Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've Caught A Nasty, Nasty Trojan


  • Please log in to reply
16 replies to this topic

#1 scorpianf5

scorpianf5

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 02 September 2015 - 11:23 PM

I believe it is Trojan.Gen.2 or something like that in which My Norton Picked up in Safe Mode.

 

I'm going to explain this as simply as I can.

 

First I have Kas's TDSSKiller, RougeKiller, MBAM, Kas's Security Scan(Extra Just In Case), Sophos Virus Removal, AdwCleaner, JRT and RKill64 , Avast (and hitman pro (but my free trial expired) - These are my collection of programs that are my preffered choice of tools to get suited and booted to run, fight and take down any boogie. And they usually tackle the problem.

 

Like it took care of the malware/adware that hijacked mybrowsers, defeault search engines and what not.

 

 

Photo%20Aug%2031%2C%201%2057%2032%20AM.j

 

Everything you see above hitman pro was malicious material moved my my collection of tools:

 

 

One thing they did not get was:

 

 

This FAKE BLUE SCREEN OF DEATH:

 

 

Photo%20Aug%2031%2C%206%2025%2001%20PM.j

 

 

 

 

 

 

This will keep coming back and back. 

 

Mind you I've Ran all of this programs as Administrator. Nothing. Ran it in Safe Mode With and Without Networking - NOTHING.

 

 

However, in regular boot - If I disable WiFi and/or unplug Ethernet cable the BSOD Doesn't Appear.

 

 

 

 

 

Now while these are appearing.

 

Only two programs are finding the malicious material in the registry. (While in Safe Mode)

As in regular mode , other tools find the processes and what not and terminates them.

 

HOWEVER, A fake alert messages (a real nice knockoff of the regular Windows Alert Message) in the bottom right hand corner, says computers going to shutdown. Then it pops up in the middle with the Date & Exact Time computer is going to shutoff. And it might be a bit past that time and what not. Then boom. Shutdown.

 

 

 

Out of all programs. And after multiple Scans with each one.

 

AdwCleaner continues to pick up this:

 

***** [ Files ] *****
 
File Found : C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\h79blnr5.default\invalidprefs.js
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
 
***** [ Web browsers ] *****
 
 
*************************
I've served these in the registry and both are associated with a SPBIUpdd listed under data, I googled that and its associated with 'ShopperPro" virus or something like that. Type says REG_SZ whatever that means.
 
 
I've been trying to get rid of this for the longest - does anybody know of a fix?
 
I've also mentioned to a moderator that was on a different post (which had been locked) dealing with the same issue - so I know its gotta be a fix somewhere.
 
And for some reason I think it took over my restore points. When I went to go look early in the virus stage  i saw them but debated it and decided just to remove it with programs. Should've went with instinct
 


BC AdBot (Login to Remove)

 


#2 scorpianf5

scorpianf5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 02 September 2015 - 11:35 PM

Also from what I've been glancing at through the forums is that some people generated a specific "fixlist" ? By compiling commands into a notecard and dropping it into a FRST folder (Farbar If Im Correct Right? - never used it) and it fixes it maybe?

 

 

Im not sure, but if you're experience with this particular issues - please do lend me your help i've been pulling out strands of hair for the past 3 days dealing with it.

 

Messed up me able to watch Narcos on the bigscreen through hdmi



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 AM

Posted 03 September 2015 - 07:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Fixlist.txt file are very specific to each case. Do not run any unless advised by a trained helper.


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#4 scorpianf5

scorpianf5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 03 September 2015 - 06:53 PM

Here's the MBAM Log, and You were right - selecting check for rootkits found a couple things that should have been found by other programs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/3/2015
Scan Time: 3:55 PM
Logfile: mbamlog1.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.03.07
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nigel
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 476798
Time Elapsed: 1 hr, 2 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Hijack.Trojan.Siredef.C, HKU\S-1-5-21-148046159-277398598-540584137-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}, Quarantined, [196aa18a5f2cb185e054ca377090b050], 
Hijack.Trojan.Siredef.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}, Delete-on-Reboot, [196aa18a5f2cb185e054ca377090b050], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
--------------------------------------END OF MBAM LOG ---------------- END OF MBAM LOG ---------


#5 scorpianf5

scorpianf5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 03 September 2015 - 06:55 PM

HERE IS THE ADWCLEANER LOG:

 

 

# AdwCleaner v5.005 - Logfile created 03/09/2015 at 18:53:48
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Nigel - NIGEL-HP
# Running from : C:\Users\Nigel\Desktop\COMPUTER INFECTION REPAIR\adwcleaner_5.005.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner[R1].txt - [355 bytes] - [17/06/2013 02:48:56]
C:\AdwCleaner[R2].txt - [7117 bytes] - [17/06/2013 02:52:15]
C:\AdwCleaner[S1].txt - [320 bytes] - [17/06/2013 03:02:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S18].txt - [996 bytes] ##########


#6 scorpianf5

scorpianf5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 03 September 2015 - 07:02 PM

HERE IS THE FRST LOG:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Nigel (administrator) on NIGEL-HP (03-09-2015 18:59:16)
Running from C:\Users\Nigel\Desktop\COMPUTER INFECTION REPAIR
Loaded Profiles: Nigel (Available Profiles: Nigel & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-13] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [610776 2012-12-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-10-31] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [Google Update] => C:\Users\Nigel\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [Dropbox Update] => C:\Users\Nigel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [DV] => C:\ProgramData\DataFile\DV.exe [210432 2015-08-31] ()
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C11].txt [1152 2015-09-03] ()
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-02-20]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{14B51C86-D4E8-441C-BFAF-C21B907DD5D4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A52B2FDA-99ED-42E9-B8E9-72F9142E9EC3}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-148046159-277398598-540584137-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-148046159-277398598-540584137-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-148046159-277398598-540584137-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-148046159-277398598-540584137-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-148046159-277398598-540584137-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-148046159-277398598-540584137-1000 -> {F0571A5E-6EA3-4B49-B174-9C1C71D11655} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-06] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\h79blnr5.default
FF DefaultSearchEngine: Search Module
FF SelectedSearchEngine: Search Module
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-148046159-277398598-540584137-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nigel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-148046159-277398598-540584137-1000: @talk.google.com/O1DPlugin -> C:\Users\Nigel\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-148046159-277398598-540584137-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Nigel\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-148046159-277398598-540584137-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Nigel\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nigel\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nigel\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Session Manager - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\h79blnr5.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-12-12]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn [2015-09-03]
 
