Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of Yahoo search no matter what I use or do


  • This topic is locked This topic is locked
6 replies to this topic

#1 Lylatov

Lylatov

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 28 August 2015 - 08:55 PM

I have an unwanted Yahoo search engine on Chrome. I have used malware bytes, junk removal  tool, adwcleaner, superantispyware and mcafee. It was originally on IE10 but I was able to remove it but then it jumped to Chrome and I haven't been able to make it budge. I even ran malwarebytes in safe mode on Windows 10 but not only did it not remove it, it jumped to Chrome. I couldn't get out of safe mode and had to revert to Windows 7. Of course I deleted yahoo as a search engine on the settings and even deleted google but nothing works.  Is there anything I can do besides get rid of Chrome. If I did get rid of Chrome would it reinfect IE?  Why would Yahoo want to support this kind of malware? This wouldn't be bundled unless there was some benefit to the sobs that attach it to their freeware.

 

Any help would be appreciated. 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/28/2015
Scan Time: 10:43 AM
Logfile: malwarebytes.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.28.04
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Natalie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 499586
Time Elapsed: 35 min, 9 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 56
PUP.Optional.StartNow.A, HKLM\SOFTWARE\CLASSES\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}, Quarantined, [ff35ce40f49770c6b827e3bb54aeda26], 
PUP.Optional.StartNow.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}, Quarantined, [ff35ce40f49770c6b827e3bb54aeda26], 
PUP.Optional.StartNow.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}, Quarantined, [ff35ce40f49770c6b827e3bb54aeda26], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2d948797-8fe3-4508-9b6f-4bf349a9ea34}, Quarantined, [40f48c824b40a09606ceba20d52db64a], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2D948797-8FE3-4508-9B6F-4BF349A9EA34}, Quarantined, [40f48c824b40a09606ceba20d52db64a], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2D948797-8FE3-4508-9B6F-4BF349A9EA34}, Quarantined, [40f48c824b40a09606ceba20d52db64a], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2D948797-8FE3-4508-9B6F-4BF349A9EA34}, Quarantined, [40f48c824b40a09606ceba20d52db64a], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2D948797-8FE3-4508-9B6F-4BF349A9EA34}, Quarantined, [40f48c824b40a09606ceba20d52db64a], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2D948797-8FE3-4508-9B6F-4BF349A9EA34}, Quarantined, [40f48c824b40a09606ceba20d52db64a], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2D948797-8FE3-4508-9B6F-4BF349A9EA34}, Quarantined, [40f48c824b40a09606ceba20d52db64a], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{33119133-0854-469d-807A-171568457991}, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{03119103-0854-469d-807A-171568457991}, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{23119123-0854-469D-807A-171568457991}, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03119103-0854-469d-807A-171568457991}, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{03119103-0854-469d-807A-171568457991}, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\ReadingFanatic_6x.SkinLauncherSettings.1, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\ReadingFanatic_6x.SkinLauncherSettings, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ReadingFanatic_6x.SkinLauncherSettings, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ReadingFanatic_6x.SkinLauncherSettings, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ReadingFanatic_6x.SkinLauncherSettings.1, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ReadingFanatic_6x.SkinLauncherSettings.1, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{33119133-0854-469D-807A-171568457991}, Quarantined, [89ab6ea0e5a690a6793bcd08f40ed12f], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{f149b372-5830-4d88-b8f6-2853d12c1af5}, Quarantined, [260eb955d0bb1c1a76901ebef80ac33d], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F149B372-5830-4D88-B8F6-2853D12C1AF5}, Quarantined, [260eb955d0bb1c1a76901ebef80ac33d], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F149B372-5830-4D88-B8F6-2853D12C1AF5}, Quarantined, [260eb955d0bb1c1a76901ebef80ac33d], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F149B372-5830-4D88-B8F6-2853D12C1AF5}, Quarantined, [260eb955d0bb1c1a76901ebef80ac33d], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F149B372-5830-4D88-B8F6-2853D12C1AF5}, Quarantined, [260eb955d0bb1c1a76901ebef80ac33d], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F149B372-5830-4D88-B8F6-2853D12C1AF5}, Quarantined, [260eb955d0bb1c1a76901ebef80ac33d], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F149B372-5830-4D88-B8F6-2853D12C1AF5}, Quarantined, [260eb955d0bb1c1a76901ebef80ac33d], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\ReadingFanatic_6x, Quarantined, [72c25bb377143cfa36f3328bac58b14f], 
PUP.Optional.StartNow.A, HKLM\SOFTWARE\WOW6432NODE\StartNow Toolbar, Quarantined, [4fe5c24c6427fc3ab1d1f1a9a262f10f], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{287865FE-1CAB-4246-B762-6A3700FD48ED}, Quarantined, [a78da9653952082e6ad2515436cea759], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B36E903-A330-4ED8-BF94-02895D26354F}, Quarantined, [50e4f01e9af1d95db389772e699b40c0], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{74388183-BF21-4486-BDB0-E290AF31A98B}, Quarantined, [290b23eb464510267bc1baeb4cb8d62a], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1943E5-505E-45CE-859D-98C31B281D53}, Quarantined, [b48077973259d46258e4a7fe53b1f709], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A51621A1-5FE5-44FB-BD09-BE73537105BB}, Quarantined, [8ca80b03dbb062d458e4dec7f113b749], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D67C7B73-B1FD-45FA-86C9-F3016B0318E8}, Quarantined, [42f2f11dc9c20333da621e8790742ed2], 
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FE8A5A30-7831-4EB2-A9E7-8402C384C841}, Quarantined, [cb69d63855361125c66d942441c3ed13], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@ReadingFanatic_6x.com/Plugin, Quarantined, [57dd4ac4ccbf53e38a31f3b3cb39e818], 
PUP.Optional.InstallCore.C, HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\SOFTWARE\InstallCore, Quarantined, [0f254ec0deada096fd02b0fa2adaaf51], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\SOFTWARE\ReadingFanatic_6x, Quarantined, [68cce727c2c9092d335b922a23e1847c], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\SOFTWARE\APPDATALOW\SOFTWARE\ReadingFanatic_6x, Quarantined, [91a33dd1cac17eb8ca2e3b802cd8847c], 
PUP.Optional.Ask.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FE8A5A30-7831-4EB2-A9E7-8402C384C841}, Quarantined, [1d17d7376922cc6acff58c13f70d9d63], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-500\SOFTWARE\APPDATALOW\SOFTWARE\ReadingFanatic_6x, Quarantined, [999b8c825f2c3600cd2b5a61f80c8b75], 
PUP.Optional.Astromenda.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\Astromenda, Quarantined, [42f2ae60e0aba195df765ed7ba49e61a], 
PUP.Optional.Gameo.C, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\Gameo, Quarantined, [290b1fefc4c7a98d03486bbbd13203fd], 
PUP.Optional.InstallCore.C, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\InstallCore, Quarantined, [53e1f01e7f0cca6c5fa0a80270942ad6], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\ReadingFanatic_6x, Quarantined, [171d35d98ffc55e1117d4379ac58c838], 
PUP.Optional.Astromenda.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\wse_astromenda, Quarantined, [e35196785f2c3ff7b551f15763a07789], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\APPDATALOW\SOFTWARE\ReadingFanatic_6x, Quarantined, [dd5769a5becd0d2906f2308b42c2a65a], 
PUP.Optional.Astromenda.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [092be42a682357dfb6eea0f77c885fa1], 
PUP.Optional.Astromenda.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{5CFA9D61-EDF1-4FAA-8197-3DA588850F26}, Quarantined, [32020a04a1ea43f3a91d0a959b69ee12], 
PUP.Optional.Ask.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FE8A5A30-7831-4EB2-A9E7-8402C384C841}, Quarantined, [8da79f6f0b80d660bc08f1aee420bb45], 
PUP.Optional.Astromenda.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Astromenda, Quarantined, [999bed2139526fc7af7f083504ff29d7], 
 
