08:06 - 00006502 _____ C:\Windows\System32\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-7
2015-08-18 07:16 - 2015-08-18 08:06 - 00006164 _____ C:\Windows\System32\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-6
2015-08-18 07:16 - 2015-08-18 08:06 - 00005474 _____ C:\Windows\System32\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-5
2015-08-18 07:15 - 2015-08-18 20:56 - 00002110 _____ C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-10_user.job
2015-08-18 07:15 - 2015-08-18 20:50 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV18.08
2015-08-17 16:52 - 2015-08-18 20:56 - 00002444 _____ C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-5_user.job
2015-08-17 16:52 - 2015-08-18 20:56 - 00002444 _____ C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-5.job
2015-08-17 16:52 - 2015-08-17 16:52 - 00005474 _____ C:\Windows\System32\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-5
2015-08-17 16:51 - 2015-08-18 20:58 - 00003970 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-08-17 16:51 - 2015-08-18 20:58 - 00003716 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-08-17 16:51 - 2015-08-18 20:58 - 00000972 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-08-17 16:51 - 2015-08-18 20:58 - 00000968 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-17 16:51 - 2015-08-18 20:56 - 00003472 _____ C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-7.job
2015-08-17 16:51 - 2015-08-18 20:56 - 00003136 _____ C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-6.job
2015-08-17 16:51 - 2015-08-18 20:56 - 00002110 _____ C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-10_user.job
2015-08-17 16:51 - 2015-08-17 16:52 - 00005031 _____ C:\AdwCleaner[S5].txt
2015-08-17 16:51 - 2015-08-17 16:52 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV17.08
2015-08-17 16:51 - 2015-08-17 16:51 - 00006502 _____ C:\Windows\System32\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-7
2015-08-17 16:51 - 2015-08-17 16:51 - 00006164 _____ C:\Windows\System32\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-6
2015-08-17 16:51 - 2015-08-17 16:51 - 00000000 ____D C:\Users\Chad\AppData\Local\globalUpdate
2015-08-17 16:48 - 2015-08-17 16:48 - 00010417 _____ C:\AdwCleaner[C4].txt
2015-08-17 16:47 - 2015-08-17 16:48 - 00009501 _____ C:\AdwCleaner[S4].txt
2015-08-17 16:43 - 2015-08-17 16:43 - 00004456 _____ C:\AdwCleaner[C3].txt
2015-08-16 15:39 - 2015-08-16 15:41 - 00004067 _____ C:\AdwCleaner[S3].txt
2015-08-16 15:37 - 2015-08-16 15:37 - 00012428 _____ C:\AdwCleaner[C2].txt
2015-08-16 15:35 - 2015-08-16 15:36 - 00011344 _____ C:\AdwCleaner[S2].txt
2015-08-16 15:34 - 2015-08-18 21:00 - 00000358 _____ C:\Windows\Tasks\CIMT_S-1-5-21-708449748-1331662778-136288417-1003.job
2015-08-16 15:34 - 2015-08-16 15:39 - 00000392 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-708449748-1331662778-136288417-1003.job
2015-08-16 15:34 - 2015-08-16 15:34 - 00003394 _____ C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-708449748-1331662778-136288417-1003
2015-08-16 15:34 - 2015-08-16 15:34 - 00003270 _____ C:\Windows\System32\Tasks\CIMT_S-1-5-21-708449748-1331662778-136288417-1003
2015-08-16 15:34 - 2015-08-16 15:34 - 00000000 ____D C:\Program Files (x86)\Setup Support for Consumer Input
2015-08-16 15:25 - 2015-08-16 15:25 - 00028973 _____ C:\AdwCleaner[C1].txt
2015-08-16 14:31 - 2015-08-16 15:25 - 00000000 ____D C:\AdwCleaner
2015-08-16 14:31 - 2015-08-16 14:33 - 00027175 _____ C:\AdwCleaner[S1].txt
2015-08-16 14:30 - 2015-08-16 14:28 - 01563648 _____ C:\Users\Chad\Desktop\AdwCleaner.exe
2015-08-16 12:23 - 2015-08-16 12:23 - 00000000 ____D C:\Users\Chad\AppData\Local\GWX
2015-08-15 12:50 - 2015-08-18 20:58 - 00000000 ____D C:\FRST
2015-08-15 12:50 - 2015-08-16 12:45 - 02173440 _____ (Farbar) C:\Users\Chad\Desktop\FRST64.exe
2015-08-14 10:30 - 2015-08-14 10:30 - 00034712 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2015-08-14 10:27 - 2015-08-18 20:56 - 00000328 _____ C:\Windows\Tasks\UFGIMDA1.job
2015-08-14 10:27 - 2015-08-18 07:14 - 00004680 _____ C:\Windows\SysWOW64\Uiviuuj.ini
2015-08-14 10:27 - 2015-08-18 07:14 - 00002400 _____ C:\Windows\SysWOW64\UiviuujOff.ini
2015-08-14 10:27 - 2015-08-18 07:14 - 00002400 _____ C:\Windows\system32\UiviuujOff.ini
2015-08-14 10:27 - 2015-08-14 10:27 - 00003642 _____ C:\Windows\System32\Tasks\Jarmeee
2015-08-14 10:27 - 2015-08-14 10:27 - 00002850 _____ C:\Windows\System32\Tasks\UFGIMDA1
2015-08-14 10:27 - 2015-08-14 10:27 - 00000045 _____ C:\user.js
2015-08-14 10:27 - 2015-08-14 10:27 - 00000000 ____D C:\Windows\system32\qij
2015-08-14 10:27 - 2015-08-12 03:45 - 00353608 _____ C:\Windows\system32\Uiviuuj64.dll
2015-08-14 10:27 - 2015-08-12 03:45 - 00283464 _____ C:\Windows\SysWOW64\Uiviuuj.dll
2015-08-14 10:27 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-08-14 10:26 - 2015-08-17 16:46 - 00000000 ____D C:\ProgramData\Service1291
2015-08-14 10:26 - 2015-08-14 10:26 - 00004298 _____ C:\Windows\System32\Tasks\674FFA33-52FC-436A-AF66-F9E720F2237E
2015-08-14 10:26 - 2015-08-14 10:26 - 00000000 ____D C:\Users\Chad\AppData\Local\674FFA33-52FC-436A-AF66-F9E720F2237E
2015-08-14 10:26 - 2015-08-14 10:26 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-14 10:09 - 2015-08-18 20:58 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-14 10:08 - 2015-08-14 10:10 - 00001682 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-08-14 10:04 - 2015-08-14 10:04 - 00000000 ____D C:\Users\Chad\Documents\Alice3
2015-08-12 20:03 - 2015-08-12 20:03 - 00000024 _____ C:\Users\Alana\AppData\Roaming\appdataFr25.bin
2015-08-12 20:03 - 2015-08-12 20:03 - 00000000 ____D C:\Users\Alana\AppData\Local\Google