Chrome: 
=======
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-11]
CHR Extension: (Google Search) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-11]
CHR Extension: (Norton Identity Safe) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-09-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-11]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-09-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-148046159-277398598-540584137-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-09-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.23SWY2WQCYLTJOMHJNEVKOA7FI - C:\Users\Nigel\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
S2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-10-31] (LeapFrog Enterprises, Inc.) [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1270744 2012-12-03] (Cisco Systems, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe [282016 2015-07-16] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 9DC9B541; C:\Windows\System32\drivers\9DC9B541.sys [478392 2015-09-01] (Kaspersky Lab ZAO)
R0 9DC9B5416; C:\Windows\System32\drivers\9DC9B5416.sys [478392 2015-09-01] (Kaspersky Lab ZAO)
R0 9DC9B54161; C:\Windows\System32\drivers\9DC9B54161.sys [478392 2015-09-02] (Kaspersky Lab ZAO)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-20] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-08-20] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-09-01] ()
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150901.003\IDSvia64.sys [767224 2015-08-31] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150901.009\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150901.009\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [158024 2013-06-20] (MCCI Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-09-01] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NISx64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-02] ()
S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [X]
S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]
S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X]
S3 zghsnmea; system32\DRIVERS\zghsnmea.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 18:59 - 2015-09-03 18:59 - 00000000 ____D C:\FRST
2015-09-03 18:58 - 2015-09-03 18:58 - 01430458 _____ C:\Users\Nigel\Downloads\NTOYEPORTFOLIO.zip
2015-09-03 18:57 - 2015-09-03 18:57 - 02188800 _____ (Farbar) C:\Users\Nigel\Downloads\FRST64.exe
2015-09-03 15:46 - 2015-09-03 15:46 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Nigel\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-02 21:31 - 2015-09-02 21:31 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\9DC9B54161.sys
2015-09-02 18:09 - 2015-09-02 18:09 - 00448512 _____ (OldTimer Tools) C:\Users\Nigel\Downloads\TFC.exe
2015-09-02 17:50 - 2015-09-02 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-02 17:37 - 2015-09-02 17:37 - 05198336 _____ (AVAST Software) C:\Users\Nigel\Downloads\aswMBR.exe
2015-09-02 15:31 - 2015-09-02 15:31 - 00000633 _____ C:\Users\Nigel\Desktop\JRT.txt
2015-09-02 08:45 - 2015-09-02 08:46 - 00000189 _____ C:\Users\Nigel\Desktop\FILES KEEP POPPING UP.txt
2015-09-02 01:33 - 2015-09-02 01:33 - 00001065 _____ C:\Users\Nigel\Desktop\Avast Browser Cleanup.lnk
2015-09-02 01:33 - 2015-09-02 01:33 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2015-09-02 01:33 - 2015-09-02 01:33 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\AVAST Software
2015-09-02 01:32 - 2015-09-02 01:32 - 03824464 _____ (AVAST Software) C:\Users\Nigel\Downloads\avast-browser-cleanup-sfx.exe
2015-09-01 18:49 - 2015-09-01 18:49 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-09-01 18:48 - 2015-09-01 18:48 - 00001889 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-09-01 18:48 - 2015-09-01 18:48 - 00000000 ____D C:\Program Files\HitmanPro
2015-09-01 18:46 - 2015-09-01 18:48 - 11352032 _____ (SurfRight B.V.) C:\Users\Nigel\Downloads\HitmanPro_x64.exe
2015-09-01 12:57 - 2015-09-02 23:17 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-01 12:57 - 2015-09-01 13:42 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-01 12:57 - 2015-09-01 12:57 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Nigel\Downloads\tdsskiller.exe
2015-09-01 12:56 - 2015-09-01 12:56 - 18775112 _____ C:\Users\Nigel\Downloads\RogueKiller.exe
2015-09-01 12:52 - 2015-09-01 12:52 - 00000000 ____D C:\Users\Nigel\Desktop\RK_Quarantine
2015-09-01 12:46 - 2015-09-01 12:46 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\9DC9B5416.sys
2015-09-01 12:43 - 2015-09-01 12:45 - 102506144 _____ (Kaspersky Lab ZAO) C:\Users\Nigel\Downloads\KVRT (1).exe
2015-09-01 12:42 - 2015-09-01 12:42 - 08911816 _____ C:\Users\Nigel\Downloads\Unconfirmed 599805.crdownload
2015-09-01 11:47 - 2015-09-01 11:50 - 00000000 ____D C:\KVRT_Data
2015-09-01 11:47 - 2015-09-01 11:47 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\9DC9B541.sys
2015-09-01 11:47 - 2015-09-01 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-09-01 11:46 - 2015-09-01 11:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-09-01 11:46 - 2015-09-01 11:46 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-09-01 11:40 - 2015-09-01 11:46 - 102592672 _____ (Kaspersky Lab ZAO) C:\Users\Nigel\Downloads\KVRT.exe
2015-09-01 11:39 - 2015-09-01 11:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-09-01 11:38 - 2015-09-01 11:38 - 00717656 _____ (Kaspersky Lab) C:\Users\Nigel\Downloads\setup.exe
2015-09-01 00:30 - 2015-09-01 00:30 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2015-09-01 00:28 - 2015-09-01 00:28 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-09-01 00:28 - 2015-09-01 00:28 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-09-01 00:28 - 2015-09-01 00:28 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-09-01 00:28 - 2015-09-01 00:28 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-09-01 00:27 - 2015-09-01 00:27 - 00002475 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2015-09-01 00:27 - 2015-09-01 00:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-09-01 00:27 - 2015-09-01 00:27 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2015-09-01 00:27 - 2015-09-01 00:27 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2015-08-31 23:55 - 2015-08-31 23:55 - 00022546 _____ C:\FixitRegBackup.reg
2015-08-31 23:54 - 2015-08-31 23:54 - 00899584 _____ C:\Users\Nigel\Downloads\MicrosoftFixit50535.msi
2015-08-31 23:51 - 2015-08-31 23:52 - 14243008 _____ (Microsoft Corporation) C:\Users\Nigel\Downloads\mseinstall.exe
2015-08-31 23:42 - 2015-09-01 00:29 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-08-31 23:42 - 2015-09-01 00:25 - 00001284 _____ C:\Users\Nigel\Desktop\Norton Installation Files.lnk
2015-08-31 23:42 - 2015-08-31 23:42 - 01111008 _____ (Symantec Corporation) C:\Users\Nigel\Downloads\NortonNISDownloader.exe
2015-08-31 23:42 - 2015-08-31 23:42 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-08-31 23:21 - 2015-08-31 23:21 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-31 23:06 - 2015-08-31 23:07 - 00000000 ____D C:\ProgramData\Sophos
2015-08-31 23:05 - 2015-09-03 18:55 - 00000000 ____D C:\AdwCleaner
2015-08-31 23:00 - 2015-08-31 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-08-31 23:00 - 2015-08-31 23:00 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-08-31 22:52 - 2015-08-31 22:55 - 132495576 _____ (Sophos Limited) C:\Users\Nigel\Downloads\Sophos Virus Removal Tool.exe
2015-08-31 09:33 - 2015-08-31 14:24 - 00000000 ____D C:\Program Files (x86)\b6380599-0a17-4fd7-a1e1-22ec41b6723e
2015-08-31 09:14 - 2015-08-31 09:14 - 00000000 ____D C:\Users\Nigel\AppData\Local\CrashRpt
2015-08-31 09:14 - 2014-02-19 00:52 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\ATL90.dll
2015-08-31 09:06 - 2015-08-31 19:58 - 00000000 ____D C:\ProgramData\DataFile
2015-08-31 02:59 - 2015-08-31 16:33 - 00000979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-31 02:59 - 2015-08-31 16:32 - 00000967 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-31 02:16 - 2015-08-31 02:33 - 00002157 _____ C:\Users\Nigel\Desktop\IOS 8 SCREWED ME UP - REINBURSE ME FOR DR. FONE OR PAY ME.txt
2015-08-31 01:02 - 2015-08-31 01:02 - 00006896 ____N C:\bootsqm.dat
2015-08-31 01:01 - 2015-08-31 01:01 - 00000000 __SHD C:\found.000
2015-08-31 00:21 - 2015-08-31 00:21 - 00004050 _____ C:\Windows\System32\Tasks\Yh6RAYBCKfDqZn8Ex4ojeFTY04
2015-08-31 00:21 - 2015-08-31 00:21 - 00004018 _____ C:\Windows\System32\Tasks\LHcWjjOX5K
2015-08-31 00:14 - 2015-08-31 14:15 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-31 00:13 - 2015-08-31 00:13 - 00000000 ____D C:\Windows\system32\abis
2015-08-31 00:08 - 2015-08-31 00:08 - 00000000 ____D C:\Users\Nigel\AppData\Local\CEF
2015-08-31 00:00 - 2015-08-31 03:42 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\mwzmy2fxzgs1btf
2015-08-31 00:00 - 2015-08-31 00:00 - 00003262 _____ C:\Windows\System32\Tasks\GlobalUpdate-mwzmy2fxzgs1btf
2015-08-30 23:58 - 2015-08-30 23:59 - 00000000 ____D C:\ProgramData\App37
2015-08-30 23:58 - 2015-08-30 23:58 - 00678903 _____ C:\Users\Nigel\Downloads\WondershareDrFoneforiOSKeyRegistrationcodeDownload__15022_i1614127055_il6279.exe.rar
2015-08-30 23:57 - 2015-08-30 23:57 - 00678903 _____ C:\Users\Nigel\Downloads\WondershareDrFoneforiOSKeyRegistrationcodeDownload__15022_i1614125276_il6279.exe.rar
2015-08-30 23:57 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-30 23:49 - 2015-08-30 23:49 - 00003474 _____ C:\Windows\System32\Tasks\CTFKQWHCN
2015-08-30 23:48 - 2015-08-31 02:03 - 00000000 ____D C:\Program Files (x86)\S5
2015-08-30 23:47 - 2015-08-30 23:47 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\c
2015-08-30 23:47 - 2015-08-30 23:47 - 00000000 ____D C:\ProgramData\u4c
2015-08-30 23:37 - 2015-08-31 01:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-08-30 23:36 - 2015-08-31 01:59 - 00000000 ___HD C:\Program Files (x86)\Dr.Fone_Temp
2015-08-30 23:30 - 2015-08-30 23:34 - 29381872 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Nigel\Downloads\drfone-for-ios_full1283 (1).exe
2015-08-30 23:22 - 2015-08-30 23:25 - 29381872 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Nigel\Downloads\drfone-for-ios_full1283.exe
2015-08-30 16:39 - 2015-08-31 16:32 - 00002675 _____ C:\Users\Nigel\Desktop\Microsoft Office Outlook 2007.lnk
2015-08-28 14:07 - 2015-08-28 14:07 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-08-25 18:16 - 2015-08-25 18:16 - 00114546 _____ C:\Users\Nigel\Downloads\message_zdm.html
2015-08-25 18:16 - 2015-08-25 18:16 - 00114546 _____ C:\Users\Nigel\Downloads\message_zdm (1).html
2015-08-22 12:16 - 2015-08-23 14:15 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForNigel.job
2015-08-22 12:16 - 2015-08-22 12:16 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNigel
2015-08-20 13:02 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 13:02 - 2015-08-10 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 13:02 - 2015-08-10 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 13:02 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-14 12:26 - 2015-08-31 16:32 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-14 12:26 - 2015-08-14 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-14 12:24 - 2015-08-30 23:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-14 12:24 - 2015-08-14 12:26 - 00000000 ____D C:\Program Files\iTunes
2015-08-14 12:24 - 2015-08-14 12:24 - 00000000 ____D C:\Program Files\iPod
2015-08-13 08:14 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 08:14 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 06:22 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 06:22 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 06:22 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 06:22 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 06:22 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 06:22 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-13 06:22 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 06:22 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 06:22 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 06:22 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 06:22 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 06:22 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 06:22 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 06:22 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-13 06:22 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-13 06:22 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-13 06:22 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 06:22 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 06:22 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 06:22 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 06:22 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 06:22 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-13 06:22 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 06:22 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 06:22 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-13 06:22 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-13 06:22 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-13 06:22 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-13 06:22 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-13 06:22 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-13 06:22 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-13 06:22 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-13 06:22 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-13 06:22 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-13 06:22 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-13 06:22 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-13 06:22 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-13 06:22 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-13 06:22 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-13 06:22 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-13 06:22 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 06:22 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 06:22 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 06:22 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-13 06:22 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-13 06:22 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-13 06:21 - 2015-07-20 19:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 06:21 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-13 06:21 - 2015-07-16 15:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 06:21 - 2015-07-16 15:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 06:21 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 06:21 - 2015-07-16 15:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 06:21 - 2015-07-16 15:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 06:21 - 2015-07-16 15:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 06:21 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-13 06:21 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-13 06:21 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-13 06:21 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-13 06:21 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-13 06:21 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-13 06:21 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-13 06:21 - 2015-07-16 14:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 06:21 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-13 06:21 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-13 06:21 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-13 06:21 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-13 06:21 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-13 06:21 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 06:21 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 06:21 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-13 06:21 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 06:21 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 06:21 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-13 06:21 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 06:21 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-13 06:21 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-13 06:21 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 06:20 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-13 06:20 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-13 06:20 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-13 06:20 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-13 06:20 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-13 06:20 - 2015-07-30 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-13 06:20 - 2015-07-30 11:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 06:20 - 2015-07-30 11:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 06:20 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-13 06:20 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-13 06:20 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-13 06:20 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-13 06:20 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-13 06:20 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-13 06:20 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-13 06:20 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-13 06:20 - 2015-07-16 15:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 06:20 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 06:20 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 06:20 - 2015-07-16 15:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 06:20 - 2015-07-16 15:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 06:20 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 06:20 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 06:20 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 06:20 - 2015-07-16 15:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 06:20 - 2015-07-16 15:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 06:20 - 2015-07-16 15:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 06:20 - 2015-07-16 15:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 06:20 - 2015-07-16 14:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 06:20 - 2015-07-16 14:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 06:20 - 2015-07-16 14:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 06:20 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 06:20 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-13 06:20 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-13 06:20 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-13 06:20 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-13 06:20 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 06:20 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 06:20 - 2015-07-16 14:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 06:20 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 06:20 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-13 06:20 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-13 06:20 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-13 06:20 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 06:20 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 06:20 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-13 06:20 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 06:20 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 06:20 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 06:20 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 06:20 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 06:20 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-13 06:20 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-13 06:20 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-13 06:20 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-13 06:20 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-13 06:20 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 06:20 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-13 06:20 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 06:20 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 06:20 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-13 06:20 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 06:20 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-13 06:20 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-13 06:20 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-13 06:20 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 18:59 - 2013-06-18 21:14 - 00000000 ____D C:\Users\Nigel\Desktop\COMPUTER INFECTION REPAIR
2015-09-03 18:47 - 2014-09-26 12:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-03 18:45 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-03 18:45 - 2009-07-13 23:51 - 00121885 _____ C:\Windows\setupact.log
2015-09-03 18:42 - 2014-09-26 12:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-03 00:06 - 2011-02-20 04:55 - 01637898 _____ C:\Windows\WindowsUpdate.log
2015-09-03 00:06 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-03 00:06 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-03 00:04 - 2015-06-01 11:30 - 00000000 ___RD C:\Users\Nigel\iCloudDrive
2015-09-03 00:04 - 2012-09-07 13:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-02 21:58 - 2013-11-20 22:46 - 00002566 _____ C:\Users\Nigel\Desktop\Rkill.txt
2015-09-02 21:32 - 2012-09-11 01:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-02 21:32 - 2011-02-20 05:00 - 00505578 _____ C:\Windows\PFRO.log
2015-09-02 15:29 - 2013-06-17 02:49 - 00000000 ____D C:\JRT
2015-09-02 08:27 - 2013-11-02 01:57 - 00000000 ___RD C:\Users\Nigel\Dropbox
2015-09-02 08:27 - 2013-11-02 01:55 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Dropbox
2015-09-02 01:01 - 2012-09-12 14:02 - 00000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2015-09-02 00:59 - 2015-07-19 18:48 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000UA.job
2015-09-01 18:59 - 2015-07-19 18:48 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000Core.job
2015-09-01 18:50 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-01 17:24 - 2012-09-11 01:30 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000UA.job
2015-09-01 16:09 - 2015-04-19 07:20 - 00000626 _____ C:\Users\Nigel\AppData\Roaming\Yh6RAYBCKfDqZn8Ex4ojeFTY04
2015-09-01 00:29 - 2011-02-20 05:07 - 00000000 ____D C:\ProgramData\Norton
2015-08-31 23:53 - 2012-09-07 13:43 - 00002121 _____ C:\Windows\epplauncher.mif
2015-08-31 23:40 - 2014-04-04 09:41 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Skype
2015-08-31 16:33 - 2013-10-22 12:16 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-08-31 16:33 - 2012-10-19 13:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-31 16:33 - 2012-09-24 01:42 - 00002543 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
2015-08-31 16:33 - 2012-09-07 13:43 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-31 16:33 - 2012-09-07 12:27 - 00001385 _____ C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2015-08-31 16:33 - 2012-09-07 12:18 - 00002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Walmart Photo Center.lnk
2015-08-31 16:33 - 2012-09-07 12:18 - 00002074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
2015-08-31 16:33 - 2012-09-07 12:18 - 00001864 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Rhapsody.lnk
2015-08-31 16:33 - 2011-02-20 04:48 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-08-31 16:33 - 2011-02-20 04:48 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-08-31 16:33 - 2011-01-09 04:56 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-08-31 16:33 - 2011-01-09 04:56 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-08-31 16:33 - 2011-01-09 04:56 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-08-31 16:33 - 2011-01-09 04:56 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-08-31 16:33 - 2011-01-09 04:51 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2015-08-31 16:33 - 2009-07-13 23:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-31 16:33 - 2009-07-13 23:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-08-31 16:33 - 2009-07-13 23:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-08-31 16:33 - 2009-07-13 23:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-08-31 16:33 - 2009-07-13 23:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-08-31 16:32 - 2015-07-20 11:33 - 00001075 _____ C:\Users\Public\Desktop\Firestorm-Beta.lnk
2015-08-31 16:32 - 2015-07-19 23:43 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-31 16:32 - 2015-02-11 13:50 - 00001170 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-08-31 16:32 - 2015-01-12 10:43 - 00001111 _____ C:\Users\Public\Desktop\Firestorm-Release.lnk
2015-08-31 16:32 - 2014-03-29 22:02 - 00002213 _____ C:\Users\Nigel\Desktop\HP Support Assistant.lnk
2015-08-31 16:32 - 2013-11-10 16:13 - 00000942 _____ C:\Users\Public\Desktop\LeapFrog Connect.lnk
2015-08-31 16:32 - 2013-11-02 01:57 - 00001005 _____ C:\Users\Nigel\Desktop\Dropbox.lnk
2015-08-31 16:32 - 2013-08-15 15:00 - 00001988 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2015-08-31 16:32 - 2013-01-09 19:11 - 00001001 _____ C:\Users\Nigel\Desktop\WinRAR.lnk
2015-08-31 16:32 - 2012-09-11 01:33 - 00002360 _____ C:\Users\Nigel\Desktop\Google Chrome.lnk
2015-08-31 16:32 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-08-31 16:32 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-08-31 16:31 - 2014-10-02 17:27 - 00000000 ____D C:\Users\Guest
2015-08-31 14:24 - 2012-09-07 13:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-31 03:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SchCache
2015-08-31 03:16 - 2014-09-26 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-31 00:13 - 2012-09-07 14:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-31 00:13 - 2012-09-07 14:23 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-30 21:23 - 2012-09-11 01:30 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000Core.job
2015-08-30 17:03 - 2014-04-16 18:30 - 00000000 ____D C:\Windows\Minidump
2015-08-30 17:02 - 2014-04-16 18:30 - 521994899 _____ C:\Windows\MEMORY.DMP
2015-08-28 21:25 - 2012-09-14 21:29 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-08-28 21:19 - 2012-09-11 01:30 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000UA
2015-08-28 21:18 - 2012-09-11 01:30 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000Core
2015-08-26 17:24 - 2012-10-18 02:57 - 00000000 ____D C:\Users\Nigel\AppData\Local\CrashDumps
2015-08-14 12:24 - 2013-10-22 12:14 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-13 12:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-08-13 11:41 - 2009-07-13 23:45 - 00421408 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 11:38 - 2014-12-11 17:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 11:38 - 2014-05-06 16:15 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 08:16 - 2013-07-11 10:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 08:14 - 2012-09-07 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 08:12 - 2012-09-07 16:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 08:12 - 2012-09-07 16:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 07:53 - 2013-07-11 10:12 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 07:39 - 2012-09-07 14:24 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-13 07:04 - 2012-09-07 13:38 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-13 07:04 - 2012-09-07 13:38 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-13 07:04 - 2012-09-07 13:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-07 23:19 - 2015-03-10 17:01 - 00000000 ____D C:\Users\Nigel\AppData\Local\Windows Live
2015-08-06 03:28 - 2012-09-10 04:13 - 00000000 ____D C:\Users\Nigel\Documents\Youcam
2015-08-06 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Nigel\AppData\Roaming\LHcWjjOX5K
2015-04-19 07:20 - 2015-09-01 16:09 - 0000626 _____ () C:\Users\Nigel\AppData\Roaming\Yh6RAYBCKfDqZn8Ex4ojeFTY04
2014-06-06 21:57 - 2014-06-06 21:58 - 0000084 _____ () C:\Users\Nigel\AppData\Local\DVDPATH.TXT
2012-09-12 14:00 - 2012-09-12 14:00 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-02-20 05:04 - 2011-02-20 05:04 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2011-01-09 05:02 - 2011-01-09 05:02 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-02-20 05:04 - 2011-02-20 05:04 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2011-01-09 05:01 - 2011-01-09 05:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-02-20 05:03 - 2011-02-20 05:03 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-01-09 05:00 - 2011-01-09 05:00 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\Nigel\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Nigel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1vupmr.dll
C:\Users\Nigel\AppData\Local\Temp\sqlite3.dll
C:\Users\Nigel\AppData\Local\Temp\{6D71B117-F366-4ED0-AF00-34D7249EB804}.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2012-09-07 14:23] - [2015-08-31 00:13] - 0357888 ____A (Microsoft Corporation) 0E4E27DDEC7F5282C284799613F814FC
 