Registry Values: 19
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{B36151D1-7770-4480-87E4-F89FB54E173D}, Quarantined, [60d4828cb5d6b185e2bc1ebdc63c56aa], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{B36151D1-7770-4480-87E4-F89FB54E173D}, ÑQa³pw€D‡äøŸµN =, Quarantined, [60d4828cb5d6b185e2bc1ebdc63c56aa]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{287865fe-1cab-4246-b762-6a3700fd48ed}|AppPath, C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin, Quarantined, [a78da9653952082e6ad2515436cea759]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5b36e903-a330-4ed8-bf94-02895d26354f}|AppPath, C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin, Quarantined, [50e4f01e9af1d95db389772e699b40c0]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{74388183-bf21-4486-bdb0-e290af31a98b}|AppPath, C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin, Quarantined, [290b23eb464510267bc1baeb4cb8d62a]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7f1943e5-505e-45ce-859d-98c31b281d53}|AppPath, C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin, Quarantined, [b48077973259d46258e4a7fe53b1f709]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{a51621a1-5fe5-44fb-bd09-be73537105bb}|AppPath, C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin, Quarantined, [8ca80b03dbb062d458e4dec7f113b749]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d67c7b73-b1fd-45fa-86c9-f3016b0318e8}|AppPath, C:\Program Files (x86)\ReadingFanatic_6x\bar\1.bin, Quarantined, [42f2f11dc9c20333da621e8790742ed2]
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}|URL, http://search.tb.ask.com/search/GGmain.jhtml?p2=^AIC^xdm002^YYA^us&si=CIbI9cS7v7gCFSqCQgodhE8Axw&ptb=6944D4DA-F6BE-49E1-991D-8B19A959C6AC&ind=2013072021&n=77fd0a95&psa=&st=sb&searchfor={searchTerms}, Quarantined, [cb69d63855361125c66d942441c3ed13]
PUP.Optional.Ask.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}|DisplayName, Ask Web Search, Quarantined, [9d970fffe2a9b87e4085f3ac06fe9a66]
PUP.Optional.Ask.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}|DisplayName, Ask Web Search, Quarantined, [1d17d7376922cc6acff58c13f70d9d63]
PUP.Optional.Ask.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}|URL, http://search.tb.ask.com/search/GGmain.jhtml?p2=^AIC^xdm002^YYA^us&si=CIbI9cS7v7gCFSqCQgodhE8Axw&ptb=6944D4DA-F6BE-49E1-991D-8B19A959C6AC&ind=2013072021&n=77fd0a95&psa=&st=sb&searchfor={searchTerms}, Quarantined, [50e4b9553b50e94d28082791ad579e62]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{5CFA9D61-EDF1-4FAA-8197-3DA588850F26}|URL, http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_46_other&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyCtBzyyCzzyC0CyEzy0DtN0D0Tzu0StCtDyEyCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0ByB0F0C0DzytCtGyBzztC0CtGyB0CyC0FtG0Fzz0E0FtGtAyDzz0B0A0D0B0F0F0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtC0CtDtAyDzytGzztB0DzytGyE0AyCyDtG0ByC0B0EtG0AtCzytA0A0EtC0Azy0BtDyD2Q&cr=824544065&ir=, Quarantined, [32020a04a1ea43f3a91d0a959b69ee12]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{5CFA9D61-EDF1-4FAA-8197-3DA588850F26}|TopResultURLFallback, http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_46_other&cd=2XzuyEtN2Y1L1QzuyEtDyCtCzzyCyCtBzyyCzzyC0CyEzy0DtN0D0Tzu0StCtDyEyCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0ByB0F0C0DzytCtGyBzztC0CtGyB0CyC0FtG0Fzz0E0FtGtAyDzz0B0A0D0B0F0F0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EtC0CtDtAyDzytGzztB0DzytGyE0AyCyDtG0ByC0B0EtG0AtCzytA0A0EtC0Azy0BtDyD2Q&cr=824544065&ir=, Quarantined, [1e169d71deadfd39a125a8f7a36118e8]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{5CFA9D61-EDF1-4FAA-8197-3DA588850F26}|FaviconPath, C:\Users\Guest\AppData\Local\WSE_Astromenda\\FavIcon.ico, Quarantined, [83b1b658632861d5d4f2fca3788c0ef2]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{5CFA9D61-EDF1-4FAA-8197-3DA588850F26}, Astromenda, Quarantined, [033120eeacdf171fccfa6a3526de16ea]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{5CFA9D61-EDF1-4FAA-8197-3DA588850F26}|DisplayName, Astromenda, Quarantined, [082ce02e7e0d0b2b497dffa044c008f8]
PUP.Optional.Ask.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}|DisplayName, Ask Web Search, Quarantined, [8da79f6f0b80d660bc08f1aee420bb45]
PUP.Optional.Ask.A, HKU\S-1-5-21-1294048379-1582724202-4115758084-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}|URL, http://search.tb.ask.com/search/GGmain.jhtml?p2=^AIC^xdm002^YYA^us&si=CIbI9cS7v7gCFSqCQgodhE8Axw&ptb=6944D4DA-F6BE-49E1-991D-8B19A959C6AC&ind=2013082600&n=77fd33e8&psa=&st=sb&searchfor={searchTerms}, Quarantined, [4be936d83358171fed4312a631d3966a]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.ResultsHub.A, C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_resultshub-a.akamaihd.net_0.localstorage, Delete-on-Reboot, [4aea030b0b8081b5d9b258c7fe05d729], 
PUP.Optional.ResultsHub.A, C:\Users\Natalie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_resultshub-a.akamaihd.net_0.localstorage-journal, Delete-on-Reboot, [73c1f61849420d2943482ff0e221be42], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
and JTR
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Natalie on Fri 08/28/2015 at 17:27:34.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_4846140637A8A9E7EC96268DAD771C14
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Natalie\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Natalie\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Natalie\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Natalie\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/28/2015 at 17:31:29.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:33 AM

Posted 30 August 2015 - 08:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Wait for further instructions.

#3 Lylatov

Lylatov
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 30 August 2015 - 11:19 AM

I already ran it. Here are the results:

 