2015-08-12 04:55 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:55 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 21:03 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 21:03 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 21:03 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 21:03 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 21:03 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 21:03 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 21:03 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 21:03 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 21:03 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 21:03 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 21:03 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 21:03 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 21:03 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 21:03 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 21:03 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 21:03 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 21:03 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 21:03 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 21:03 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 21:03 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 21:03 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 21:03 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 21:03 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 21:03 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 21:03 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 21:03 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 21:03 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 21:03 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 21:03 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 21:03 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 21:03 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 21:03 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 21:03 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 21:03 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 21:03 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 21:02 - 2015-07-30 13:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 21:02 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 21:02 - 2015-07-30 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 21:02 - 2015-07-30 11:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 21:02 - 2015-07-30 11:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 21:02 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 21:02 - 2015-07-20 19:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 21:02 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 21:02 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-11 21:02 - 2015-07-16 15:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-11 21:02 - 2015-07-16 15:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 21:02 - 2015-07-16 15:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 21:02 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 21:02 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 21:02 - 2015-07-16 15:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 21:02 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 21:02 - 2015-07-16 15:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 21:02 - 2015-07-16 15:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 21:02 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 21:02 - 2015-07-16 15:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 21:02 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 21:02 - 2015-07-16 15:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 21:02 - 2015-07-16 15:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 21:02 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-11 21:02 - 2015-07-16 15:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 21:02 - 2015-07-16 15:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 21:02 - 2015-07-16 15:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-11 21:02 - 2015-07-16 15:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 21:02 - 2015-07-16 14:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 21:02 - 2015-07-16 14:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 21:02 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 21:02 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 21:02 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 21:02 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 21:02 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 21:02 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 21:02 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 21:02 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 21:02 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 21:02 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 21:02 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 21:02 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 21:02 - 2015-07-16 14:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 21:02 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 21:02 - 2015-07-16 14:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 21:02 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 21:02 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 21:02 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 21:02 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 21:02 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 21:02 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 21:02 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 21:02 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 21:02 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 21:02 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 21:02 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 21:02 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 21:02 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 21:02 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 21:02 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 21:02 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 21:02 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 21:02 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 21:02 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 21:02 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 21:02 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 21:02 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 21:02 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 21:02 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 21:02 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 21:02 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 21:02 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 21:02 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 21:02 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 21:02 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 21:02 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 21:01 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 21:01 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 21:01 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 21:01 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 21:01 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 21:01 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 21:01 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 21:01 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-03 10:36 - 2015-08-03 10:36 - 00000024 _____ C:\Users\Courtney\AppData\Roaming\appdataFr25.bin