C:\Windows\SysWOW64\dnsapi.dll
[2012-09-07 14:23] - [2015-08-31 00:13] - 0270336 ____A (Microsoft Corporation) CF5C2D3562991284A5E75F928692D058
 
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-22 12:04
 
==================== End of FRST.txt ============================

Here is the Addition log from frst

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Nigel (2015-09-03 19:00:39)
Running from C:\Users\Nigel\Desktop\COMPUTER INFECTION REPAIR
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-148046159-277398598-540584137-500 - Administrator - Disabled)
Guest (S-1-5-21-148046159-277398598-540584137-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-148046159-277398598-540584137-1003 - Limited - Enabled)
Nigel (S-1-5-21-148046159-277398598-540584137-1000 - Administrator - Enabled) => C:\Users\Nigel
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Browser Cleanup (HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Avast Browser Cleanup) (Version: 10.3.2223.101 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )
Canon MG2100 series User Registration (HKLM-x32\...\Canon MG2100 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco NAC Agent  (HKLM-x32\...\{0CB855E9-B05A-41C7-B743-C286A08433D0}) (Version: 4.9.2.8 - Cisco Systems, Inc.)
Cool VL Viewer 1.26.8 (HKLM-x32\...\Cool VL Viewer 1.26.8) (Version: 1.26.8.51 - Cool Products)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3525 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3609 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Firestorm-Beta (remove only) (HKLM-x32\...\Firestorm-Beta) (Version: 4.7.1.45325 - The Phoenix Firestorm Project, Inc.)
Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version: 4.6.9.42974 - The Phoenix Firestorm Project, Inc.)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Graboid Video 3.56 (HKLM-x32\...\Graboid Video) (Version: 3.56 - Graboid Inc.)
Graboid Video 3.56 Setup (HKLM-x32\...\{53a20ac6-2f62-44f7-aebb-426670ec8eda}) (Version: 3.5.6 - FUSENET)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version:  - Zecter Inc.)
HP Documentation (HKLM-x32\...\{0C107330-16DF-4D39-AA74-0E5448AED9E8}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{424E8E17-A7B7-45B5-8C79-D58F04D9D920}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{1AE1848C-D592-4222-8048-AEE1694D2959}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6315.0 - IDT)
Intel® Chipset Device Software (x32 Version: 10.0.24 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Juniper Installer Service (HKLM-x32\...\{F63A119C-3778-4EFE-BD8C-56597A695D34}) (Version: 7.1.0.19757 - Juniper Networks)
Juniper Networks Network Connect 7.2.0 (HKLM-x32\...\Juniper Network Connect 7.2.0) (Version: 7.2.0.20761 - Juniper Networks)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.740 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.740 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3429 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3429 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.1.26.18340 - LeapFrog)
LeapFrog Connect (x32 Version: 5.1.26.18340 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.1.26.18340 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.2.15 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Phoenix Viewer 1.6.0.1691 (HKLM-x32\...\{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1) (Version:  - PhoenixViewer.com)
PhoenixViewer (remove only) (HKLM-x32\...\PhoenixViewer) (Version:  - )
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4725 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4725 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Singularity (64 bit) (remove only) (HKLM-x32\...\Singularity (64 bit)) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-148046159-277398598-540584137-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-148046159-277398598-540584137-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
CustomCLSID: HKU\S-1-5-21-148046159-277398598-540584137-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
CustomCLSID: HKU\S-1-5-21-148046159-277398598-540584137-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
CustomCLSID: HKU\S-1-5-21-148046159-277398598-540584137-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
CustomCLSID: HKU\S-1-5-21-148046159-277398598-540584137-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
CustomCLSID: HKU\S-1-5-21-148046159-277398598-540584137-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
CustomCLSID: HKU\S-1-5-21-148046159-277398598-540584137-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
CustomCLSID: HKU\S-1-5-21-148046159-277398598-540584137-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0002A184-DD38-4097-94BD-3C533D74DB34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000Core => C:\Users\Nigel\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {004CFF24-A975-4493-9768-8799B8CD7FC7} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {05866814-9582-458F-9BD1-E58AF5DA7ABB} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {070D1DB5-375F-497D-A792-EDDD3403A520} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {0BDC9AEA-C73F-44A9-844D-8F48F8D5C463} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {0D0902AA-C699-4AD2-9C3B-7EE55597B63E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {0EEEDFC8-EE0D-4186-87A2-E1D67B5F2CD1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000Core => C:\Users\Nigel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.)
Task: {11A2AE52-D5DF-45B6-A4FF-F523E041EDFA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {1B11B0A3-B6AA-4D06-B7C4-BC06CA7D2C47} - System32\Tasks\HPCeeScheduleForNigel => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {1B67111E-AD1C-4759-A5ED-D4B17040C7A2} - System32\Tasks\CTFKQWHCN => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {3C0EDA0F-7584-435D-B789-031656A888CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3C9739F9-23D8-4B16-A159-6F9E919E52FA} - \Imreofea -> No File <==== ATTENTION
Task: {46247EED-9C4C-4BBF-A143-C56FBF40A9B2} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {48834FDE-07DA-43BA-89FA-CC893C4494E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4DAE8C16-4A4E-4351-9504-1152D5E8A08E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000UA => C:\Users\Nigel\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5796AF6F-5AFA-415F-AF8A-DC07AB18CF57} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-09-16] (Hewlett-Packard Co.)
Task: {5F2DA06F-60F2-44CC-9032-AAC66EE08E30} - \bvxvbxvd -> No File <==== ATTENTION
Task: {62148162-1813-400A-AFEB-0B64DDB54455} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-08-27] (Microsoft)
Task: {67C8DD55-5E19-4E71-A8D7-F7F16F85DD4D} - System32\Tasks\Yh6RAYBCKfDqZn8Ex4ojeFTY04 => C:\Users\Nigel\AppData\Roaming\Yh6RAYBCKfDqZn8Ex4ojeFTY04.exe <==== ATTENTION
Task: {6F4805F9-ACF2-4B82-AA90-F0D34F874F88} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN1AL0C05105NR => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {8DF12076-C517-4031-AF3E-226D1A159797} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {A1B95006-F1E0-4D24-A9E0-EAD2EBE1E136} - System32\Tasks\LHcWjjOX5K => C:\Users\Nigel\AppData\Roaming\LHcWjjOX5K.exe <==== ATTENTION
Task: {A4F5A5C4-5A95-45F3-A2CE-A90DBA315B19} - System32\Tasks\GlobalUpdate-mwzmy2fxzgs1btf => C:\Users\Nigel\AppData\Roaming\mwzmy2fxzgs1btf\mwzmy2fxzgs1btf.exe <==== ATTENTION
Task: {A6DF527C-6234-4E7C-94AA-AFC34F166D09} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {A7486E3B-62D5-43CE-AEA7-F10E11FC11A3} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: {AB433C62-06B6-4B45-934A-F99198E2A109} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {B3E251E5-2B57-453D-B8F5-F5753BFBA70F} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {C1BBD0EE-D4D0-4205-83E0-8725791DAA8C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-12-11] (CyberLink)
Task: {C3F6AC26-235F-4A8A-8A8A-7FA6B5E0A223} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {D519E10C-713E-41DF-BF6C-62A77F27DFEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E981CAE5-44F5-48DC-9FDE-E1AAF8BDD7BF} - \SMWUpd -> No File <==== ATTENTION
Task: {ED316F3B-9E3C-4DC4-B26D-AE3149CE1A84} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-11-17] ()
Task: {ED4E55DA-8765-4BCB-A6D0-ADB39C1813BC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000UA => C:\Users\Nigel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.)
Task: {FE81AF9B-EEA1-43C6-8684-3F3A6E2D3ECE} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000Core.job => C:\Users\Nigel\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000UA.job => C:\Users\Nigel\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000Core.job => C:\Users\Nigel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000UA.job => C:\Users\Nigel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNigel.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29672048.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65464163.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9DC9B541.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9DC9B5416.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9DC9B54161.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29672048.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\65464163.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\9DC9B541.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\9DC9B5416.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\9DC9B54161.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-148046159-277398598-540584137-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D6D334A1-795D-4D28-9E95-5BB4AB6A9FDB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{DD0BB6D1-83CC-4CFF-AEDB-D7827BC946B1}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{8E526251-143C-4534-89BC-4CAD045FA589}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{7F45E489-EEBA-4E82-9A82-2EBEA63E61EE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{96B0D824-04F5-47B1-9DC8-F1CFA71E0461}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C86EBE37-B6DF-4FE5-9223-D6B476A23436}] => (Allow) LPort=2869
FirewallRules: [{5AF2DF68-743D-43B3-87AE-6814D15DCA52}] => (Allow) LPort=1900
FirewallRules: [{7C9C6D48-825D-423A-B138-34DA1695DB97}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9FB0E4CB-CAFC-4354-ACBE-8D386E075A97}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{80C18C4B-04A1-49FD-AB1D-DC358B2CADF5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{17915807-C704-445D-B443-E4468A51AF5E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{5168E10D-267E-49F5-8F7F-1FB99F696D21}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe
FirewallRules: [{77370F51-29F9-47EC-943D-9EB864CD8A45}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{D41426EF-1833-44CB-A750-9097163406A7}C:\program files (x86)\phoenixviewer\slvoice.exe] => (Allow) C:\program files (x86)\phoenixviewer\slvoice.exe
FirewallRules: [UDP Query User{835FBED9-C11F-4AC8-96DE-3694734E9871}C:\program files (x86)\phoenixviewer\slvoice.exe] => (Allow) C:\program files (x86)\phoenixviewer\slvoice.exe
FirewallRules: [TCP Query User{978AE03B-297D-4C4B-9B44-DD1548B1FD45}C:\users\nigel\appdata\local\temp\rar$exa0.670\gankedlife_1.4-simms\slvoice.exe] => (Allow) C:\users\nigel\appdata\local\temp\rar$exa0.670\gankedlife_1.4-simms\slvoice.exe
FirewallRules: [UDP Query User{EEC37A0B-0580-47C0-BF21-7C727532971E}C:\users\nigel\appdata\local\temp\rar$exa0.670\gankedlife_1.4-simms\slvoice.exe] => (Allow) C:\users\nigel\appdata\local\temp\rar$exa0.670\gankedlife_1.4-simms\slvoice.exe
FirewallRules: [{DBBCEAD0-A625-4727-B96D-701A30F9439B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{9617CEFC-84CD-4B59-AE1B-D2650E316669}] => (Allow) C:\Users\Nigel\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{65A2284F-A855-4B9B-92B0-42617DF3FA8D}] => (Allow) C:\Users\Nigel\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3C9B910F-5010-4A15-BD2F-05F0F1321E0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA82DFF4-06DD-4119-994A-5A1EAED55379}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BA610390-1C33-45CA-8727-13FA81CD4CE5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90A87486-A9F2-404D-BEB1-D73CC334E81D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{C51C6EBB-29AA-4FED-A642-C0FE1C0D7655}C:\program files (x86)\firestorm-beta\slvoice.exe] => (Allow) C:\program files (x86)\firestorm-beta\slvoice.exe
FirewallRules: [UDP Query User{D80715B8-6962-4259-82E9-03A858567EC8}C:\program files (x86)\firestorm-beta\slvoice.exe] => (Allow) C:\program files (x86)\firestorm-beta\slvoice.exe
FirewallRules: [{59396119-7B39-4791-AA29-99FF58C1BE47}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [TCP Query User{4224828E-91EB-43D0-B24C-5DFF4401244C}C:\users\nigel\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nigel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{8EC45622-E246-4826-830D-EECA842BD362}C:\users\nigel\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nigel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{54A501BF-F7F9-45E0-BB8A-3CF393CEF00D}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe
FirewallRules: [UDP Query User{45F93B23-441A-48DD-954D-45D0C7DFC2DD}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe
FirewallRules: [TCP Query User{D1AAE86F-71FF-40C1-BF85-255F05078C61}C:\program files\singularity\slvoice.exe] => (Block) C:\program files\singularity\slvoice.exe
FirewallRules: [UDP Query User{7D407097-B557-4BFD-BEFF-2BDB5EC2B226}C:\program files\singularity\slvoice.exe] => (Block) C:\program files\singularity\slvoice.exe
FirewallRules: [{379A36E0-7466-4D52-9A8F-0F974B637C8B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5F702A21-77C3-4223-B886-0D1FAB853609}C:\program files\singularity\singularityviewer.exe] => (Block) C:\program files\singularity\singularityviewer.exe
FirewallRules: [UDP Query User{30D382A7-420B-4593-BF4D-61C97EC6E53E}C:\program files\singularity\singularityviewer.exe] => (Block) C:\program files\singularity\singularityviewer.exe
FirewallRules: [TCP Query User{904213C5-D101-487C-9719-D5CF07EF505C}C:\program files\singularity\singularityviewer.exe] => (Allow) C:\program files\singularity\singularityviewer.exe
FirewallRules: [UDP Query User{D8C68CDA-D0B5-49F3-8021-C841A9FDFB22}C:\program files\singularity\singularityviewer.exe] => (Allow) C:\program files\singularity\singularityviewer.exe
FirewallRules: [TCP Query User{F8826700-70EC-48D9-B34C-47B3308E6886}C:\program files (x86)\firestorm-release\slvoice.exe] => (Allow) C:\program files (x86)\firestorm-release\slvoice.exe
FirewallRules: [UDP Query User{76FC1699-0263-4EE3-BCFC-9CFA535DD334}C:\program files (x86)\firestorm-release\slvoice.exe] => (Allow) C:\program files (x86)\firestorm-release\slvoice.exe
FirewallRules: [TCP Query User{0DD69F3A-2386-4148-B85B-7F6780652D20}C:\program files (x86)\firestorm-release\slvoice.exe] => (Block) C:\program files (x86)\firestorm-release\slvoice.exe
FirewallRules: [UDP Query User{C69F1106-B699-4670-8815-7C9C40489B34}C:\program files (x86)\firestorm-release\slvoice.exe] => (Block) C:\program files (x86)\firestorm-release\slvoice.exe
FirewallRules: [TCP Query User{55A8AA89-33A0-4DB7-8415-59457E245FDB}C:\users\nigel\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nigel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{535B102D-5F55-47C5-ACF6-F53AA942A975}C:\users\nigel\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nigel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{3B9ED457-FBF3-40AC-9026-853F8A86C2B9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{971595CD-B3FE-4F81-B918-4917CFB1ED7C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D43957FB-445B-4B1E-82B5-C783F2F209D3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6F6470E7-5DBB-4424-A702-6558B34306BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3BFFA458-010E-4DB3-A9E5-11D0B77D686D}C:\program files (x86)\firestorm-beta\slvoice.exe] => (Block) C:\program files (x86)\firestorm-beta\slvoice.exe
FirewallRules: [UDP Query User{1C264517-E26A-4C09-B7D0-DA405DB2A244}C:\program files (x86)\firestorm-beta\slvoice.exe] => (Block) C:\program files (x86)\firestorm-beta\slvoice.exe
FirewallRules: [{C3475197-5E7E-48B8-9197-59DEE7DC848B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BA37EA45-8674-4136-A8D4-332E778660DE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{2F595B65-0115-4E24-9612-9EAFDD01359D}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣湩瑥捰攮數
FirewallRules: [{7CB6FCD5-C3D4-4B25-AADD-10CE3B0C8FDE}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣敲瑳湩灴⹣硥e
FirewallRules: [{91009E2E-8221-42FB-B6CD-E21B574BD46D}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{694F6687-093D-4D4D-8C85-0D093E70D19B}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/03/2015 12:04:37 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (09/03/2015 12:04:06 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (09/02/2015 09:34:30 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (09/02/2015 09:34:00 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
 
System errors:
=============
Error: (09/03/2015 06:59:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/03/2015 06:59:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/03/2015 06:59:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/03/2015 06:59:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/03/2015 06:59:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/03/2015 06:59:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/03/2015 06:59:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/03/2015 06:59:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/03/2015 06:59:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/03/2015 06:58:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office:
=========================
 