S3 FXDRV; \??\E:\Fxdrv64.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
S1 pwipf6; system32\DRIVERS\pwipf6.sys [X]
S3 wrssweep; \??\C:\PROGRA~2\Webroot\Security\Current\plugins\cleanup\wrssweep.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 22:36 - 2015-08-28 22:36 - 00000000 ____D C:\FRST
2015-08-28 22:06 - 2015-08-28 22:06 - 00015646 _____ C:\Users\Natalie\Documents\HitmanPro_20150828_2206.log
2015-08-28 22:06 - 2015-08-28 22:06 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-08-28 19:18 - 2015-08-28 19:18 - 00000136 _____ C:\Users\Natalie\Desktop\Solitaire - Shortcut.lnk
2015-08-28 19:16 - 2015-08-28 19:16 - 00001899 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-28 19:16 - 2015-08-28 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-28 19:16 - 2015-08-28 19:16 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-28 19:15 - 2015-08-28 22:06 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-28 18:16 - 2015-08-28 18:16 - 00017237 _____ C:\malwarebytes.txt
2015-08-28 17:31 - 2015-08-28 17:31 - 00001244 _____ C:\Users\Natalie\Desktop\JRT.txt
2015-08-28 17:27 - 2015-08-28 17:27 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Natalie\Downloads\JRT.exe
2015-08-28 17:05 - 2015-08-28 21:10 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001UA1d0e1ee6a5b9689.job
2015-08-28 17:05 - 2015-08-28 17:10 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001Core1d0e1ee68f6830f.job
2015-08-28 17:05 - 2015-08-28 17:05 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001UA1d0e1ee6a5b9689
2015-08-28 17:05 - 2015-08-28 17:05 - 00003494 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001Core1d0e1ee68f6830f
2015-08-28 11:44 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-28 11:44 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-28 10:41 - 2015-08-28 22:36 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-28 10:41 - 2015-08-28 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-28 10:41 - 2015-08-28 10:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-28 10:41 - 2015-08-28 10:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-28 10:41 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-28 10:41 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-28 10:41 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-28 10:30 - 2015-08-28 10:30 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2015-08-28 09:57 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-28 09:57 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-28 09:57 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-28 09:57 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-28 09:57 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-28 09:57 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-28 09:57 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-28 09:57 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-28 09:57 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-28 09:57 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-28 09:57 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-28 09:57 - 2015-07-16 12:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-28 09:57 - 2015-07-16 12:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-28 09:57 - 2015-07-16 12:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-28 09:57 - 2015-07-15 11:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-28 09:57 - 2015-07-15 11:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-28 09:57 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-28 09:57 - 2015-07-15 11:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-28 09:57 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-28 09:57 - 2015-07-15 10:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-28 09:57 - 2015-07-11 06:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-28 09:56 - 2015-07-20 17:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-28 09:56 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-28 09:56 - 2015-07-16 13:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-28 09:56 - 2015-07-16 13:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-28 09:56 - 2015-07-16 13:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-28 09:56 - 2015-07-16 13:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-28 09:56 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-28 09:56 - 2015-07-16 13:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-28 09:56 - 2015-07-16 13:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-28 09:56 - 2015-07-16 13:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-28 09:56 - 2015-07-16 13:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-28 09:56 - 2015-07-16 13:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-28 09:56 - 2015-07-16 13:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-28 09:56 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-28 09:56 - 2015-07-16 12:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-28 09:56 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-28 09:56 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-28 09:56 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-28 09:56 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-28 09:56 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-28 09:56 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-28 09:56 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-28 09:56 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-28 09:56 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-28 09:56 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-28 09:56 - 2015-07-16 12:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-28 09:56 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-28 09:56 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-28 09:56 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-28 09:56 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-28 09:56 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-28 09:56 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-28 09:56 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-28 09:56 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-28 09:56 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-28 09:56 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-28 09:56 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-28 09:56 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-28 09:56 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-28 09:56 - 2015-07-15 11:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-28 09:56 - 2015-07-15 11:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-28 09:56 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-28 09:56 - 2015-07-15 11:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-28 09:56 - 2015-07-15 11:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-28 09:56 - 2015-07-15 11:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-28 09:56 - 2015-07-15 11:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-28 09:56 - 2015-07-15 11:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-28 09:56 - 2015-07-15 11:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-28 09:56 - 2015-07-15 11:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-28 09:56 - 2015-07-15 11:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-28 09:56 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-28 09:56 - 2015-07-15 11:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-28 09:56 - 2015-07-15 11:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-28 09:56 - 2015-07-15 11:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-28 09:56 - 2015-07-15 11:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-28 09:56 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-28 09:56 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-28 09:56 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-28 09:56 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-28 09:56 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-28 09:56 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-28 09:56 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-28 09:56 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-28 09:56 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-28 09:56 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-28 09:56 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-28 09:56 - 2015-07-15 10:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-28 09:56 - 2015-07-15 10:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-28 09:56 - 2015-07-15 10:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-28 09:56 - 2015-07-15 10:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-28 09:56 - 2015-07-15 10:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-28 09:56 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-28 09:56 - 2015-07-15 10:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-28 09:56 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-28 09:56 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 09:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-28 09:56 - 2015-07-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-28 09:56 - 2015-07-15 09:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-28 09:56 - 2015-07-15 09:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-28 09:56 - 2015-07-15 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-28 09:56 - 2015-07-15 09:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 09:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 09:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-28 09:56 - 2015-07-15 09:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-28 09:56 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-28 09:55 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-28 09:55 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-28 09:55 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-28 09:55 - 2015-07-30 11:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-28 09:55 - 2015-07-30 11:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-28 09:55 - 2015-07-30 11:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-28 09:55 - 2015-07-30 11:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-28 09:55 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-28 09:55 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-28 09:55 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-28 09:55 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-28 09:55 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-28 09:55 - 2015-07-30 10:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-28 09:55 - 2015-07-30 09:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-28 09:55 - 2015-07-30 09:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-28 09:55 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-28 09:55 - 2015-07-20 11:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-28 09:55 - 2015-07-20 11:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-28 09:55 - 2015-07-20 11:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-28 09:55 - 2015-07-20 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-28 09:55 - 2015-07-20 11:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-28 09:55 - 2015-07-20 11:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-28 09:55 - 2015-07-20 11:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-28 09:55 - 2015-07-20 11:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-28 09:55 - 2015-07-20 11:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-28 09:55 - 2015-07-20 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-28 09:55 - 2015-07-20 11:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-28 09:55 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-28 09:55 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-28 09:55 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-28 09:55 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-28 09:55 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-28 09:55 - 2015-07-16 14:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-28 09:55 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-28 09:55 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-28 09:55 - 2015-07-16 13:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-28 09:55 - 2015-07-16 13:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-28 09:55 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-28 09:55 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-28 09:55 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-28 09:55 - 2015-07-16 13:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-28 09:55 - 2015-07-16 13:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-28 09:55 - 2015-07-16 13:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-28 09:55 - 2015-07-16 12:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-28 09:55 - 2015-07-16 12:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-28 09:55 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-28 09:55 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-28 09:55 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-28 09:55 - 2015-07-16 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-28 09:55 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-28 09:55 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-28 09:55 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-28 09:55 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-28 09:55 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-28 09:55 - 2015-07-14 20:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-28 09:55 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-28 09:55 - 2015-07-14 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-28 09:55 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-28 09:55 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-28 09:55 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-28 09:55 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-28 09:55 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-28 09:55 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-28 09:55 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-28 09:55 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-28 09:55 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-28 09:55 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-28 09:55 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-28 09:55 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-28 09:55 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-28 09:40 - 2015-08-28 09:40 - 00000266 _____ C:\Users\Natalie\Downloads\debug.log
2015-08-28 01:43 - 2015-08-28 01:43 - 00000000 ____D C:\$SysReset
2015-08-28 00:19 - 2015-08-28 00:22 - 01618432 _____ C:\Users\Natalie\Downloads\adwcleaner_5.004.exe
2015-08-27 00:29 - 2015-08-28 00:30 - 00000000 ____D C:\AdwCleaner
2015-08-27 00:28 - 2015-08-27 00:28 - 01618432 _____ C:\Users\Natalie\Downloads\AdwCleaner (2).exe
2015-08-27 00:27 - 2015-08-27 00:29 - 01618432 _____ C:\Users\Natalie\Downloads\AdwCleaner (1).exe
2015-08-27 00:26 - 2015-08-27 00:26 - 02186752 _____ (Farbar) C:\Users\Natalie\Downloads\FRST64.exe
2015-08-26 23:41 - 2015-08-26 23:42 - 01618432 _____ C:\Users\Natalie\Downloads\AdwCleaner.exe
2015-08-26 23:39 - 2015-08-26 23:39 - 05635162 _____ (Swearware) C:\Users\Natalie\Downloads\ComboFix (2).exe
2015-08-26 23:37 - 2015-08-26 23:37 - 05635162 _____ (Swearware) C:\Users\Natalie\Downloads\ComboFix (1).exe
2015-08-26 23:35 - 2015-08-26 23:35 - 05635162 _____ (Swearware) C:\Users\Natalie\Downloads\ComboFix.exe
2015-08-26 21:58 - 2015-08-28 10:41 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-26 21:56 - 2015-08-26 21:56 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Natalie\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 19:37 - 2015-08-23 19:42 - 00000000 ____D C:\SUPERDelete
2015-08-17 19:38 - 2011-03-14 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BJJE.DLL
2015-08-17 19:38 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-08-14 16:35 - 2015-08-14 16:36 - 00340216 _____ (PC Drivers HeadQuarters LP) C:\Users\Natalie\Downloads\DriverDetective.exe
2015-08-14 16:33 - 2015-08-14 16:33 - 01389856 _____ C:\Users\Natalie\Downloads\R114079.EXE
2015-08-14 16:27 - 2015-08-14 16:27 - 02865688 _____ (Intel Corporation) C:\Users\Natalie\Downloads\INF_allOS_9.1.2.1008_PV.exe
2015-08-14 16:22 - 2015-08-14 16:22 - 00001241 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.2.lnk
2015-08-14 16:21 - 2015-08-14 16:21 - 05069632 _____ (Intel) C:\Users\Natalie\Downloads\Intel Driver Update Utility Installer.exe
2015-08-14 16:15 - 2015-08-14 16:15 - 00001346 _____ C:\Users\Natalie\Downloads\INTELRPROCESSORMISCELLANEOUSREGISTERS-D1589.1.9.10053db744adb8822323951a244ae76b4b21.dmx-info
2015-08-14 16:15 - 2015-08-14 16:15 - 00001346 _____ C:\Users\Natalie\Downloads\INTELRPROCESSORMISCELLANEOUSREGISTERS-D1589.1.9.10053db744adb8822323951a244ae76b4b21 (1).dmx-info
2015-08-13 20:56 - 2015-08-13 20:56 - 00002212 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-08-13 20:55 - 2015-08-06 21:05 - 00573048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-08-12 20:11 - 2015-08-28 02:30 - 00000000 ____D C:\Users\Natalie\AppData\Local\Glyph
2015-08-12 20:10 - 2015-08-12 20:11 - 31184760 _____ (Trion Worlds Inc.) C:\Users\Natalie\Downloads\GlyphInstall-9999-1001 (4).exe
2015-08-12 20:10 - 2015-08-12 20:11 - 00001072 _____ C:\Users\Natalie\Desktop\Glyph.lnk