2015-08-03 10:32 - 2015-08-03 10:32 - 00000020 _____ C:\Users\Courtney\AppData\Roaming\appdataFr2.bin
2015-08-03 10:32 - 2015-08-03 10:32 - 00000000 ____D C:\Users\Courtney\AppData\Local\Google
2015-07-24 12:58 - 2015-07-24 12:58 - 00000020 _____ C:\Users\Chad\AppData\Roaming\appdataFr2.bin
2015-07-24 12:57 - 2015-08-14 10:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-23 03:20 - 2015-07-23 03:20 - 00000000 ____D C:\Users\Chad\AppData\Local\CEF
2015-07-22 13:43 - 2015-07-22 13:43 - 00000000 ____D C:\Users\Courtney\AppData\Local\CEF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 20:59 - 2013-01-24 00:27 - 02054479 _____ C:\Windows\WindowsUpdate.log
2015-08-18 20:57 - 2014-06-24 09:28 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-18 20:57 - 2013-01-31 19:54 - 00000000 ___RD C:\Dropbox
2015-08-18 20:56 - 2013-10-07 16:32 - 00000008 __RSH C:\Users\Chad\ntuser.pol
2015-08-18 20:56 - 2013-01-31 17:17 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Dropbox
2015-08-18 20:56 - 2013-01-31 13:36 - 00000000 ____D C:\Users\Chad
2015-08-18 20:56 - 2013-01-24 00:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-08-18 20:56 - 2013-01-24 00:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-08-18 20:56 - 2013-01-24 00:44 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-08-18 20:56 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 20:56 - 2009-07-13 23:51 - 00041007 _____ C:\Windows\setupact.log
2015-08-18 20:55 - 2010-11-20 22:47 - 00186114 _____ C:\Windows\PFRO.log
2015-08-18 20:55 - 2009-07-13 23:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 20:55 - 2009-07-13 23:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 20:53 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-18 20:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-08-18 20:49 - 2014-08-21 13:04 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA.job
2015-08-18 20:49 - 2013-04-09 14:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-18 07:07 - 2014-08-21 13:04 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core.job
2015-08-16 13:00 - 2015-02-24 18:49 - 00000450 ____H C:\Windows\Tasks\Norton Security Scan for Courtney.job
2015-08-16 09:45 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-16 09:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-15 17:59 - 2015-02-24 18:49 - 00000000 ____D C:\ProgramData\Yahoo!
2015-08-15 16:29 - 2015-02-26 13:47 - 00000000 ____D C:\Program Files (x86)\Simple
2015-08-15 16:25 - 2014-04-03 17:29 - 00000000 ____D C:\Program Files (x86)\BigBrainz
2015-08-15 12:52 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-14 10:34 - 2013-01-31 13:37 - 00001998 _____ C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 10:27 - 2012-02-27 10:19 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-14 10:27 - 2012-02-27 10:19 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-14 10:17 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-14 10:06 - 2014-11-18 14:29 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieBrowserModeList
2015-08-14 10:06 - 2014-09-17 19:31 - 00000000 ____D C:\Users\Chad\Ubiquiti UniFi
2015-08-14 10:06 - 2014-06-12 21:27 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieUserList
2015-08-14 10:06 - 2014-06-12 21:27 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieSiteList
2015-08-14 10:04 - 2013-01-31 13:36 - 00000000 ____D C:\Users\Chad\AppData\Local\VirtualStore
2015-08-14 10:03 - 2015-03-05 13:50 - 00000000 ____D C:\Users\Chad\Documents\ProPCCleaner
2015-08-13 11:11 - 2014-09-01 20:55 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{476E3A41-C099-4B2C-AE55-57CB34F65FC2}
2015-08-12 20:04 - 2013-03-08 10:45 - 00002169 _____ C:\Users\Alana\Desktop\50 Nifty United States.lnk
2015-08-12 10:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 05:15 - 2009-07-13 23:45 - 00307464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 05:12 - 2014-12-12 04:27 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 05:12 - 2014-05-06 08:26 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 04:56 - 2013-01-31 17:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 04:55 - 2013-03-14 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 04:54 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 04:54 - 2013-03-14 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:13 - 2013-08-15 03:06 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:01 - 2013-01-31 14:33 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 20:57 - 2013-09-17 10:28 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1BCF057A-8DDD-4EFA-AA0C-47AD30C18362}
2015-08-11 20:39 - 2013-04-09 14:54 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 20:39 - 2013-04-09 14:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 20:39 - 2013-04-09 14:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 20:38 - 2015-04-14 14:11 - 08710344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-03 10:33 - 2015-02-26 13:54 - 00000000 ____D C:\ProgramData\10973181966752926390
2015-08-03 10:32 - 2013-02-15 10:37 - 00002216 _____ C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-12-11 10:24 - 00002126 _____ C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-03-08 10:53 - 00002126 _____ C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-24 12:57 - 2013-01-31 19:58 - 00002126 _____ C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-23 08:42 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-20 19:35 - 2014-08-21 13:05 - 00002376 _____ C:\Users\Wendy\Desktop\Google Chrome.lnk
2015-07-20 19:08 - 2014-08-21 13:04 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA
2015-07-20 19:08 - 2014-08-21 13:04 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core