CodeIntegrity:
===================================
  Date: 2015-08-31 00:16:03.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:16:03.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:23.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.988
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.802
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:21.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6300 @ 2.27GHz
Percentage of memory in use: 16%
Total physical RAM: 3893.86 MB
Available physical RAM: 3248.75 MB
Total Virtual: 7785.92 MB
Available Virtual: 7174.98 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:450.97 GB) (Free:286.19 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.49 GB) (Free:1.81 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F4AEA3A7)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End of Addition.txt ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 AM

Posted 05 September 2015 - 07:18 AM

[2012-09-07 14:23] - [2015-08-31 00:13] - 0357888 ____A (Microsoft Corporation) 0E4E27DDEC7F5282C284799613F814FC
C:\Windows\SysWOW64\dnsapi.dll
[2012-09-07 14:23] - [2015-08-31 00:13] - 0270336 ____A (Microsoft Corporation) CF5C2D3562991284A5E75F928692D058


This fix will also replace the bad dnsapi.dll file.
Post the requested log for my review. We may have to do an other fix to complete the cleaning.
===

Please remove this program in bold using the Add/Remove Programs applet.

globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [DV] => C:\ProgramData\DataFile\DV.exe [210432 2015-08-31] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nigel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-148046159-277398598-540584137-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 massfilter_hs; \??\C:\Windows\system32\drivers\massfilter_hs.sys [X]
S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]
S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X]
S3 zghsnmea; system32\DRIVERS\zghsnmea.sys [X]
Task: {004CFF24-A975-4493-9768-8799B8CD7FC7} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {05866814-9582-458F-9BD1-E58AF5DA7ABB} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {1B67111E-AD1C-4759-A5ED-D4B17040C7A2} - System32\Tasks\CTFKQWHCN => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {3C9739F9-23D8-4B16-A159-6F9E919E52FA} - \Imreofea -> No File <==== ATTENTION
Task: {5F2DA06F-60F2-44CC-9032-AAC66EE08E30} - \bvxvbxvd -> No File <==== ATTENTION
Task: {67C8DD55-5E19-4E71-A8D7-F7F16F85DD4D} - System32\Tasks\Yh6RAYBCKfDqZn8Ex4ojeFTY04 => C:\Users\Nigel\AppData\Roaming\Yh6RAYBCKfDqZn8Ex4ojeFTY04.exe <==== ATTENTION
Task: {A1B95006-F1E0-4D24-A9E0-EAD2EBE1E136} - System32\Tasks\LHcWjjOX5K => C:\Users\Nigel\AppData\Roaming\LHcWjjOX5K.exe <==== ATTENTION
Task: {A4F5A5C4-5A95-45F3-A2CE-A90DBA315B19} - System32\Tasks\GlobalUpdate-mwzmy2fxzgs1btf => C:\Users\Nigel\AppData\Roaming\mwzmy2fxzgs1btf\mwzmy2fxzgs1btf.exe <==== ATTENTION
Task: {A7486E3B-62D5-43CE-AEA7-F10E11FC11A3} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: {B3E251E5-2B57-453D-B8F5-F5753BFBA70F} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {E981CAE5-44F5-48DC-9FDE-E1AAF8BDD7BF} - \SMWUpd -> No File <==== ATTENTION
Task: {FE81AF9B-EEA1-43C6-8684-3F3A6E2D3ECE} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
C:\Users\Nigel\AppData\Roaming\mwzmy2fxzgs1btf\mwzmy2fxzgs1btf.exe
C:\Users\Nigel\AppData\Roaming\LHcWjjOX5K.exe
C:\Users\Nigel\AppData\Roaming\Yh6RAYBCKfDqZn8Ex4ojeFTY04.exe
C:\ProgramData\Service1291\Service1291.exe
C:\Users\Nigel\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Nigel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1vupmr.dll
C:\Users\Nigel\AppData\Local\Temp\sqlite3.dll
C:\Users\Nigel\AppData\Local\Temp\{6D71B117-F366-4ED0-AF00-34D7249EB804}.exe
C:\ProgramData\DataFile\DV.exe
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll



End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please run the Farbar tool and include a fresh FRST log in your next reply.

How is the computer running now?

#8 scorpianf5

scorpianf5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 06 September 2015 - 01:01 PM

@Nasdaq, We have a grand issue.

 

1. I have the FixLog, and a Fresh FRST Log as Requested.

 

2. However I cannot access the internet via LAN/Wi-Fi To post the log.

 

3. Once I ran the FixList through FRST, upon reboot my internet is not working.

 

Everytime I connect it says its trying to indentify the network/cant identify - The network shows up with strong connection strength and shows im connected.

 

Im using another PC on the same network from which im typing now. So the network it's self is fine. 

 

However, the silver lining to the issue is I think the initial virus is gone * As I don't have a faux BSOD pop up, however that could be due to no network. I'm not sure.

 

 

 

********* - Also in your previous instructions you told me to remove globalupdate Helper (x32 Version) in the Add/Remove Programs Applet - I was unable to locate that program through the Control Panel -> Add/Remove Programs. I went through the whole list.

 

 

 

 

Thanks for your continued support !


Edited by scorpianf5, 06 September 2015 - 01:06 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 AM

Posted 07 September 2015 - 07:26 AM

Check the integrity of the operating system files. Run this tool.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

===

Also in your previous instructions you told me to remove globalupdate Helper (x32 Version) in the Add/Remove Programs Applet - I was unable to locate that program through the Control Panel -> Add/Remove Programs. I went through the whole list.

It's gone. This is just a remnant item in the registry. Let it go.

If the internet has not returned after the running the SFC.EXE program please run the Farbar tool and post a fresh log for my review.

#10 scorpianf5

scorpianf5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 07 September 2015 - 07:19 PM

Upcoming is the first log. As the SFC.exe did not bring back my internet.

 

Here is the newest FRST Log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-09-2015 01
Ran by Nigel (administrator) on NIGEL-HP (07-09-2015 18:45:03)
Running from C:\Users\Nigel\Desktop\COMPUTER INFECTION REPAIR\FRST
Loaded Profiles: Nigel (Available Profiles: Nigel & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-13] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [610776 2012-12-03] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-10-31] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [Google Update] => C:\Users\Nigel\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [Dropbox Update] => C:\Users\Nigel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
HKU\S-1-5-21-148046159-277398598-540584137-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-02-20]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{14B51C86-D4E8-441C-BFAF-C21B907DD5D4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A52B2FDA-99ED-42E9-B8E9-72F9142E9EC3}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-148046159-277398598-540584137-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-148046159-277398598-540584137-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-148046159-277398598-540584137-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-148046159-277398598-540584137-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-148046159-277398598-540584137-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-148046159-277398598-540584137-1000 -> {F0571A5E-6EA3-4B49-B174-9C1C71D11655} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-06] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

FireFox:
========
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\h79blnr5.default
FF DefaultSearchEngine: Search Module
FF SelectedSearchEngine: Search Module
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-148046159-277398598-540584137-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nigel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-148046159-277398598-540584137-1000: @talk.google.com/O1DPlugin -> C:\Users\Nigel\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-148046159-277398598-540584137-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Nigel\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-148046159-277398598-540584137-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Nigel\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nigel\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nigel\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Session Manager - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\h79blnr5.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-12-12]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn [2015-09-06]