2015-08-12 19:34 - 2015-08-12 19:34 - 31184760 _____ (Trion Worlds Inc.) C:\Users\Natalie\Downloads\GlyphInstall-9999-1001 (3).exe
2015-08-12 19:28 - 2015-08-12 19:29 - 31184760 _____ (Trion Worlds Inc.) C:\Users\Natalie\Downloads\GlyphInstall-9999-1001 (2).exe
2015-08-12 19:23 - 2015-08-12 19:23 - 31184760 _____ (Trion Worlds Inc.) C:\Users\Natalie\Downloads\GlyphInstall-9999-1001 (1).exe
2015-08-12 19:19 - 2015-08-12 19:20 - 31184760 _____ (Trion Worlds Inc.) C:\Users\Natalie\Downloads\GlyphInstall-9999-1001.exe
2015-08-12 18:49 - 2015-08-12 18:49 - 03049640 _____ (Innovative Solutions) C:\Users\Natalie\Downloads\Net-Realtek-Realtek-PCIe-GBE-Family-Controller.exe
2015-08-12 18:40 - 2015-08-12 18:40 - 02787864 _____ (Intel Corporation) C:\Users\Natalie\Downloads\infinst911autol.exe
2015-08-12 18:35 - 2015-08-12 18:35 - 82596072 _____ (Logitech Inc.) C:\Users\Natalie\Downloads\LGS_8.70.315_x64_Logitech.exe
2015-08-12 18:34 - 2015-08-12 18:34 - 77421240 _____ (Logitech Inc.) C:\Users\Natalie\Downloads\LGS_8.70.315_x86_Logitech.exe
2015-08-12 18:13 - 2015-08-12 18:13 - 08114200 _____ (Auslogics Labs Pty Ltd ) C:\Users\Natalie\Downloads\driver-updater-setup.exe
2015-08-12 18:07 - 2015-08-12 18:07 - 00657408 _____ C:\Users\Natalie\Downloads\MicrosoftFixit50464.msi
2015-08-08 07:43 - 2015-08-22 22:19 - 07884764 _____ C:\Users\Natalie\Downloads\AuroraBorealis.themepack
2015-08-08 03:25 - 2015-08-08 03:25 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-08-08 03:21 - 2015-08-08 03:21 - 00000000 __SHD C:\Recovery
2015-08-08 02:01 - 2015-08-08 03:20 - 00018071 _____ C:\Windows\diagerr.xml
2015-08-08 02:01 - 2015-08-08 03:20 - 00017148 _____ C:\Windows\diagwrn.xml
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 22:20 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-28 22:20 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-28 22:15 - 2010-01-19 16:51 - 02094281 _____ C:\Windows\WindowsUpdate.log
2015-08-28 22:11 - 2009-07-13 21:51 - 00236273 _____ C:\Windows\setupact.log
2015-08-28 22:10 - 2014-05-07 17:37 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001Core1cf6a55ae6bf247.job
2015-08-28 22:10 - 2014-04-03 17:16 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001UA1cf4f9b268fe2ab.job
2015-08-28 22:10 - 2009-11-12 14:44 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-28 22:10 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-28 21:18 - 2011-03-13 17:04 - 00007459 _____ C:\Windows\SysWOW64\Lantern.log
2015-08-28 19:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-08-28 19:18 - 2010-01-29 23:14 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-08-28 17:00 - 2009-07-13 21:45 - 00462184 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-28 16:56 - 2014-12-11 22:33 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-28 16:56 - 2014-05-07 20:04 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-28 16:56 - 2009-11-12 14:37 - 00814646 _____ C:\Windows\PFRO.log
2015-08-28 11:44 - 2013-03-12 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-28 11:41 - 2010-02-01 13:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-28 11:36 - 2009-07-13 19:34 - 00000541 _____ C:\Windows\win.ini
2015-08-28 11:20 - 2015-05-15 02:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08ef19db5ef8f.job
2015-08-28 11:20 - 2012-08-31 09:28 - 00000362 _____ C:\Windows\Tasks\HPCeeScheduleForNatalie.job
2015-08-28 11:20 - 2012-04-08 17:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-28 11:20 - 2010-01-31 12:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-28 11:20 - 2010-01-31 12:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 10:48 - 2014-08-23 13:53 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-28 09:40 - 2010-01-31 12:55 - 00000000 ____D C:\Users\Natalie\AppData\Local\Google
2015-08-28 02:48 - 2015-07-25 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-28 02:48 - 2015-04-14 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-28 02:48 - 2015-03-10 20:08 - 00000000 ____D C:\ProgramData\Razer
2015-08-28 02:48 - 2014-11-10 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-28 02:48 - 2014-10-04 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-28 02:48 - 2014-08-23 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-28 02:48 - 2014-07-16 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-28 02:48 - 2014-07-03 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-08-28 02:48 - 2014-06-14 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-28 02:48 - 2013-11-28 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon
2015-08-28 02:48 - 2013-08-05 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Self-Extractor
2015-08-28 02:48 - 2013-07-17 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEFIANCE
2015-08-28 02:48 - 2012-12-28 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-08-28 02:48 - 2012-12-16 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-08-28 02:48 - 2012-12-09 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-08-28 02:48 - 2012-06-30 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2015-08-28 02:48 - 2012-06-02 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-08-28 02:48 - 2012-03-03 22:11 - 00000000 ____D C:\Users\Guest
2015-08-28 02:48 - 2012-01-28 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive Media Console
2015-08-28 02:48 - 2011-12-19 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2015-08-28 02:48 - 2011-11-04 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scan2PDF
2015-08-28 02:48 - 2011-09-12 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-28 02:48 - 2011-07-23 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
2015-08-28 02:48 - 2011-07-14 13:06 - 00000000 ____D C:\Windows\system32\SPReview
2015-08-28 02:48 - 2011-07-14 13:06 - 00000000 ____D C:\Windows\system32\EventProviders
2015-08-28 02:48 - 2011-07-12 23:10 - 00000000 ____D C:\Windows\SysWOW64\xlive
2015-08-28 02:48 - 2011-07-12 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2015-08-28 02:48 - 2011-06-26 12:07 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-08-28 02:48 - 2011-06-08 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAGE
2015-08-28 02:48 - 2011-05-21 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
2015-08-28 02:48 - 2011-04-15 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
2015-08-28 02:48 - 2010-12-31 12:19 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-28 02:48 - 2010-11-14 18:54 - 00000000 ____D C:\Windows\en
2015-08-28 02:48 - 2010-10-11 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-08-28 02:48 - 2010-10-11 18:48 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-08-28 02:48 - 2010-09-22 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations
2015-08-28 02:48 - 2010-09-22 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2015-08-28 02:48 - 2010-09-22 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-08-28 02:48 - 2010-09-22 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-08-28 02:48 - 2010-06-01 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOINC
2015-08-28 02:48 - 2010-05-30 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-08-28 02:48 - 2010-02-01 13:46 - 00000000 ____D C:\Users\Administrator
2015-08-28 02:48 - 2010-01-31 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-28 02:48 - 2010-01-29 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
2015-08-28 02:48 - 2010-01-29 17:25 - 00000000 ____D C:\Users\Natalie
2015-08-28 02:48 - 2010-01-29 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2015-08-28 02:48 - 2010-01-29 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Try Microsoft Office for 60 days
2015-08-28 02:48 - 2009-11-12 15:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2015-08-28 02:48 - 2009-11-12 15:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-08-28 02:48 - 2009-11-12 15:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-28 02:48 - 2009-11-12 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2015-08-28 02:48 - 2009-11-12 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2015-08-28 02:48 - 2009-11-12 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP MediaSmart Demo
2015-08-28 02:48 - 2009-11-12 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2015-08-28 02:48 - 2009-11-12 14:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-28 02:48 - 2009-11-12 14:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-08-28 02:48 - 2009-11-12 14:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2015-08-28 02:48 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\ShellNew
2015-08-28 02:48 - 2009-07-14 00:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-28 02:48 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-28 02:48 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-28 02:48 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2015-08-28 02:48 - 2009-07-13 20:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-28 02:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-08-28 02:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-08-28 02:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-08-28 02:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-08-28 02:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-28 02:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-28 02:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-08-28 02:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2015-08-28 02:47 - 2015-03-10 20:10 - 00000000 ____D C:\Program Files (x86)\Razer
2015-08-28 02:47 - 2014-11-12 00:27 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Astromenda
2015-08-28 02:47 - 2014-08-23 14:02 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-28 02:47 - 2014-08-14 22:22 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-28 02:47 - 2014-05-26 19:25 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2015-08-28 02:47 - 2013-05-31 19:44 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT (PTS)
2015-08-28 02:47 - 2013-02-23 08:33 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
2015-08-28 02:47 - 2012-11-05 16:35 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT (Beta)
2015-08-28 02:47 - 2012-06-23 18:24 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2015-08-28 02:47 - 2010-12-31 12:19 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-08-28 02:47 - 2010-11-16 19:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-28 02:47 - 2010-09-22 19:21 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-28 02:47 - 2010-05-29 11:34 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-08-28 02:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Recovery
2015-08-28 02:47 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-28 02:24 - 2014-07-03 20:02 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-08-28 02:24 - 2011-04-15 19:44 - 00000000 ____D C:\Program Files (x86)\RIFT Game
2015-08-28 02:20 - 2010-09-22 19:49 - 00000936 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-08-28 02:14 - 2011-11-05 08:04 - 00000000 ____D C:\ProgramData\Recovery
2015-08-28 02:12 - 2015-07-10 06:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-28 00:19 - 2014-01-10 00:06 - 00000000 ____D C:\Windows\pss
2015-08-28 00:16 - 2010-02-12 15:28 - 00004162 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{056E24FC-B6DB-4760-94ED-556EEA2721EF}
2015-08-27 23:53 - 2012-07-26 18:55 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\HP Support Assistant
2015-08-27 23:53 - 2010-01-30 18:40 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\HpUpdate
2015-08-26 22:23 - 2011-07-22 21:36 - 00000000 ____D C:\Users\Natalie\FoxTabFLVPlayer
2015-08-23 20:54 - 2012-06-02 16:57 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\TS3Client
2015-08-22 15:12 - 2015-02-12 19:38 - 00003262 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNatalie
2015-08-21 23:24 - 2014-11-10 23:39 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-21 01:08 - 2014-07-03 20:02 - 00000000 ____D C:\ProgramData\Glyph
2015-08-18 21:13 - 2011-07-23 20:30 - 00501806 _____ C:\Windows\DPINST.LOG
2015-08-18 21:11 - 2010-11-17 18:22 - 00007599 _____ C:\Users\Natalie\AppData\Local\resmon.resmoncfg
2015-08-17 19:44 - 2011-12-14 19:48 - 856948820 _____ C:\Windows\MEMORY.DMP
2015-08-17 19:25 - 2014-02-28 06:44 - 00000000 ____D C:\Users\Natalie\Documents\Filkins Folder_files
2015-08-17 19:25 - 2011-06-27 14:41 - 00000000 ___SD C:\Users\Natalie\Documents\My Data Sources
2015-08-17 19:25 - 2011-04-15 19:44 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\RIFT
2015-08-17 19:25 - 2010-09-22 19:22 - 00000000 ___RD C:\Users\Natalie\Documents\My Dropbox
2015-08-17 19:25 - 2010-03-23 20:33 - 00000000 __RSD C:\Users\Natalie\Documents\My Stationery
2015-08-17 19:17 - 2012-09-12 20:08 - 00000000 ____D C:\Users\Natalie\Documents\RIFT
2015-08-17 19:17 - 2012-06-23 18:22 - 00000000 ____D C:\Users\Natalie\Documents\My Curse
2015-08-17 19:17 - 2011-11-04 10:24 - 00000000 ____D C:\Users\Natalie\Documents\Scan2PDF
2015-08-17 19:17 - 2011-04-04 21:52 - 00000000 ____D C:\Users\Natalie\Documents\Rawr WPF 4.1.03
2015-08-14 17:23 - 2014-05-26 19:25 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-08-13 20:56 - 2007-04-26 17:32 - 00000000 ____D C:\temp
2015-08-13 20:40 - 2013-03-12 23:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 20:40 - 2013-03-12 23:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 22:57 - 2010-01-30 18:42 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 19:58 - 2011-03-16 19:11 - 00000000 ____D C:\ProgramData\McAfee
2015-08-12 19:53 - 2013-05-31 19:44 - 00000000 ____D C:\Program Files (x86)\RIFT-PTS
2015-08-12 18:53 - 2009-11-12 14:42 - 00000000 ____D C:\Program Files (x86)\Intel
2015-08-12 18:37 - 2010-01-30 18:39 - 00000000 ____D C:\Users\Natalie\AppData\Local\Logitech
2015-08-11 22:37 - 2014-08-11 18:42 - 00000000 ____D C:\Users\Natalie\Desktop\games
2015-08-11 22:37 - 2013-05-31 19:44 - 00000000 ____D C:\Users\Natalie\AppData\Roaming\RIFT PTS
2015-08-08 03:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2015-08-08 03:19 - 2015-07-22 20:40 - 00003500 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-08-08 03:19 - 2015-07-22 18:34 - 00003276 _____ C:\Windows\System32\Tasks\{5C16B2F5-202F-4F9A-82C0-45C188BCA064}
2015-08-08 03:19 - 2015-05-15 02:29 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d08ef19db5ef8f
2015-08-08 03:19 - 2014-12-26 09:51 - 00003996 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-08 03:19 - 2014-06-06 17:23 - 00003838 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2015-08-08 03:19 - 2014-05-07 17:37 - 00003604 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001Core1cf6a55ae6bf247
2015-08-08 03:19 - 2014-04-03 17:16 - 00004000 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001UA1cf4f9b268fe2ab
2015-08-08 03:19 - 2013-10-13 19:14 - 00003286 _____ C:\Windows\System32\Tasks\{8D44D8C8-E6D8-48DE-A9B8-C9C233D78C25}
2015-08-08 03:19 - 2013-03-11 21:51 - 00003506 _____ C:\Windows\System32\Tasks\{6E5AE54A-FF50-4BAC-A74C-D19FB45A6CAC}
2015-08-08 03:19 - 2012-04-08 17:54 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-08 03:19 - 2011-10-05 00:43 - 00003250 _____ C:\Windows\System32\Tasks\{5A9CD848-E0B3-424C-91DF-2A4E34704235}
2015-08-08 03:19 - 2011-05-21 21:14 - 00002988 _____ C:\Windows\System32\Tasks\{3B738B71-B56F-425A-B826-3B9F1248FD70}
2015-08-08 03:19 - 2011-04-16 18:23 - 00003496 _____ C:\Windows\System32\Tasks\{9C78D9BB-438E-4684-BDD7-F3B35613AE1E}
2015-08-08 03:19 - 2010-11-21 14:53 - 00003428 _____ C:\Windows\System32\Tasks\{3587CA29-8127-4E3A-895F-7EDDE8C82439}
2015-08-08 03:19 - 2010-11-16 18:59 - 00003192 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe
2015-08-08 03:19 - 2010-11-16 18:56 - 00003130 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe
2015-08-08 03:19 - 2010-02-01 14:13 - 00042732 _____ C:\Windows\system32\emptyregdb.dat
2015-08-08 03:19 - 2010-02-01 13:47 - 00519156 _____ C:\Windows\comsetup.log
2015-08-08 03:19 - 2010-01-31 12:55 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-08 03:19 - 2010-01-31 12:55 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-08 03:19 - 2010-01-30 20:41 - 00003344 _____ C:\Windows\System32\Tasks\{D45D67AD-D1B3-4B2D-A745-87A89EEC18C8}
2015-08-08 03:19 - 2010-01-29 22:51 - 00003438 _____ C:\Windows\System32\Tasks\{6A7E0030-2317-454E-9ACF-4342D6ABF54D}
2015-08-08 03:19 - 2010-01-29 18:45 - 00003390 _____ C:\Windows\System32\Tasks\PCDRScheduledMaintenance
2015-08-08 03:19 - 2010-01-29 17:30 - 00003866 _____ C:\Windows\System32\Tasks\RecoveryCDWin7
2015-08-08 03:19 - 2010-01-29 17:30 - 00003564 _____ C:\Windows\System32\Tasks\ServicePlan
2015-08-08 03:19 - 2009-11-12 14:53 - 00003274 _____ C:\Windows\System32\Tasks\DVDAgent
2015-08-08 03:19 - 2009-11-12 14:52 - 00003310 _____ C:\Windows\System32\Tasks\CLMLSvc
2015-08-08 03:05 - 2012-12-13 23:20 - 00262144 _____ C:\Windows\system32\config\ELAM
2015-08-08 02:09 - 2009-07-13 21:46 - 00003800 _____ C:\Windows\DtcInstall.log
2015-08-08 02:01 - 2009-07-13 21:51 - 00000495 _____ C:\Windows\setuperr.log
2015-08-08 02:00 - 2009-11-12 14:32 - 00000000 ____D C:\Windows\Panther
2015-08-07 15:40 - 2011-10-08 10:25 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-08-06 21:23 - 2010-02-06 23:04 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-08-06 13:39 - 2010-01-31 12:58 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-01 16:12 - 2011-09-12 10:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-31 08:40 - 2014-07-16 21:39 - 00001343 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-07-31 08:36 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
 