==================== Files in the root of some directories =======

2015-07-24 12:58 - 2015-07-24 12:58 - 0000020 _____ () C:\Users\Chad\AppData\Roaming\appdataFr2.bin
2014-03-01 18:16 - 2014-03-01 18:16 - 0002763 _____ () C:\ProgramData\connector.swf
2013-12-04 12:11 - 2013-12-04 12:11 - 0000097 _____ () C:\ProgramData\SAH_Install.ini

Some files in TEMP:
====================
C:\Users\Chad\AppData\Local\Temp\8314.exe
C:\Users\Chad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzs1sbw.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2012-02-27 10:19] - [2015-08-14 10:27] - 0357888 ____A (Microsoft Corporation) 9BC89E73F8693699116729697CE4F8F9

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-12 10:21

==================== End of log ============================

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Chad (2015-08-18 21:00:19)
Running from C:\Users\Chad\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-708449748-1331662778-136288417-500 - Administrator - Disabled)
Alana (S-1-5-21-708449748-1331662778-136288417-1009 - Limited - Enabled) => C:\Users\Alana
Austin (S-1-5-21-708449748-1331662778-136288417-1010 - Limited - Enabled) => C:\Users\Austin
Chad (S-1-5-21-708449748-1331662778-136288417-1003 - Administrator - Enabled) => C:\Users\Chad
Courtney (S-1-5-21-708449748-1331662778-136288417-1007 - Limited - Enabled) => C:\Users\Courtney
Ethan (S-1-5-21-708449748-1331662778-136288417-1008 - Limited - Enabled) => C:\Users\Ethan
Guest (S-1-5-21-708449748-1331662778-136288417-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-708449748-1331662778-136288417-1005 - Limited - Enabled)
Wendy (S-1-5-21-708449748-1331662778-136288417-1006 - Limited - Enabled) => C:\Users\Wendy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Alice Application (HKLM\...\nbi-aliceinstaller-3.1.92.0.0) (Version:  - )
Big Brainz Launcher (HKLM-x32\...\Big Brainz Launcher O) (Version: O - Big Brainz)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Bullzip PDF Printer 9.3.0.1516 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.3.0.1516 - Bullzip)
Chessmaster 10th Edition (HKLM-x32\...\InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}) (Version: 1.00.0000 - Ubisoft)
Chessmaster 10th Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden
CinemaPlus-3.2cV17.08 (HKLM-x32\...\CinemaPlus-3.2cV17.08) (Version: 1.36.01.22 - Cinema PlusV17.08) <==== ATTENTION
CinemaPlus-3.2cV18.08 (HKLM-x32\...\CinemaPlus-3.2cV18.08) (Version: 1.36.01.22 - Cinema PlusV18.08) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)
Fast Browser (HKLM-x32\...\Chromium) (Version: 34.0.1848.0 - Fast Browser)
Fender FUSE (HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\3334146898.fuse.fender.com) (Version:  - fuse.fender.com)
Fender FUSE 2.7.0.23 (HKLM-x32\...\Fender FUSE) (Version:  - )
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Like 1.5 (HKLM-x32\...\Like) (Version: 1.5 - Like)
LockHunter 2.0 beta 2, 64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 6.6.0 (HKLM-x32\...\MKVToolNix) (Version: 6.6.0 - Moritz Bunkus)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.31 - Symantec Corporation)
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Railroad Tycoon II - Platinum (HKLM-x32\...\{BED27751-CD2A-4C2F-9813-00B9B60C76FE}) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
shopperz12082015 2.0.0.475 (HKLM\...\{3ea54411-9f2a-4a18-a93a-84312350f7c1}_is1) (Version: 2.0.0.475 - shopperz) <==== ATTENTION
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SolveigMM AVI Trimmer (HKLM-x32\...\SolveigMM AVI Trimmer 2.1.1307.29) (Version: 2.1.1307.29 - Solveig Multimedia)
SpaceSoundPro Service (HKLM-x32\...\zz.1486.ssp) (Version: 1.0.0 - CSDI)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.1.2014 - BillP Studios)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-708449748-1331662778-136288417-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-06-2015 17:00:59 Windows Update
11-06-2015 13:23:32 Windows Update
12-06-2015 03:00:28 Windows Update
15-06-2015 04:47:40 Windows Update
19-06-2015 04:48:41 Windows Update
23-06-2015 04:50:39 Windows Update
26-06-2015 07:21:59 Windows Update
30-06-2015 07:22:33 Windows Update
15-07-2015 10:33:19 Windows Update
16-07-2015 03:00:25 Windows Update
17-07-2015 03:00:12 Windows Update