Chrome:
=======
CHR DefaultSearchURL: Default -> http://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR Plugin: (Shockwave Flash) - C:\Users\Nigel\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Nigel\AppData\Local\Google\Chrome\Application\44.0.2403.157\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Flash) - internal-remoting-viewer
CHR Plugin: (Remoting Viewer) - C:\Users\Nigel\AppData\Local\Google\Chrome\Application\44.0.2403.157\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Native Client) - C:\Users\Nigel\AppData\Local\Google\Chrome\Application\44.0.2403.157\pdf.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Java) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Users\Nigel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-11]
CHR Extension: (Google Search) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-11]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-09-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-09-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.23SWY2WQCYLTJOMHJNEVKOA7FI - C:\Users\Nigel\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
S2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-10-31] (LeapFrog Enterprises, Inc.) [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1270744 2012-12-03] (Cisco Systems, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe [282016 2015-07-16] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 9DC9B541; C:\Windows\System32\drivers\9DC9B541.sys [478392 2015-09-01] (Kaspersky Lab ZAO)
R0 9DC9B5416; C:\Windows\System32\drivers\9DC9B5416.sys [478392 2015-09-01] (Kaspersky Lab ZAO)
R0 9DC9B54161; C:\Windows\System32\drivers\9DC9B54161.sys [478392 2015-09-02] (Kaspersky Lab ZAO)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-20] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-08-20] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-09-01] ()
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150901.003\IDSvia64.sys [767224 2015-08-31] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150901.009\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150901.009\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [158024 2013-06-20] (MCCI Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-09-01] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NISx64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-02] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-03 18:59 - 2015-09-07 18:45 - 00000000 ____D C:\FRST
2015-09-03 18:58 - 2015-09-03 18:58 - 01430458 _____ C:\Users\Nigel\Downloads\NTOYEPORTFOLIO.zip
2015-09-03 18:57 - 2015-09-03 18:57 - 02188800 _____ (Farbar) C:\Users\Nigel\Downloads\FRST64.exe
2015-09-03 15:46 - 2015-09-03 15:46 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Nigel\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-02 21:31 - 2015-09-02 21:31 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\9DC9B54161.sys
2015-09-02 18:09 - 2015-09-02 18:09 - 00448512 _____ (OldTimer Tools) C:\Users\Nigel\Downloads\TFC.exe
2015-09-02 17:50 - 2015-09-02 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-02 17:37 - 2015-09-02 17:37 - 05198336 _____ (AVAST Software) C:\Users\Nigel\Downloads\aswMBR.exe
2015-09-02 15:31 - 2015-09-02 15:31 - 00000633 _____ C:\Users\Nigel\Desktop\JRT.txt
2015-09-02 08:45 - 2015-09-02 08:46 - 00000189 _____ C:\Users\Nigel\Desktop\FILES KEEP POPPING UP.txt
2015-09-02 01:33 - 2015-09-02 01:33 - 00001065 _____ C:\Users\Nigel\Desktop\Avast Browser Cleanup.lnk
2015-09-02 01:33 - 2015-09-02 01:33 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2015-09-02 01:33 - 2015-09-02 01:33 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\AVAST Software
2015-09-02 01:32 - 2015-09-02 01:32 - 03824464 _____ (AVAST Software) C:\Users\Nigel\Downloads\avast-browser-cleanup-sfx.exe
2015-09-01 18:49 - 2015-09-01 18:49 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-09-01 18:48 - 2015-09-01 18:48 - 00001889 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-09-01 18:48 - 2015-09-01 18:48 - 00000000 ____D C:\Program Files\HitmanPro
2015-09-01 18:46 - 2015-09-01 18:48 - 11352032 _____ (SurfRight B.V.) C:\Users\Nigel\Downloads\HitmanPro_x64.exe
2015-09-01 12:57 - 2015-09-02 23:17 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-01 12:57 - 2015-09-01 13:42 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-01 12:57 - 2015-09-01 12:57 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Nigel\Downloads\tdsskiller.exe
2015-09-01 12:56 - 2015-09-01 12:56 - 18775112 _____ C:\Users\Nigel\Downloads\RogueKiller.exe
2015-09-01 12:52 - 2015-09-01 12:52 - 00000000 ____D C:\Users\Nigel\Desktop\RK_Quarantine
2015-09-01 12:46 - 2015-09-01 12:46 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\9DC9B5416.sys
2015-09-01 12:43 - 2015-09-01 12:45 - 102506144 _____ (Kaspersky Lab ZAO) C:\Users\Nigel\Downloads\KVRT (1).exe
2015-09-01 12:42 - 2015-09-01 12:42 - 08911816 _____ C:\Users\Nigel\Downloads\Unconfirmed 599805.crdownload
2015-09-01 11:47 - 2015-09-01 11:50 - 00000000 ____D C:\KVRT_Data
2015-09-01 11:47 - 2015-09-01 11:47 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\9DC9B541.sys
2015-09-01 11:47 - 2015-09-01 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-09-01 11:46 - 2015-09-01 11:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-09-01 11:46 - 2015-09-01 11:46 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-09-01 11:40 - 2015-09-01 11:46 - 102592672 _____ (Kaspersky Lab ZAO) C:\Users\Nigel\Downloads\KVRT.exe
2015-09-01 11:39 - 2015-09-01 11:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-09-01 11:38 - 2015-09-01 11:38 - 00717656 _____ (Kaspersky Lab) C:\Users\Nigel\Downloads\setup.exe
2015-09-01 00:30 - 2015-09-01 00:30 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2015-09-01 00:28 - 2015-09-01 00:28 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-09-01 00:28 - 2015-09-01 00:28 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-09-01 00:28 - 2015-09-01 00:28 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-09-01 00:28 - 2015-09-01 00:28 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-09-01 00:27 - 2015-09-01 00:27 - 00002475 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2015-09-01 00:27 - 2015-09-01 00:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-09-01 00:27 - 2015-09-01 00:27 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2015-09-01 00:27 - 2015-09-01 00:27 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2015-08-31 23:55 - 2015-08-31 23:55 - 00022546 _____ C:\FixitRegBackup.reg
2015-08-31 23:54 - 2015-08-31 23:54 - 00899584 _____ C:\Users\Nigel\Downloads\MicrosoftFixit50535.msi
2015-08-31 23:51 - 2015-08-31 23:52 - 14243008 _____ (Microsoft Corporation) C:\Users\Nigel\Downloads\mseinstall.exe
2015-08-31 23:42 - 2015-09-01 00:29 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-08-31 23:42 - 2015-09-01 00:25 - 00001284 _____ C:\Users\Nigel\Desktop\Norton Installation Files.lnk
2015-08-31 23:42 - 2015-08-31 23:42 - 01111008 _____ (Symantec Corporation) C:\Users\Nigel\Downloads\NortonNISDownloader.exe
2015-08-31 23:42 - 2015-08-31 23:42 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-08-31 23:21 - 2015-08-31 23:21 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-31 23:06 - 2015-08-31 23:07 - 00000000 ____D C:\ProgramData\Sophos
2015-08-31 23:05 - 2015-09-03 20:56 - 00000000 ____D C:\AdwCleaner
2015-08-31 23:00 - 2015-08-31 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-08-31 23:00 - 2015-08-31 23:00 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-08-31 22:52 - 2015-08-31 22:55 - 132495576 _____ (Sophos Limited) C:\Users\Nigel\Downloads\Sophos Virus Removal Tool.exe
2015-08-31 09:33 - 2015-08-31 14:24 - 00000000 ____D C:\Program Files (x86)\b6380599-0a17-4fd7-a1e1-22ec41b6723e
2015-08-31 09:14 - 2015-08-31 09:14 - 00000000 ____D C:\Users\Nigel\AppData\Local\CrashRpt
2015-08-31 09:14 - 2014-02-19 00:52 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\ATL90.dll
2015-08-31 09:06 - 2015-09-06 12:11 - 00000000 ____D C:\ProgramData\DataFile
2015-08-31 02:59 - 2015-08-31 16:33 - 00000979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-31 02:59 - 2015-08-31 16:32 - 00000967 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-31 02:16 - 2015-08-31 02:33 - 00002157 _____ C:\Users\Nigel\Desktop\IOS 8 SCREWED ME UP - REINBURSE ME FOR DR. FONE OR PAY ME.txt
2015-08-31 01:02 - 2015-08-31 01:02 - 00006896 ____N C:\bootsqm.dat
2015-08-31 01:01 - 2015-08-31 01:01 - 00000000 __SHD C:\found.000
2015-08-31 00:14 - 2015-08-31 14:15 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-31 00:13 - 2015-08-31 00:13 - 00000000 ____D C:\Windows\system32\abis
2015-08-31 00:08 - 2015-08-31 00:08 - 00000000 ____D C:\Users\Nigel\AppData\Local\CEF
2015-08-31 00:00 - 2015-08-31 03:42 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\mwzmy2fxzgs1btf
2015-08-30 23:58 - 2015-08-30 23:59 - 00000000 ____D C:\ProgramData\App37
2015-08-30 23:58 - 2015-08-30 23:58 - 00678903 _____ C:\Users\Nigel\Downloads\WondershareDrFoneforiOSKeyRegistrationcodeDownload__15022_i1614127055_il6279.exe.rar
2015-08-30 23:57 - 2015-08-30 23:57 - 00678903 _____ C:\Users\Nigel\Downloads\WondershareDrFoneforiOSKeyRegistrationcodeDownload__15022_i1614125276_il6279.exe.rar
2015-08-30 23:57 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-30 23:48 - 2015-08-31 02:03 - 00000000 ____D C:\Program Files (x86)\S5
2015-08-30 23:47 - 2015-08-30 23:47 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\c
2015-08-30 23:47 - 2015-08-30 23:47 - 00000000 ____D C:\ProgramData\u4c
2015-08-30 23:37 - 2015-08-31 01:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-08-30 23:36 - 2015-08-31 01:59 - 00000000 ___HD C:\Program Files (x86)\Dr.Fone_Temp
2015-08-30 23:30 - 2015-08-30 23:34 - 29381872 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Nigel\Downloads\drfone-for-ios_full1283 (1).exe
2015-08-30 23:22 - 2015-08-30 23:25 - 29381872 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Nigel\Downloads\drfone-for-ios_full1283.exe
2015-08-30 16:39 - 2015-08-31 16:32 - 00002675 _____ C:\Users\Nigel\Desktop\Microsoft Office Outlook 2007.lnk
2015-08-28 14:07 - 2015-08-28 14:07 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-08-25 18:16 - 2015-08-25 18:16 - 00114546 _____ C:\Users\Nigel\Downloads\message_zdm.html
2015-08-25 18:16 - 2015-08-25 18:16 - 00114546 _____ C:\Users\Nigel\Downloads\message_zdm (1).html
2015-08-22 12:16 - 2015-08-23 14:15 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForNigel.job
2015-08-22 12:16 - 2015-08-22 12:16 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNigel
2015-08-20 13:02 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 13:02 - 2015-08-10 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 13:02 - 2015-08-10 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 13:02 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-14 12:26 - 2015-08-31 16:32 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-14 12:26 - 2015-08-14 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-14 12:24 - 2015-08-30 23:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-14 12:24 - 2015-08-14 12:26 - 00000000 ____D C:\Program Files\iTunes
2015-08-14 12:24 - 2015-08-14 12:24 - 00000000 ____D C:\Program Files\iPod
2015-08-13 08:14 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 08:14 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 06:22 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 06:22 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 06:22 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 06:22 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 06:22 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 06:22 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-13 06:22 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 06:22 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 06:22 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 06:22 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 06:22 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 06:22 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 06:22 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 06:22 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-13 06:22 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-13 06:22 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-13 06:22 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 06:22 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 06:22 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 06:22 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 06:22 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-13 06:22 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 06:22 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-13 06:22 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 06:22 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 06:22 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-13 06:22 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-13 06:22 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-13 06:22 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-13 06:22 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-13 06:22 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-13 06:22 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-13 06:22 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-13 06:22 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-13 06:22 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-13 06:22 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-13 06:22 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-13 06:22 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-13 06:22 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-13 06:22 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-13 06:22 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-13 06:22 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-13 06:22 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 06:22 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 06:22 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 06:22 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-13 06:22 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-13 06:22 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-13 06:22 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-13 06:21 - 2015-07-20 19:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 06:21 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-13 06:21 - 2015-07-16 15:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 06:21 - 2015-07-16 15:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 06:21 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 06:21 - 2015-07-16 15:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 06:21 - 2015-07-16 15:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 06:21 - 2015-07-16 15:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 06:21 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-13 06:21 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-13 06:21 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-13 06:21 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-13 06:21 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-13 06:21 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-13 06:21 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-13 06:21 - 2015-07-16 14:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 06:21 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-13 06:21 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-13 06:21 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-13 06:21 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-13 06:21 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-13 06:21 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 06:21 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 06:21 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-13 06:21 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 06:21 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 06:21 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-13 06:21 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 06:21 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-13 06:21 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-13 06:21 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 06:20 - 2015-07-30 13:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 06:20 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-13 06:20 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-13 06:20 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-13 06:20 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-13 06:20 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-13 06:20 - 2015-07-30 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-13 06:20 - 2015-07-30 11:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 06:20 - 2015-07-30 11:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 06:20 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-13 06:20 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-13 06:20 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-13 06:20 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-13 06:20 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-13 06:20 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-13 06:20 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-13 06:20 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-13 06:20 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-13 06:20 - 2015-07-16 15:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 06:20 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 06:20 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 06:20 - 2015-07-16 15:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 06:20 - 2015-07-16 15:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 06:20 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 06:20 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 06:20 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 06:20 - 2015-07-16 15:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 06:20 - 2015-07-16 15:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 06:20 - 2015-07-16 15:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 06:20 - 2015-07-16 15:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 06:20 - 2015-07-16 14:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 06:20 - 2015-07-16 14:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 06:20 - 2015-07-16 14:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 06:20 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 06:20 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-13 06:20 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-13 06:20 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-13 06:20 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-13 06:20 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 06:20 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 06:20 - 2015-07-16 14:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 06:20 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 06:20 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-13 06:20 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-13 06:20 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-13 06:20 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 06:20 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 06:20 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-13 06:20 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 06:20 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 06:20 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 06:20 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 06:20 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 06:20 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-13 06:20 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-13 06:20 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-13 06:20 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-13 06:20 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-13 06:20 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 06:20 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-13 06:20 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 06:20 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 06:20 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-13 06:20 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 06:20 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-13 06:20 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-13 06:20 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-13 06:20 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-07 18:39 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-07 18:39 - 2009-07-13 23:51 - 00122333 _____ C:\Windows\setupact.log
2015-09-06 13:17 - 2011-02-20 04:55 - 01687834 _____ C:\Windows\WindowsUpdate.log
2015-09-06 13:17 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-06 13:17 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-06 13:12 - 2014-09-26 12:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-06 13:04 - 2012-09-07 13:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-06 13:01 - 2012-09-12 14:02 - 00000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2015-09-06 12:59 - 2015-07-19 18:48 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000UA.job
2015-09-06 12:46 - 2012-09-14 21:29 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-09-06 12:34 - 2015-06-01 11:30 - 00000000 ___RD C:\Users\Nigel\iCloudDrive
2015-09-04 13:57 - 2011-02-20 05:00 - 00505928 _____ C:\Windows\PFRO.log
2015-09-03 19:02 - 2013-06-18 21:14 - 00000000 ____D C:\Users\Nigel\Desktop\COMPUTER INFECTION REPAIR
2015-09-03 18:42 - 2014-09-26 12:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-02 21:58 - 2013-11-20 22:46 - 00002566 _____ C:\Users\Nigel\Desktop\Rkill.txt
2015-09-02 21:32 - 2012-09-11 01:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-02 15:29 - 2013-06-17 02:49 - 00000000 ____D C:\JRT
2015-09-02 08:27 - 2013-11-02 01:57 - 00000000 ___RD C:\Users\Nigel\Dropbox
2015-09-02 08:27 - 2013-11-02 01:55 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Dropbox
2015-09-01 18:59 - 2015-07-19 18:48 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000Core.job
2015-09-01 18:50 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-01 17:24 - 2012-09-11 01:30 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000UA.job
2015-09-01 16:09 - 2015-04-19 07:20 - 00000626 _____ C:\Users\Nigel\AppData\Roaming\Yh6RAYBCKfDqZn8Ex4ojeFTY04
2015-09-01 00:29 - 2011-02-20 05:07 - 00000000 ____D C:\ProgramData\Norton
2015-08-31 23:53 - 2012-09-07 13:43 - 00002121 _____ C:\Windows\epplauncher.mif
2015-08-31 23:40 - 2014-04-04 09:41 - 00000000 ____D C:\Users\Nigel\AppData\Roaming\Skype
2015-08-31 16:33 - 2013-10-22 12:16 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-08-31 16:33 - 2012-10-19 13:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-31 16:33 - 2012-09-24 01:42 - 00002543 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
2015-08-31 16:33 - 2012-09-07 13:43 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-31 16:33 - 2012-09-07 12:27 - 00001385 _____ C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2015-08-31 16:33 - 2012-09-07 12:18 - 00002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Walmart Photo Center.lnk
2015-08-31 16:33 - 2012-09-07 12:18 - 00002074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
2015-08-31 16:33 - 2012-09-07 12:18 - 00001864 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Rhapsody.lnk
2015-08-31 16:33 - 2011-02-20 04:48 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-08-31 16:33 - 2011-02-20 04:48 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-08-31 16:33 - 2011-01-09 04:56 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-08-31 16:33 - 2011-01-09 04:56 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-08-31 16:33 - 2011-01-09 04:56 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-08-31 16:33 - 2011-01-09 04:56 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-08-31 16:33 - 2011-01-09 04:51 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2015-08-31 16:33 - 2009-07-13 23:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-31 16:33 - 2009-07-13 23:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-08-31 16:33 - 2009-07-13 23:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-08-31 16:33 - 2009-07-13 23:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-08-31 16:33 - 2009-07-13 23:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-08-31 16:32 - 2015-07-20 11:33 - 00001075 _____ C:\Users\Public\Desktop\Firestorm-Beta.lnk
2015-08-31 16:32 - 2015-07-19 23:43 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-31 16:32 - 2015-02-11 13:50 - 00001170 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-08-31 16:32 - 2015-01-12 10:43 - 00001111 _____ C:\Users\Public\Desktop\Firestorm-Release.lnk
2015-08-31 16:32 - 2014-03-29 22:02 - 00002213 _____ C:\Users\Nigel\Desktop\HP Support Assistant.lnk
2015-08-31 16:32 - 2013-11-10 16:13 - 00000942 _____ C:\Users\Public\Desktop\LeapFrog Connect.lnk
2015-08-31 16:32 - 2013-11-02 01:57 - 00001005 _____ C:\Users\Nigel\Desktop\Dropbox.lnk
2015-08-31 16:32 - 2013-08-15 15:00 - 00001988 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2015-08-31 16:32 - 2013-01-09 19:11 - 00001001 _____ C:\Users\Nigel\Desktop\WinRAR.lnk
2015-08-31 16:32 - 2012-09-11 01:33 - 00002360 _____ C:\Users\Nigel\Desktop\Google Chrome.lnk
2015-08-31 16:32 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-08-31 16:32 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-08-31 16:31 - 2014-10-02 17:27 - 00000000 ____D C:\Users\Guest
2015-08-31 14:24 - 2012-09-07 13:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-31 03:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SchCache
2015-08-31 03:16 - 2014-09-26 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-30 21:23 - 2012-09-11 01:30 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000Core.job
2015-08-30 17:03 - 2014-04-16 18:30 - 00000000 ____D C:\Windows\Minidump
2015-08-30 17:02 - 2014-04-16 18:30 - 521994899 _____ C:\Windows\MEMORY.DMP
2015-08-28 21:19 - 2012-09-11 01:30 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000UA
2015-08-28 21:18 - 2012-09-11 01:30 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-148046159-277398598-540584137-1000Core
2015-08-26 17:24 - 2012-10-18 02:57 - 00000000 ____D C:\Users\Nigel\AppData\Local\CrashDumps
2015-08-14 12:24 - 2013-10-22 12:14 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-13 12:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-08-13 11:41 - 2009-07-13 23:45 - 00421408 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 11:38 - 2014-12-11 17:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 11:38 - 2014-05-06 16:15 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 08:16 - 2013-07-11 10:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 08:14 - 2012-09-07 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 08:12 - 2012-09-07 16:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 08:12 - 2012-09-07 16:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 07:53 - 2013-07-11 10:12 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 07:39 - 2012-09-07 14:24 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-13 07:04 - 2012-09-07 13:38 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-13 07:04 - 2012-09-07 13:38 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-13 07:04 - 2012-09-07 13:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Nigel\AppData\Roaming\LHcWjjOX5K
2015-04-19 07:20 - 2015-09-01 16:09 - 0000626 _____ () C:\Users\Nigel\AppData\Roaming\Yh6RAYBCKfDqZn8Ex4ojeFTY04
2014-06-06 21:57 - 2014-06-06 21:58 - 0000084 _____ () C:\Users\Nigel\AppData\Local\DVDPATH.TXT
2012-09-12 14:00 - 2012-09-12 14:00 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-02-20 05:04 - 2011-02-20 05:04 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2011-01-09 05:02 - 2011-01-09 05:02 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-02-20 05:04 - 2011-02-20 05:04 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2011-01-09 05:01 - 2011-01-09 05:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-02-20 05:03 - 2011-02-20 05:03 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-01-09 05:00 - 2011-01-09 05:00 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Nigel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuzz0s.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-22 12:04