==================== Files in the root of some directories =======
 
2013-02-23 08:30 - 2013-02-23 08:30 - 0000288 _____ () C:\Users\Natalie\AppData\Roaming\.backup.dm
2011-10-11 18:56 - 2011-10-11 18:56 - 0000000 _____ () C:\Users\Natalie\AppData\Roaming\wklnhst.dat
2012-12-23 20:56 - 2014-04-27 19:29 - 0003584 _____ () C:\Users\Natalie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-07-06 16:08 - 2010-07-09 19:25 - 0000236 _____ () C:\Users\Natalie\AppData\Local\LaunchHomeCenter.log
2010-11-17 18:22 - 2015-08-18 21:11 - 0007599 _____ () C:\Users\Natalie\AppData\Local\resmon.resmoncfg
2013-03-08 19:45 - 2013-03-08 19:45 - 2022166 _____ () C:\Users\Natalie\AppData\Local\tmp20130307_153443(0).JPG
2010-12-05 12:43 - 2010-12-05 12:43 - 0339060 _____ () C:\Users\Natalie\AppData\Local\tmpSCAN.JPG
2010-09-11 12:27 - 2010-09-11 12:27 - 0715761 _____ () C:\Users\Natalie\AppData\Local\tmpVOLLEYBALL 016.0
2010-09-11 12:27 - 2010-09-11 12:27 - 0488041 _____ () C:\Users\Natalie\AppData\Local\tmpVOLLEYBALL 016.JPG
2011-01-22 20:31 - 2011-01-22 20:31 - 0335577 _____ () C:\Users\Natalie\AppData\Local\tmpWOWSCRNSHOT_012211_202645.JPG
2011-05-21 21:14 - 2011-05-21 21:14 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
 