20-07-2015 14:05:50 Windows Update
23-07-2015 03:00:10 Windows Update
01-08-2015 11:06:57 Windows Update
02-08-2015 03:00:10 Windows Update
11-08-2015 20:50:12 Windows Update
12-08-2015 03:00:45 Windows Update
14-08-2015 10:11:24 Removed Google Chrome
14-08-2015 10:16:54 Removed BlueStacks Notification Center
14-08-2015 10:18:35 LavasoftWeCompanion
16-08-2015 09:55:54 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {035A6E02-FD19-4D69-AC61-D21A0BE81612} - System32\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\175d8f5e-ba70-46a4-af13-4d6657113fc8-5.exe [2015-08-18] (Cinema PlusV18.08) <==== ATTENTION
Task: {092A419A-1A44-43A6-AB05-D47A02274E2A} - System32\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-5 => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\175d8f5e-ba70-46a4-af13-4d6657113fc8-5.exe [2015-08-18] (Cinema PlusV18.08) <==== ATTENTION
Task: {10314F77-2DB5-4028-9C20-C61CDED6B8FC} - System32\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\175d8f5e-ba70-46a4-af13-4d6657113fc8-10.exe [2015-08-18] (Cinema PlusV18.08) <==== ATTENTION
Task: {113E27C0-D653-42F4-913A-B36D1B54B79E} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {28662721-1281-4CD6-A8D3-D2085D1AE3EB} - System32\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-5.exe [2015-08-18] (Cinema PlusV18.08) <==== ATTENTION
Task: {2BE75082-A6E8-478F-95FB-730A16097F05} - System32\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-6.exe [2015-08-18] (Cinema PlusV18.08) <==== ATTENTION
Task: {34751101-C0B3-4148-AF80-C6374CAE315E} - System32\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-5 => C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-5.exe [2015-08-17] (Cinema PlusV17.08) <==== ATTENTION
Task: {3825EA30-CF96-4FB6-9BD8-73A8A0C95910} - System32\Tasks\{F7D6BDA8-AD3A-40AF-8773-A66323F71320} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2015-07-14] (Microsoft Corporation)
Task: {463A4EF6-7658-4C27-83EA-EFF52BF5CB92} - System32\Tasks\CIMT_daily_S-1-5-21-708449748-1331662778-136288417-1003 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {4BE7A406-3ABF-4B43-ADD4-C0D0A509E3BF} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-18] (globalUpdate) <==== ATTENTION
Task: {4DB0485A-605C-4D3F-A216-2BC6CDF58D99} - System32\Tasks\{2EF30F3E-105C-431B-88FB-8C84708CE1D8} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2015-07-14] (Microsoft Corporation)
Task: {50D061CF-D6C5-4A00-9839-F57637EEAB2F} - System32\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-1-7.exe [2015-08-17] (Cinema PlusV17.08) <==== ATTENTION
Task: {62274691-4D07-4010-A713-2066D6462A03} - System32\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-5 => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-5.exe [2015-08-18] (Cinema PlusV18.08) <==== ATTENTION
Task: {632895BD-D434-45AD-9F22-15AE487A401F} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-18] (globalUpdate) <==== ATTENTION
Task: {67550F40-7587-43F3-BD40-5CA293E35E53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core => C:\Users\Wendy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {6F08A72F-48D2-49DD-A0CF-152CF4748DF5} - System32\Tasks\UFGIMDA1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {74E700CE-BEF1-4F9F-B7B8-8D0C2446DCCC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {7686A72E-B111-4537-9417-9B1B91D880F0} - \NSManager_1424999119 -> No File <==== ATTENTION
Task: {81ABF59C-305A-450F-8AA8-3852AD7AD72C} - System32\Tasks\674FFA33-52FC-436A-AF66-F9E720F2237E => C:\Users\Chad\AppData\Local\674FFA33-52FC-436A-AF66-F9E720F2237E\674FFA33-52FC-436A-AF66-F9E720F2237E.exe [2015-08-14] () <==== ATTENTION
Task: {865A8FA7-8556-4072-889C-9EFE4E336887} - System32\Tasks\CIMT_S-1-5-21-708449748-1331662778-136288417-1003 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {893EEE60-D092-4C97-819C-2E1833454568} - System32\Tasks\Jarmeee => C:\Program Files\shopperz12082015\Hvnkaufcv.bat <==== ATTENTION
Task: {8C21C0CE-EB58-4F07-BF25-9C0B7E01F874} - System32\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-7.exe [2015-08-18] (Cinema PlusV18.08) <==== ATTENTION
Task: {8C5D940B-30DE-499D-A58F-D0A8939E6283} - System32\Tasks\{3A74EEE2-F0F5-4353-BD84-636DD0803D84} => C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [2008-12-24] (Brother Industries, Ltd.)