==================== End of FRST.txt ============================



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 AM

Posted 08 September 2015 - 07:52 AM


Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

If that fails to reset you Internet continue.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Devices (problems only)
  • List Minidump Files
  • List Restore Points
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
================

Keep me posted.

#12 scorpianf5

scorpianf5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 08 September 2015 - 11:11 AM

** WHEN NOT IN SAFE MODE - WINDOWS SAY "Windows is not genuine" Your computer might be running a counterfeit copy of windows - 

 

HERES THE ZOESK LOG: Computer is running the same in safe mode , but still no internet.

 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Nigel on Tue 09/08/2015 at  9:50:46.70.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK No Internet Access Detected
Launched: C:\Users\Nigel\Desktop\COMPUTER INFECTION REPAIR\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\b6380599-0a17-4fd7-a1e1-22ec41b6723e deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\App37 deleted successfully
C:\Users\Nigel\AppData\Roaming\c deleted successfully
C:\Users\Nigel\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Nigel\AppData\Roaming\TP deleted successfully
C:\Users\Nigel\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\Nigel\AppData\Local\SecondLife deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-148046159-277398598-540584137-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\y0s4hn2q.default
 
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20150908_1005_.backup
 
ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\h79blnr5.default
 
user.js not found
---- Lines Search  removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Search Module");
user_pref("browser.search.selectedEngine", "Search Module");
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20150908_1005_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\b6380599-0a17-4fd7-a1e1-22ec41b6723e not found
C:\windows\SysNative\Tasks\HP Photo Creations Messager deleted
C:\found.000 deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Nigel\AppData\Local\Installer deleted
C:\Users\Nigel\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Nigel\AppData\LocalLow\Company deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Windows\Installer\148c703.msi" deleted
"C:\Users\Nigel\AppData\Roaming\LHcWjjOX5K" deleted
"C:\Users\Nigel\AppData\Roaming\Yh6RAYBCKfDqZn8Ex4ojeFTY04" deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn" [09/08/2015 09:28 AM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\h79blnr5.default
- Trnh Qun L Phin - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\h79blnr5.default
D892C77AFA8AFABA6F474A7DA401BD7C - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash
F542B4E8DF11DCF7C974548A2D2BD624 - C:\Users\Nigel\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll - Google Update
49D429EBF5305FC9ADD7545B7C914333 - C:\Users\Nigel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
6BEAD7859E8A087BE04556AB5A78855C - C:\Users\Nigel\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx[07/09/2015 11:03 PM]
iikflkcanblccfahdhdonehdalibjnif - No path found[]
 
Chrome Hotword Shared Module - Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Chromium Startpages ======================
 