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\plugin_Ew3648.dll
C:\Users\Natalie\AppData\Local\Temp\HitmanPro_x64.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-28 19:39
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-08-2015
Ran by Natalie (2015-08-28 22:53:32)
Running from C:\Users\Natalie\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1294048379-1582724202-4115758084-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1294048379-1582724202-4115758084-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1294048379-1582724202-4115758084-1002 - Limited - Enabled)
Natalie (S-1-5-21-1294048379-1582724202-4115758084-1001 - Administrator - Enabled) => C:\Users\Natalie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3Planesoft Screensaver Manager 1.4 (HKLM-x32\...\3Planesoft Screensaver Manager_is1) (Version: 1.4 - 3Planesoft)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.1 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ArcSoft Print Creations - Brochures & Flyers (HKLM-x32\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{BC66FD90-7BF4-4026-8119-04161D02A2F3}) (Version: 2.8.255.292 - ArcSoft)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BOINC (HKLM-x32\...\{BD55C983-7989-4F2F-8D24-2D892C621D9D}) (Version: 6.10.56 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12100.0 - Cisco Consumer Products LLC)
Citrix Presentation Server Client (HKLM-x32\...\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}) (Version: 10.200.2650 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Curse Client (HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Rising 2 (x32 Version: 1.0.0002.130 - Capcom) Hidden
DEFIANCE (HKLM-x32\...\{2BF4B6A7-9AB3-4A2B-A84E-91B5CBDC0000}_is1) (Version:  - Trion Worlds, Inc.)
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dropbox (HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
FoxTab FLV Player (HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\...\FoxTab FLV Player) (Version:  - ) <==== ATTENTION
FoxTab PDF Converter (HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\...\FoxTab PDF Converter) (Version:  - ) <==== ATTENTION
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.8.1 - )
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 0.0.0.0000 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: /Qt-5.2.0 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
Lantern 3D Screensaver 1.0 (HKLM-x32\...\Lantern 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.124 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
OverDrive Media Console (HKLM-x32\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.87.58.0 - Overwolf Ltd.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.4.3 - Pando Networks Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.14 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26914 - Razer Inc.)
ReadingFanatic Internet Explorer Toolbar (HKLM-x32\...\ReadingFanatic_6xbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
RIFT (Beta) (HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\...\RIFT-Beta) (Version:  - Trion Worlds, Inc.)
RIFT (HKLM-x32\...\InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}) (Version: 1.0.0 - Trion Worlds, Inc.)
RIFT (PTS) (HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\...\RIFT-PTS) (Version:  - Trion Worlds, Inc.)
RIFT (x32 Version: 1.0.0 - Trion Worlds, Inc.) Hidden
Rocketfish HD Webcam (1.00.06.00) (HKLM\...\Rocketfish VF0650) (Version:  - Rocketfish)
Rocketfish Live! Central (HKLM-x32\...\Rocketfish Live! Central) (Version: 2.00.53 - Creative Technology Ltd)
SAGE Online (HKLM-x32\...\{A310CA85-AACA-11D5-91C4-00A0CC5BB661}) (Version: 8.50.0000 - Quick Technologies Inc.)
SAGEim (HKLM-x32\...\{75FDCE3D-32B3-4DCD-895F-DD2B1F08AD2C}) (Version: 1.00.0000 - Quick Technologies Inc.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19269 - Gemalto N.V.)
Scan2PDF 1.6 (HKLM-x32\...\Scan2PDF_is1) (Version:  - Koma-Code)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sun Village NV 3D Screensaver 1.1 (HKLM-x32\...\Sun Village NV 3D Screensaver_is1) (Version: 1.1 - 3Planesoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1118 - SUPERAntiSpyware.com)
System Requirements Lab (HKLM-x32\...\{8AC34D1E-DCA3-4117-A359-2306103B7FF0}) (Version: 4.3.1.0 - Husdawg, LLC)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Lost Watch II NV 3D Screensaver 1.0 (HKLM-x32\...\The Lost Watch II NV 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
The One Ring 3D Screensaver 1.0 (HKLM-x32\...\The One Ring 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
Trove (HKLM-x32\...\Glyph Trove) (Version:  - Trion Worlds, Inc.)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - WebEx Communications, Inc)
Western Railway NV 3D Screensaver 2.0 (HKLM-x32\...\Western Railway NV 3D Screensaver_is1) (Version: 2.0 - 3Planesoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinZip Self-Extractor (HKLM-x32\...\WinZip Self-Extractor) (Version:  - WinZip Computing, S.L.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.3.0.17128 - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Natalie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Natalie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Natalie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Natalie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Natalie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{779a0cd3-1619-4a96-86ab-30706d35d7c6}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Natalie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{89BB4535-5AE9-43a0-89C5-19B4697E5C5E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Natalie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{a3a3b0c3-b726-43c0-826e-fcbbbc04fdfe}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Natalie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Natalie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Natalie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Natalie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natalie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natalie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natalie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natalie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natalie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natalie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natalie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natalie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1294048379-1582724202-4115758084-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Natalie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
28-08-2015 10:29:49 Installed Adblock Plus for IE (32-bit and 64-bit)
28-08-2015 11:27:23 JRT Pre-Junkware Removal
28-08-2015 11:35:21 Windows Update
28-08-2015 17:27:37 JRT Pre-Junkware Removal
28-08-2015 22:04:22 Checkpoint by HitmanPro
28-08-2015 22:05:53 Checkpoint by HitmanPro
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2011-10-04 13:49 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00BBD116-6E14-40D4-AF31-85D3D0B751C1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001UA1cf4f9b268fe2ab => C:\Users\Natalie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {06A6422C-07E9-4FE2-9CA5-B6DEBFDA448F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {0B43CFD3-0908-46F0-BBC6-0F909D7CB4AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001Core1d0e1ee68f6830f => C:\Users\Natalie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0B4D31C5-85E2-41FD-B44D-B69873C9DCF9} - System32\Tasks\{9C78D9BB-438E-4684-BDD7-F3B35613AE1E} => pcalua.exe -a "C:\Users\Natalie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0A3PNJ4V\267.91_desktop_win7_winvista_64bit_english.exe" -d C:\Users\Natalie\Desktop
Task: {0B86ABDC-B25E-48C7-ABD6-A47019DCFA72} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {1E3127FD-FC8B-49C7-91A2-915808AB5550} - System32\Tasks\{D45D67AD-D1B3-4B2D-A745-87A89EEC18C8} => pcalua.exe -a C:\Users\Natalie\AppData\Local\Temp\Low\sp44520.exe -d C:\Users\Natalie\AppData\Local\Temp\Low\
Task: {2A68002C-C82F-4794-B984-2FE8C167E937} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {2B44CA40-6695-446B-A691-7749060F14B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2C51BB02-2001-45BC-80FC-EE79A0BB0C57} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3EE3D5AF-D6D2-48A4-A334-26DA70A93A1C} - System32\Tasks\{5C16B2F5-202F-4F9A-82C0-45C188BCA064} => pcalua.exe -a C:\hp\recovery\wizard\SWR_Wizard.exe -d C:\hp\recovery\wizard
Task: {3F7D8253-2C47-4772-9D5C-B1D1DCE431BA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {4769875A-16CC-4CD2-A558-D4C48BC59739} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {510C78C8-792F-4E80-B717-99C52BCB999B} - System32\Tasks\{6A7E0030-2317-454E-9ACF-4342D6ABF54D} => pcalua.exe -a "C:\Users\Natalie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YB1L0IJ\InstallWoW[1].exe" -d C:\Users\Natalie\Desktop
Task: {539682AF-94C4-4E99-8374-89C67618A3E3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {57810784-F514-4336-9613-0BAF2616D366} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {58F13F51-8964-419F-9115-2EEBA9991141} - System32\Tasks\{6E5AE54A-FF50-4BAC-A74C-D19FB45A6CAC} => pcalua.exe -a "C:\Users\Natalie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CVFHXBAR\275.33-desktop-win7-winvista-64bit-english-whql.exe" -d C:\Users\Natalie\Desktop
Task: {700F0DE0-2589-4627-A370-703841EA3A1E} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {7695E641-4EF9-455B-BB76-A381AA0FF51C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001UA1d0e1ee6a5b9689 => C:\Users\Natalie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7D121F46-31B8-4850-A2C6-D7FEA9E01D0C} - System32\Tasks\{3587CA29-8127-4E3A-895F-7EDDE8C82439} => pcalua.exe -a "C:\Users\Natalie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CYXYAF6W\setup[1].exe" -d C:\Users\Natalie\Desktop
Task: {7FFAC11E-7576-428D-8C01-89A469617840} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {805D3179-32AF-46A2-85BB-5AB3E6D45054} - System32\Tasks\GoogleUpdateTaskMachineUA1d08ef19db5ef8f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {89322CBE-1911-439D-B96C-04339D8FBF12} - System32\Tasks\{5A9CD848-E0B3-424C-91DF-2A4E34704235} => pcalua.exe -a C:\Users\Natalie\Downloads\PM82515_BFR-P0109.exe
Task: {8A91AC16-B312-465D-8153-78650BB89016} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {914D4537-8D64-444D-8994-4A8BD84B1223} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {95D41C6F-FA1F-48C2-8DC4-48925CED9F18} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1294048379-1582724202-4115758084-1001
Task: {9D913BD4-F401-4E27-80B0-04E5925B5B14} - System32\Tasks\HPCeeScheduleForNatalie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {9F214C69-261D-4624-8030-D7148F4122FF} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {A1F062EB-2B9C-4527-B19A-9FD63C29847C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001Core1cf6a55ae6bf247 => C:\Users\Natalie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B4C92228-AA9C-4C44-8975-F10EAD61D5D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {C057F990-BFF6-4FF7-9FEE-051386CEF8A9} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {C28E20A6-E213-4933-807E-3469DF257DD2} - System32\Tasks\{8D44D8C8-E6D8-48DE-A9B8-C9C233D78C25} => pcalua.exe -a C:\Users\Natalie\Downloads\setup.exe -d C:\Users\Natalie\Downloads
Task: {C4C7C380-41F5-44D2-AC66-696D91E13A50} - System32\Tasks\{3B738B71-B56F-425A-B826-3B9F1248FD70} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {C739C8B6-144E-4BBB-B00B-A67F33B6E6DA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {CFF79CBD-7FEF-4CEC-979B-8A1BCC0B990C} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkId=116866
Task: {D7830FF2-403D-4081-B73F-E21424FA9EB7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E66409F4-3372-43C4-BBE3-19C3DA7A599D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {EFCE43C8-77ED-4FE2-BAFB-65E6FF0F4FE0} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-08-09] (Overwolf LTD)
Task: {F0448DF5-E54D-45F4-A9B3-CCD5FA1D68B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {F48DB778-E7CB-4069-9A28-AD6F2884FBCA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPW10UpgradeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPW10UpgradeReminder.exe [2015-08-11] (Hewlett-Packard)
Task: {F5BEC4D4-4603-425A-92E7-6AE2A7A7C480} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {F8CA4274-CC43-4090-9040-A8A5EBF091FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FD500CAB-B03A-418B-A884-A6E1724573BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08ef19db5ef8f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001Core1cf6a55ae6bf247.job => C:\Users\Natalie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001Core1d0e1ee68f6830f.job => C:\Users\Natalie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001UA1cf4f9b268fe2ab.job => C:\Users\Natalie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1294048379-1582724202-4115758084-1001UA1d0e1ee6a5b9689.job => C:\Users\Natalie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNatalie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-12-25 18:25 - 2015-06-16 23:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-10 23:39 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-17 21:18 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2015-06-23 12:11 - 2015-02-04 17:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2009-09-14 17:17 - 2009-09-14 17:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-17 21:18 - 2015-01-27 07:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2009-11-12 14:42 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-04-03 20:05 - 2015-07-23 21:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-21 00:47 - 2015-08-17 22:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 00:47 - 2015-08-17 22:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Natalie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SAGEim.lnk => C:\Windows\pss\SAGEim.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: boincmgr => "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