Task: {8DC50ED5-C9CC-4D45-91B4-391C9F78E4CB} - System32\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-5.exe [2015-08-17] (Cinema PlusV17.08) <==== ATTENTION
Task: {9E352F36-C0BA-4C9F-AE93-9FB34689DBBA} - System32\Tasks\{A43E5F30-5F73-459D-B8CA-4C85E0BFDFA9} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {AE269C64-0B02-4757-A368-81C7E6EB576C} - System32\Tasks\{5EC2D0CC-29E1-455D-8A42-57A9B41770DD} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {AFA97FD4-3153-4338-8E10-9D5DD5947CC8} - System32\Tasks\{509A9ABA-3AB7-4BA8-B228-0DCB5C79704B} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {B21CF51C-DA01-4D41-A00D-D9044F1864CF} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {B25A3E31-DC95-4E67-8A58-83530E36273B} - System32\Tasks\avayvxvaxc => C:\Users\Chad\AppData\Local\avayvxvaxc\avayvxvaxc.exe <==== ATTENTION
Task: {B5CC3836-975D-429E-A27C-0A80C05A3C68} - System32\Tasks\{C26A3FFB-CAE0-4751-8171-E6DA750D5E6C} => C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [2015-07-14] (Microsoft Corporation)
Task: {B8166512-7D9E-4DC8-A8A5-7E08AD4C41CB} - System32\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-10.exe [2015-08-17] (Cinema PlusV17.08) <==== ATTENTION
Task: {BC0BE498-AAC4-4545-AE6B-3E1CDB5BED43} - System32\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-10.exe [2015-08-18] (Cinema PlusV18.08) <==== ATTENTION
Task: {BF559E7A-86A2-4A3B-B4C3-A3E38461B02C} - System32\Tasks\{4AC340CC-8E8C-4653-830C-F4CF2D34E670} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {C0C0031D-D710-4001-8E8E-5807A41A349B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA => C:\Users\Wendy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {C8759980-6FD5-4828-A343-C4E7FEBA6508} - System32\Tasks\{51D5E7D5-D3C3-44ED-8AFA-9F1E1641BD82} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {CB17BB31-7FCF-4110-A1FE-416D852C53F3} - System32\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-1-6.exe [2015-08-17] (Cinema PlusV17.08) <==== ATTENTION
Task: {DAD4F5DC-2DF0-4D08-82C7-BAEE900F54C8} - System32\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-1-6.exe [2015-08-18] (Cinema PlusV18.08) <==== ATTENTION
Task: {DE739D0C-534E-467F-A6C1-3E9FFFD29092} - System32\Tasks\Norton Security Scan for Courtney => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.31\Nss.exe [2014-08-21] (Symantec Corporation)
Task: {E75382F3-E1D1-47CF-84D4-8A8EFE80126C} - System32\Tasks\{4687D03B-0494-466E-883C-2CC15EA6E7E3} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {ED89A120-4373-48A3-A7CF-EC630BC9E11C} - System32\Tasks\{2CA32FA7-83AE-480F-A2D8-9FC088994810} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)
Task: {F05E707D-3092-445B-94BC-2162D7C0D964} - System32\Tasks\Component System\Component => C:\Users\Chad\AppData\Local\Component\com.exe [2015-02-26] ()
Task: {F684F3B7-E66B-4EA2-9F86-92B28A7B6F2D} - System32\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-1-7.exe [2015-08-18] (Cinema PlusV18.08) <==== ATTENTION
Task: {FD94F924-FC23-4220-B7A6-228594F6DEE3} - System32\Tasks\{EC54ACBA-640B-468E-A82C-CE1B778DCC8B} => C:\Program Files (x86)\Dell Wireless\asav.exe [2012-01-19] (QUALCOMM Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\175d8f5e-ba70-46a4-af13-4d6657113fc8-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\175d8f5e-ba70-46a4-af13-4d6657113fc8-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\175d8f5e-ba70-46a4-af13-4d6657113fc8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\175d8f5e-ba70-46a4-af13-4d6657113fc8-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\175d8f5e-ba70-46a4-af13-4d6657113fc8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1c89db8-1285-4745-bd2c-2f2396804251-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.08\c1c89db8-1285-4745-bd2c-2f2396804251-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\c6180611-4093-4616-a348-6adeeade1c9a-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV17.08\c6180611-4093-4616-a348-6adeeade1c9a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-708449748-1331662778-136288417-1003.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-708449748-1331662778-136288417-1003.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006Core.job => C:\Users\Wendy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-708449748-1331662778-136288417-1006UA.job => C:\Users\Wendy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Courtney.job => C:\PROGRA~2\NORTON~2\Engine\410~1.31\Nss.exe
Task: C:\Windows\Tasks\UFGIMDA1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2013-01-31 17:03 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2013-01-24 00:44 - 2012-01-26 22:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-01-24 02:04 - 2012-03-19 15:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-28 19:23 - 2013-08-28 19:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-03-07 06:30 - 2014-02-17 22:46 - 00643948 ____N () C:\Program Files (x86)\WinPatrol\sqlite3.dll
2013-01-31 17:03 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-08-28 19:25 - 2013-08-28 19:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uiviuuj => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-708449748-1331662778-136288417-1003\...\coxhealth.com -> hxxps://sra.coxhealth.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-708449748-1331662778-136288417-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.220.220 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BEF5AFB5-B58D-4747-BA8F-6BBF9B4BE5FA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{BFE258E5-B2AB-40DA-9021-1D7A311E5E50}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{5AECB04D-B30E-4FE9-A912-D0E731328485}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6CB6DBA5-AA2E-482D-B930-A70C6DE02926}] => (Allow) LPort=2869
FirewallRules: [{D3D4C3FE-CE60-49D1-8464-C31B8408E034}] => (Allow) LPort=1900
FirewallRules: [{B01F5744-714D-4C67-AADB-48608A8C1449}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8E2D6300-548C-4656-84DA-6A56863C4C22}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{D390E428-E256-4D15-9149-C2DEE496B512}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{78922532-130C-47BB-877D-337AD0E1D8D9}] => (Allow) LPort=54925
FirewallRules: [{21B433C3-CD4E-4296-ADB0-3D940BD7CC4F}] => (Allow) C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6846653E-F418-4CB4-B6D0-562E2369A188}] => (Allow) C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{C0900857-0002-4197-AE6E-4F226CC8CB63}C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6CC33E03-4767-44CE-96A4-63FCC43DCAD3}C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\chad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{25FEB17B-F16C-423E-A71E-CBE6F61CF0CF}C:\program files (x86)\chessmaster\game.exe] => (Block) C:\program files (x86)\chessmaster\game.exe
FirewallRules: [UDP Query User{F56304FF-105F-4BF0-BFDC-3D8926184A45}C:\program files (x86)\chessmaster\game.exe] => (Block) C:\program files (x86)\chessmaster\game.exe
FirewallRules: [PotPlayer(PotPlayerMini.exe)] => (Allow) C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{96C29C36-A092-4BDD-98C7-FDB36332BABB}] => (Allow) C:\Program Files (x86)\Daum\PotPlayer\PotPlayerMini.exe
FirewallRules: [{3B75A6DA-B7B2-46C3-BF19-5C28BDD7D875}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9CE3ABFB-2A9D-46C6-A273-E4505AC53953}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{43FFCDFD-E7DB-4EE5-A9C3-7154C9785D3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{FA548EE2-D9BC-49CF-95BA-56169DECA1B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{C8D87718-F97E-4899-B64F-3D74E177B45A}C:\program files\java\jdk1.8.0_05\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_05\bin\jmc.exe
FirewallRules: [UDP Query User{789275C9-7446-4626-AA24-C1600F346216}C:\program files\java\jdk1.8.0_05\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_05\bin\jmc.exe
FirewallRules: [{8BD77F53-28AE-499C-BE9A-3BA431423F7E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A6BA9CCE-D785-49E7-8C30-2781DE37152C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FEAC71C4-423D-47D3-ACF0-D13FD52EA44F}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{B868C5F3-FAC3-4E14-9B91-572A226FC856}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{7BA9AB8C-FE75-4AE0-A32D-6364ED3A8C2C}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{DA54F007-1BDF-4F29-ABB9-53A097B33BAF}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{D8AB13C8-C5A2-4D86-8D0E-F58A57632A03}] => (Allow) C:\Users\Chad\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{F59A8A25-D37A-4566-AAE4-40730160062A}] => (Allow) C:\Users\Chad\Ubiquiti UniFi\bin\mongod.exe