MSCONFIG\startupreg: boinctray => "C:\Program Files (x86)\BOINC\boinctray.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ReadingFanatic Search Scope Monitor => "C:\PROGRA~2\READIN~2\bar\1.bin\6xsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Rocket Live! Central 2 => "C:\Program Files (x86)\Rocketfish HD Webcam\Live! Central\RFLVCentral2.exe" /mode2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1FEC1D77-4226-44FE-A758-1DF4E3617E85}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{5CBDD161-74BC-44A3-9494-69079A6848D5}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{E1C41402-F947-4B61-8DB1-22F6FEC0627F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{841A37CC-F789-4D47-9B64-5B00332EFCD0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{AF3846C3-8641-4359-A6B6-56427EC4E638}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{7D8D55A9-B4C9-4935-82ED-C7DA858B9689}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{7795BBFA-792D-45FA-B073-A7A510CC62BC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{549F5310-A493-4B3B-9591-21D1B831C292}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{C87DFCC2-9DA0-4B5E-8DA7-F0EDAD59C7AC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{622E8814-D24A-465C-A4F7-2529D9C8E5AC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{6E8015C7-F473-41F7-9D0A-65EF29CD9338}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{8E256C3C-32E8-46BD-B6D9-AD0DC4BA0938}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{6C2D063B-07FC-4F3B-A8F3-CA1D97A1A86C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5A4A0C36-E068-4173-A5B3-34675AF19313}] => (Allow) svchost.exe
FirewallRules: [{A1A1535E-3C28-42F2-BAE9-8283491E2723}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{BFF6F001-7789-4878-AEDC-3B30A39CBF4B}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{1DC7630A-A416-40C9-95D8-73B5CBAC045D}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{6008158B-D1BE-40CE-A210-5B3E346F245F}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{5E7D9366-F838-4B28-9085-86A5E7AB5D85}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{B778C805-225F-4C30-8496-A56793401D5F}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{E19F213B-B0D1-4C48-9467-DBD768A0C673}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [TCP Query User{9BCA265E-90A8-41B6-B2D5-D62D41142CE4}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe
FirewallRules: [UDP Query User{40DD298E-44EB-49CD-994A-73D64BFAAFFA}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe
FirewallRules: [TCP Query User{832C337D-87AC-4179-BACE-EB1EEC384415}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe
FirewallRules: [UDP Query User{2EC8C5A9-E018-47FD-9C1F-A22BFA604601}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe
FirewallRules: [{496EB371-060C-49C8-A62C-6BD5C47DAF31}] => (Allow) LPort=9322
FirewallRules: [TCP Query User{B788BFC1-6BB1-4572-94FA-E1F62D179599}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => (Allow) C:\users\public\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{F5E5DE13-869C-4532-B102-E11CD2482362}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => (Allow) C:\users\public\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{FDAADB71-6A5E-464F-9E7F-A137B1928F94}C:\users\public\games\world of warcraft\repair.exe] => (Allow) C:\users\public\games\world of warcraft\repair.exe
FirewallRules: [UDP Query User{250E3774-2269-4051-8755-0C8840AC2B24}C:\users\public\games\world of warcraft\repair.exe] => (Allow) C:\users\public\games\world of warcraft\repair.exe
FirewallRules: [TCP Query User{B61086AE-AE0F-45FA-AC30-63ED21B44B16}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe
FirewallRules: [UDP Query User{8D769695-560B-4D61-94BC-17CC2D01D8C4}C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-2.1.1.1897-enus-tools-downloader.exe
FirewallRules: [TCP Query User{B8B7A412-0BCE-4095-B861-38465E7297C5}C:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe] => (Allow) C:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe
FirewallRules: [UDP Query User{0250ECB1-1813-472B-852D-9280ED158E66}C:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe] => (Allow) C:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe
FirewallRules: [TCP Query User{78267BF2-4B87-414D-A882-B327E98D8B51}C:\users\natalie\downloads\ptr-installer-4.0.0.12824-enus-downloader (1).exe] => (Allow) C:\users\natalie\downloads\ptr-installer-4.0.0.12824-enus-downloader (1).exe
FirewallRules: [UDP Query User{ACA3F667-D8F3-4AE2-A4D5-EA12C516FE19}C:\users\natalie\downloads\ptr-installer-4.0.0.12824-enus-downloader (1).exe] => (Allow) C:\users\natalie\downloads\ptr-installer-4.0.0.12824-enus-downloader (1).exe
FirewallRules: [{F70032F8-568D-41DB-A804-0B839C09AC2E}] => (Allow) C:\Program Files (x86)\World of Warcraft Public Test\Launcher.exe
FirewallRules: [{382ED99B-5FFE-49B7-85BE-73FDAA72427E}] => (Allow) C:\Program Files (x86)\World of Warcraft Public Test\Launcher.exe
FirewallRules: [{56F1D3AE-5195-4D29-A1A3-BE244E4E563A}] => (Allow) C:\Program Files (x86)\World of Warcraft Public Test\Launcher.patch.exe
FirewallRules: [{A42EC461-D457-4C18-A42C-A9731751017F}] => (Allow) C:\Program Files (x86)\World of Warcraft Public Test\Launcher.patch.exe
FirewallRules: [TCP Query User{E9AC495B-3B6F-4039-ABEA-683680800817}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{4560D394-198B-4C40-9E66-8A11FEAD62AC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{DE54FCDB-6B5A-4BDE-AB88-4BFB559B349E}C:\program files (x86)\world of warcraft public test\blizzard downloader.exe] => (Allow) C:\program files (x86)\world of warcraft public test\blizzard downloader.exe
FirewallRules: [UDP Query User{663CE031-EC7F-4C7C-8C4B-55B795EDF2B8}C:\program files (x86)\world of warcraft public test\blizzard downloader.exe] => (Allow) C:\program files (x86)\world of warcraft public test\blizzard downloader.exe
FirewallRules: [TCP Query User{37A9AB55-8C8B-44FF-8F94-9FCA61579109}C:\program files (x86)\newsoft\presto! pagemanager 8 for ep\licensecheck.exe] => (Allow) C:\program files (x86)\newsoft\presto! pagemanager 8 for ep\licensecheck.exe
FirewallRules: [UDP Query User{8209F2E2-C203-40FF-8EF4-EB18D7D35B4A}C:\program files (x86)\newsoft\presto! pagemanager 8 for ep\licensecheck.exe] => (Allow) C:\program files (x86)\newsoft\presto! pagemanager 8 for ep\licensecheck.exe
FirewallRules: [{AC848936-B4CE-49BF-9199-76741B5407B0}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{6AC5D669-B464-4B1B-9916-C61F83B80A83}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F7F37E52-4771-450E-BB54-1FD9BE5BCCB1}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{7AA564C0-419A-4E5F-8D8B-FFC55AFCCAA5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F654054E-7829-41EB-8569-22BB447AC4CC}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{55992506-BEFB-441F-AF02-24B36FA6F606}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe
FirewallRules: [UDP Query User{97A729A2-9151-4370-8D61-803608309F28}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe
FirewallRules: [{BC31E234-6FCE-467D-8C10-ED73D775FA62}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [{7C97BE05-250C-4493-B1B2-C58960538E07}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [{C5D95D11-1A39-43BC-970A-DB5B651A1F34}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{73AED4A4-5B37-4500-B329-AFC8745FB9FE}] => (Allow) LPort=2869
FirewallRules: [{2CB510F1-2782-464E-844A-731FB4D74B0B}] => (Allow) LPort=1900
FirewallRules: [{0E3C1C43-6A63-4FBB-9CD3-37EA9876BFF6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{09C43D0F-97F1-4C6C-BEE9-F5EA8C57E5DD}C:\users\public\games\world of warcraft\blizzard downloader.exe] => (Allow) C:\users\public\games\world of warcraft\blizzard downloader.exe
FirewallRules: [UDP Query User{664334EE-A1D3-4C86-8683-15791A261757}C:\users\public\games\world of warcraft\blizzard downloader.exe] => (Allow) C:\users\public\games\world of warcraft\blizzard downloader.exe
FirewallRules: [TCP Query User{3D247DEF-C62E-44A3-A916-F65D77495F2A}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe
FirewallRules: [UDP Query User{2F80C766-8FF6-4362-AF10-8AF1AC7E4206}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe
FirewallRules: [{98CBEE3F-69D8-4B96-AB47-91626FF9A586}] => (Allow) LPort=5353
FirewallRules: [TCP Query User{1CF9E63F-FA40-4955-B756-3975120D21BF}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe
FirewallRules: [UDP Query User{E1E92914-D811-4A01-A405-83B65F3637FE}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe
FirewallRules: [TCP Query User{AB341068-CD60-4239-9D16-E37E331E48D8}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe
FirewallRules: [UDP Query User{AE9BB84B-CD52-4273-A9D3-D07585D71E08}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe
FirewallRules: [{430AC512-756C-49D5-8047-29FFE417ED60}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0259538E-942B-43BB-9072-99B61BD0A251}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3DD56F70-5340-4001-8D3A-A803888CA7A9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3E11F304-FF8D-42AD-8571-5FE3B9A9DB9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dead rising 2\deadrising2.exe
FirewallRules: [{91A4B7D8-D3E3-477E-8C5E-B4B7773C410A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dead rising 2\deadrising2.exe
FirewallRules: [TCP Query User{667D2B20-1993-4A32-A1CF-71F3C9229C9C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{18C80A68-9427-4B78-8DCC-ABA634794BD2}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{B36051CB-DD9D-40BB-83E2-FA16C5BFF692}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{A9DBBC5D-A03A-4F42-A5F2-B554F9133D63}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [TCP Query User{EF695EB7-8AEF-4208-83D0-56A856F345CC}C:\users\natalie\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\natalie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FD029B02-F4E2-4FEE-942F-D9E4C8A2867B}C:\users\natalie\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\natalie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{00A2717A-A318-4CC5-BDCE-D44096825EFF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{016B40E1-E275-4183-9A53-BCF296A65776}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{226E0DF9-B93E-4B96-8611-871F2C732B93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{895799B8-F2C0-4018-928F-8F664C2E29C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{398A130A-6C34-4F19-A4C4-C52B91CE4F88}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{D3C6B3CA-7508-42DE-8D03-3E6A31AF1BD6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{1795E664-C681-467F-978C-B4C8967E1E72}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{0FB290C9-6A89-42A6-877E-E210684FE804}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{F4B3504D-2360-474F-973C-6388B100140E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{10F474A4-9DB1-4D0F-9F76-46E80FFD0C38}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{DD5D1AEA-9ED4-44C4-BEF9-E3980E81B9D5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{9B42395F-6C1B-4CB1-B0D4-CC060DE2F376}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{D63FA293-F0E4-47B4-AA07-28C3EA7125EA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{ED44CCAC-9373-4B9E-8ECB-EDC6DC86BF35}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6691973B-EC26-4927-A807-0098B9B61733}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{D3CBB6AC-3E7A-486F-817B-1785FCDC5844}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{E27B507D-8A07-44F7-B48D-107E6B472A9E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{674D6D20-FF87-4B35-8CD4-5515A8C93044}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{9303584B-3FFE-48BA-9D4E-577299929482}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2000\Agent.exe
FirewallRules: [{93655BDC-4745-445F-B9A7-6BD1E79754DF}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{DE8A69E3-D95E-4CAC-9BBE-83345C67DA22}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2B1F7FC9-E87F-49F7-B7B1-02B6D7E81D87}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{7325D3CE-39B8-48FE-B775-877189D5F769}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{AFECAEFA-EAE7-43AC-8D87-BD09E322D0A2}] => (Allow) C:\Users\Natalie\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{A7B9A72E-0A77-4BFC-B536-178B1B9F880D}] => (Allow) C:\Users\Natalie\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{BEDD3FC3-D401-4A77-805C-9A4A937B31F7}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D7B880E8-F8BA-4874-A095-1B176E21D7FD}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{5B2A38E1-8D0D-4865-AB28-D922C144BA36}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E5434AE3-4EC4-4034-997A-9C3ECFA7DD34}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CCF41AF8-6F8C-4FE5-981D-1FB545FE74E2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AD932E79-9CA8-48AC-A5FD-045B8F8AC36E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{86E5902F-4E5C-40C7-97CD-0C6FF6B357A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{7F621E77-AD6F-4C1F-982B-D4B9513D9807}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{45C009E5-B95A-4ED7-871D-81278DB33471}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{89FB8297-3C4D-4359-8477-5526A1A6E08D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{534252A0-05E4-4664-A66A-F16A6BC64515}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E92573AC-02D1-4AA2-9E94-7E9C3E86E497}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7FDFA8AC-2D85-4B9A-885E-1BAB20D73033}] => (Allow) C:\Users\Natalie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F1CED24C-8443-4BCD-A127-68D10E5BF90D}] => (Allow) C:\Users\Natalie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2C1AB5AE-1F07-49DB-85E6-B5D09D747E8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{193D31B3-035F-427B-8BCC-69128FC8677E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6B02BCDF-B521-4E2A-A6F0-4BB625054DC8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{A5B1EC5D-AE70-4542-B006-F74973104238}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B45240C7-2E3B-4D5E-ACA9-7159BE152691}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FDA02416-094A-494E-99A1-5E0498E6063C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CCE9A13F-84D9-4279-93F5-608A871045DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AC655EE1-3A50-42AD-9C85-AD508D9A7967}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5E43A374-91A1-46B5-B3FC-D61A587F569C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Privacyware Filter Driver
Description: Privacyware Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: pwipf6
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/28/2015 10:13:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: diagtrack.dll, version: 10.0.10033.0, time stamp: 0x555fe434
Exception code: 0xc0000005
Fault offset: 0x0000000000075ec8
Faulting process id: 0x1e54
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
 