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1506 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1506 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2015 08:57:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2015 07:15:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2015 07:11:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 16.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 145c

Start Time: 01d0d9ae7d2aa5e8

Termination Time: 0

Application Path: C:\Users\Chad\Desktop\FRST64.exe

Report Id: 4945ee7f-45a2-11e5-ad06-d4bed9e1d989

Error: (08/18/2015 07:10:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17d8

Start Time: 01d0d9aed4bd2ccd

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/18/2015 07:10:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3e8

Start Time: 01d0d9aec50fdcbf

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/18/2015 07:09:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a08

Start Time: 01d0d9aeb46d5ef5

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/17/2015 04:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2015 04:50:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a6a196
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x1234
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3

Error: (08/17/2015 04:45:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2015 03:39:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/18/2015 08:58:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/18/2015 08:53:45 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (08/18/2015 08:53:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ElejooLyunp service failed to start due to the following error:
%%2

Error: (08/18/2015 08:53:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/18/2015 08:53:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/18/2015 08:53:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/18/2015 08:53:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/18/2015 08:53:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/18/2015 08:53:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Uiviuuj service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 200 milliseconds: Restart the service.

Error: (08/18/2015 08:53:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAtheros Wlan Agent service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office:
=========================
Error: (10/07/2014 12:06:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity:
===================================
  Date: 2015-08-16 15:37:23.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\AdwCleaner\Quarantine\C\Program Files\SpaceSoundPro\SpaceSoundPro.dll.vir because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 43%
Total physical RAM: 6013.55 MB
Available physical RAM: 3373.2 MB
Total Virtual: 12025.3 MB
Available Virtual: 9477.38 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:917.84 GB) (Free:729.96 GB) NTFS
Drive d: (RCTYCOON) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C5E7756A)
Partition 1: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of log ============================

 

 

 

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users