Error: (08/28/2015 10:12:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: diagtrack.dll, version: 10.0.10033.0, time stamp: 0x555fe434
Exception code: 0xc0000005
Fault offset: 0x0000000000075ec8
Faulting process id: 0x1848
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
 
Error: (08/28/2015 10:11:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: diagtrack.dll, version: 10.0.10033.0, time stamp: 0x555fe434
Exception code: 0xc0000005
Fault offset: 0x0000000000075ec8
Faulting process id: 0x8f0
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000190,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000114F170.72).  hr = 0x80070005, Access is denied.
.
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000708,(null),0,REG_BINARY,0000000003A8E3A0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {33f9c376-326a-421f-a12d-fd257d58fe9e}
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a74,(null),0,REG_BINARY,00000000085DDFE0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {50fde579-4b74-459c-8cf7-51059d1880bf}
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000348,(null),0,REG_BINARY,000000000720DFD0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f7f09848-d9e3-4514-9e51-6ff08eee3183}
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000708,(null),0,REG_BINARY,0000000003A8E3A0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {33f9c376-326a-421f-a12d-fd257d58fe9e}
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000208,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000001F8ECF0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d4757fcc-1e62-4e6c-beb6-292bfc079a90}
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000235EF30.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {a0d797a1-1d8f-4a0f-8cb9-ff2eb738a827}
 
 
System errors:
=============
Error: (08/28/2015 10:13:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/28/2015 10:13:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/28/2015 10:13:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/28/2015 10:13:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/28/2015 10:13:17 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (08/28/2015 10:13:16 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (08/28/2015 10:13:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Diagnostics Tracking Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (08/28/2015 10:13:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/28/2015 10:13:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/28/2015 10:13:07 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
 
Microsoft Office:
=========================
Error: (08/28/2015 10:13:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1diagtrack.dll10.0.10033.0555fe434c00000050000000000075ec81e5401d0e2196410128bC:\Windows\System32\svchost.exec:\windows\system32\diagtrack.dlla2d7be29-4e0c-11e5-8c14-406186629686
 
Error: (08/28/2015 10:12:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1diagtrack.dll10.0.10033.0555fe434c00000050000000000075ec8184801d0e2194f182e61C:\Windows\System32\svchost.exec:\windows\system32\diagtrack.dll8f478594-4e0c-11e5-8c14-406186629686
 
Error: (08/28/2015 10:11:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1diagtrack.dll10.0.10033.0555fe434c00000050000000000075ec88f001d0e2191aa4535cC:\Windows\System32\svchost.exec:\windows\system32\diagtrack.dll641b2f17-4e0c-11e5-8c14-406186629686
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000190,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000114F170.72)0x80070005, Access is denied.
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000708,(null),0,REG_BINARY,0000000003A8E3A0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {33f9c376-326a-421f-a12d-fd257d58fe9e}
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000a74,(null),0,REG_BINARY,00000000085DDFE0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {50fde579-4b74-459c-8cf7-51059d1880bf}
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000348,(null),0,REG_BINARY,000000000720DFD0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f7f09848-d9e3-4514-9e51-6ff08eee3183}
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000708,(null),0,REG_BINARY,0000000003A8E3A0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {33f9c376-326a-421f-a12d-fd257d58fe9e}
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000208,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000001F8ECF0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d4757fcc-1e62-4e6c-beb6-292bfc079a90}
 
Error: (08/28/2015 10:06:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001b0,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000235EF30.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {a0d797a1-1d8f-4a0f-8cb9-ff2eb738a827}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 45%
Total physical RAM: 8151.08 MB
Available physical RAM: 4450.04 MB
Total Virtual: 16300.37 MB
Available Virtual: 11751.86 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:920.31 GB) (Free:653.55 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.1 GB) (Free:1.53 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 Lylatov

Lylatov
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 30 August 2015 - 11:57 AM

I also ran AdwCleaner, Hitman pro, Zoek, as well as my McAfee and nothing can get rid of it. 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:33 AM

Posted 31 August 2015 - 07:10 AM


Please remove these program in bold using the Add/Remove programs applet.

FoxTab FLV Player (HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\...\FoxTab FLV Player) (Version: - ) <==== ATTENTION
FoxTab PDF Converter (HKU\S-1-5-21-1294048379-1582724202-4115758084-1001\...\FoxTab PDF Converter) (Version: - ) <==== ATTENTION
ReadingFanatic Internet Explorer Toolbar (HKLM-x32\...\ReadingFanatic_6xbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3F7D8253-2C47-4772-9D5C-B1D1DCE431BA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {539682AF-94C4-4E99-8374-89C67618A3E3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

To continue with this cleanup I need to see a complete FRST log.
Please post the content in you next reply.

How is the computer running now?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:33 AM

Posted 06 September 2015 - 10:02 AM

Are you still with me?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:33 AM

Posted 12 September 2015 - 08:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users