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Preferences
ubble":{"nopes":5},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Users\\Nigel\\AppData\\Local\\Google\\Chrome\\Application\\44.0.2403.157","migrated_to_pepper_flash":true,"plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Users\\Nigel\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.89\\PepperFlash\\pepflashplayer.dll","version":"11.3.31.232"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Users\\Nigel\\AppData\\Local\\Google\\Chrome\\Application\\44.0.2403.157\\gcswf32.dll","version":"11,4,402,265"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_4_402_265.dll","version":"11,4,402,265"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Users\\Nigel\\AppData\\Local\\Google\\Chrome\\Application\\44.0.2403.157\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Users\\Nigel\\AppData\\Local\\Google\\Chrome\\Application\\44.0.2403.157\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.4.38"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Java™ Platform SE 7 U7","path":"C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll","version":"10.7.2.10"},{"enabled":true,"name":"Java Deployment Toolkit 7.0.70.10","path":"C:\\Windows\\SysWOW64\\npDeployJava1.dll","version":"10.7.2.10"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Windows Live Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"15.4.3508.1109_ship.wlx.w4m4 (ship)"},{"enabled":true,"name":"Windows Live Photo Gallery"},{"enabled":true,"name":"Google Update","path":"C:\\Users\\Nigel\\AppData\\Local\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll","version":"1.3.21.111"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\Windows\\SysWOW64\\Adobe\\Director\\np32dsw.dll","version":"11.5.8r612"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll","version":"5.1.10411.0"},{"enabled":true,"name":"Silverlight"}],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"Save as PDF\",\"selectedDestinationOrigin\":\"local\",\"undefined\":{\"version\":\"1.0\",\"printer\":{\"collate\":{\"default\":true},\"color\":{\"option\":[{\"type\":\"STANDARD_COLOR\",\"is_default\":true},{\"type\":\"STANDARD_MONOCHROME\",\"is_default\":false}]},\"copies\":{\"default\":1},\"duplex\":{\"option\":[{\"type\":\"NO_DUPLEX\",\"is_default\":true},{\"type\":\"LONG_EDGE\",\"is_default\":false}]},\"page_orientation\":{\"option\":[{\"type\":\"PORTRAIT\",\"is_default\":true},{\"type\":\"LANDSCAPE\"}]}}},\"selectedDestinationName\":\"Save as PDF\",\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":null,\"selectedDestinationExtensionId\":\"\",\"selectedDestinationExtensionName\":\"\",\"mediaSize\":{\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"width_microns\":215900,\"custom_display_name\":\"Letter\"},\"customMargins\":null,\"vendorOptions\":{},\"marginsType\":0}","savePath":"C:\\Users\\Nigel\\Documents"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]homecsrs.com,*":{"setting":1},"[*.]prezi.com,*":{"setting":1},"http://www.netflix.com:80,http://www.netflix.com:80":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{"https://plus.google.com:443,*":{"last_used":1439167466.928249,"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]homecsrs.com,*":{"fullscreen":1},"[*.]prezi.com,*":{"fullscreen":1},"http://www.netflix.com:80,http://www.netflix.com:80":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1}},"pref_version":1},"created_by_version":"21.0.1180.89","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"First user","password_manager_groups_for_domains":[4,null,null,null,null,4,0,6],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false,"rejected_email_list":["zachsca@gmail.com","zachsca@siu.edu"]},"savefile":{"default_directory":"C:\\Users\\Nigel\\Downloads","type":1},"selectfile":{"last_directory":"C:\\Users\\Nigel\\Documents"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13035003088555538"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"extension_settings":true,"extensions":false,"favicon_images":true,"favicon_tracking":true,"history_delete_directives":true,"keep_everything_synced":false,"managed_user_settings":false,"managed_user_shared_settings":false,"managed_user_whitelists":false,"managed_users":false,"memory_warning_count":82,"passwords":true,"preferences":false,"priority_preferences":false,"search_engines":false,"sessions":true,"suppress_start":false,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":10,"view_count":10},"translate_accepted_count":{"es":0,"pt":0},"translate_blocked_languages":["en"],"translate_denied_count":{"es":6,"pt":9},"translate_whitelists":{},"webkit":{"webprefs":{"allow_running_insecure_content":true}},"zerosuggest":{"cachedresults":""}}
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{08415150-9D33-4318-8FAE-EBF4772E3CE4}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{08415150-9D33-4318-8FAE-EBF4772E3CE4} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{F0571A5E-6EA3-4B49-B174-9C1C71D11655} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DFBCF2F-CF92-A5C0-EA41-57DEA2FB4D46} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=32 folders=25 25551038 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Nigel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Nigel\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Tue 09/08/2015 at 11:01:07.08 ======================
 
 
-----------------=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

 

 

 

 

 

 

HERE IS THE MINIBOX RESULT LOG: 

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Nigel (administrator) on 08-09-2015 at 11:06:27
Running from "C:\Users\Nigel\Desktop\COMPUTER INFECTION REPAIR"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: HP Pavilion g7 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Network
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Broadcom 4313 802.11b/g/n = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
set subinterface interface=?) subinterface=ethernet_6 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Nigel-HP
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : CC-52-AF-5C-63-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
   Physical Address. . . . . . . . . : 00-FF-B0-16-7A-06
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom 4313 802.11b/g/n
   Physical Address. . . . . . . . . : CC-52-AF-5C-63-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:cef2:2c0:895:f298:3ade:cb4d(Preferred) 
   Temporary IPv6 Address. . . . . . : 2602:306:cef2:2c0:40e4:cd84:e664:1d16(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::895:f298:3ade:cb4d%13(Preferred) 
   Autoconfiguration IPv4 Address. . : 169.254.203.77(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : fe80::bae6:25ff:fe50:d9a1%13
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 98-4B-E1-C5-F3-6E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  192.168.1.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...cc 52 af 5c 63 62 ......Microsoft Virtual WiFi Miniport Adapter
 15...00 ff b0 16 7a 06 ......Juniper Network Connect Virtual Adapter
 13...cc 52 af 5c 63 62 ......Broadcom 4313 802.11b/g/n
 12...98 4b e1 c5 f3 6e ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    169.254.203.77    281
   169.254.203.77  255.255.255.255         On-link    169.254.203.77    281
  169.254.255.255  255.255.255.255         On-link    169.254.203.77    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    169.254.203.77    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    169.254.203.77    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    281 ::/0                     fe80::bae6:25ff:fe50:d9a1
  1    306 ::1/128                  On-link
 13     33 2602:306:cef2:2c0::/64   On-link
 13    281 2602:306:cef2:2c0:895:f298:3ade:cb4d/128
                                    On-link
 13    281 2602:306:cef2:2c0:40e4:cd84:e664:1d16/128
                                    On-link
 13    281 fe80::/64                On-link
 13    281 fe80::895:f298:3ade:cb4d/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/08/2015 11:01:05 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (09/08/2015 11:01:05 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C
 
Error: (09/08/2015 09:55:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18933, time stamp: 0x55a6a16f
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x5f4
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3
 
Error: (09/08/2015 09:55:22 AM) (Source: .NET Runtime) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.InternalSubStringWithChecks(Int32, Int32, Boolean)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
Error: (09/08/2015 09:55:16 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = zoek.exe restore point; Error = 0x8007043c).
 
Error: (09/08/2015 09:46:23 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (09/08/2015 09:42:37 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (09/08/2015 09:42:37 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C
 
Error: (09/08/2015 09:36:58 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
Error: (09/08/2015 09:31:04 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
 
System errors:
=============
Error: (09/08/2015 11:03:32 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error: 
%%5
 
Error: (09/08/2015 11:03:30 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error: 
%%5
 
Error: (09/08/2015 11:03:26 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error: 
%%5
 
Error: (09/08/2015 11:03:26 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error: 
%%5
 
Error: (09/08/2015 11:01:16 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error: 
%%5
 
Error: (09/08/2015 11:01:16 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error: 
%%5
 
Error: (09/08/2015 11:01:16 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/08/2015 11:01:16 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/08/2015 11:01:14 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (09/08/2015 11:01:08 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-08-31 00:16:03.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:16:03.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:23.106
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.988
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.802
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:22.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-31 00:13:21.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Browser Cleanup (HKCU\...\Avast Browser Cleanup) (Version: 10.3.2223.101 - AVAST Software)
Bejeweled 2 Deluxe (HKLM-x32\...\WT087428) (Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.61 - Broadcom Corporation)
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden
Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )
Canon MG2100 series User Registration (HKLM-x32\...\Canon MG2100 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Chuzzle Deluxe (HKLM-x32\...\WT087453) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco NAC Agent  (HKLM-x32\...\{0CB855E9-B05A-41C7-B743-C286A08433D0}) (Version: 4.9.2.8 - Cisco Systems, Inc.)
Cool VL Viewer 1.26.8 (HKLM-x32\...\Cool VL Viewer 1.26.8) (Version: 1.26.8.51 - Cool Products)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3525 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3609 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (HKLM-x32\...\WT087360) (Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT087361) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT087362) (Version: 2.2.0.95 - WildTangent) Hidden
Firestorm-Beta (remove only) (HKLM-x32\...\Firestorm-Beta) (Version: 4.7.1.45325 - The Phoenix Firestorm Project, Inc.)
Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version: 4.6.9.42974 - The Phoenix Firestorm Project, Inc.)
globalupdate Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.0 - globalupdate Inc.) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Graboid Video 3.56 (HKLM-x32\...\Graboid Video) (Version: 3.56 - Graboid Inc.)
Graboid Video 3.56 Setup (HKLM-x32\...\{53a20ac6-2f62-44f7-aebb-426670ec8eda}) (Version: 3.5.6 - FUSENET)
Heroes of Hellas 2 - Olympia (HKLM-x32\...\WT087372) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version:  - Zecter Inc.)
HP Documentation (HKLM-x32\...\{0C107330-16DF-4D39-AA74-0E5448AED9E8}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{424E8E17-A7B7-45B5-8C79-D58F04D9D920}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{1AE1848C-D592-4222-8048-AEE1694D2959}) (Version: 25.0.621.0 - Hewlett-Packard Co.)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6315.0 - IDT)
Intel® Chipset Device Software (HKLM-x32\...\{5ae11e9e-c192-4030-97b5-2f83e0edf570}) (Version: 10.0.24 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Quest Solitaire 2 (HKLM-x32\...\WT087379) (Version: 2.2.0.95 - WildTangent) Hidden
Juniper Installer Service (HKLM-x32\...\{F63A119C-3778-4EFE-BD8C-56597A695D34}) (Version: 7.1.0.19757 - Juniper Networks)
Juniper Networks Network Connect 7.2.0 (HKLM-x32\...\Juniper Network Connect 7.2.0) (Version: 7.2.0.20761 - Juniper Networks)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.740 - Kaspersky Lab) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.740 - Kaspersky Lab)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3429 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3429 - CyberLink Corp.)
LeapFrog Connect (HKLM-x32\...\{D92CDE0F-D085-4B86-AAD0-4F50655BD8C6}) (Version: 5.1.26.18340 - LeapFrog) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.1.26.18340 - LeapFrog)
LeapFrog Leapster Explorer Plugin (HKLM-x32\...\{047132CC-678B-4ADB-8E39-6552787CE3E2}) (Version: 5.1.26.18340 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (HKLM-x32\...\WT089299) (Version: 2.2.0.95 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.2.15 - Symantec Corporation)
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
Phoenix Viewer 1.6.0.1691 (HKLM-x32\...\{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1) (Version:  - PhoenixViewer.com)
PhoenixViewer (remove only) (HKLM-x32\...\PhoenixViewer) (Version:  - )
Plants vs. Zombies (HKLM-x32\...\WT087501) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4725 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4725 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}) (Version: 1.0.22 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (HKLM-x32\...\{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Singularity (64 bit) (remove only) (HKLM-x32\...\Singularity (64 bit)) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Virtual Families (HKLM-x32\...\WT087414) (Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\WT087533) (Version: 2.2.0.95 - WildTangent) Hidden
 
========================= Devices: ================================
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Device ID: ROOT\LEGACY_SPLDR\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 15%
Total physical RAM: 3893.86 MB
Available physical RAM: 3290.32 MB
Total Virtual: 7785.92 MB
Available Virtual: 7204.62 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:450.97 GB) (Free:286.2 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.49 GB) (Free:1.81 GB) NTFS
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive h: (USB20FD) (Removable) (Total:7.59 GB) (Free:7.59 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\NIGEL-HP
 
Administrator            Guest                    Nigel                    
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\041614-21918-01.dmp
========================= Restore Points ==================================
 
 
**** End of log ****


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 AM

Posted 11 September 2015 - 10:48 AM


Sorry for this delay. I missed your reply.


Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : attlocal.net
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 98-4B-E1-C5-F3-6E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 192.168.1.1


This is what is being reported in your FRST log.

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{14B51C86-D4E8-441C-BFAF-C21B907DD5D4}: [DhcpNameServer] 192.168.1.1 <-----
Tcpip\..\Interfaces\{A52B2FDA-99ED-42E9-B8E9-72F9142E9EC3}: [DhcpNameServer] 192.168.1.254

I'm not very familiar with this so I suggest you ask in the Networking forum is you need help reviewing this IP address.

http://www.bleepingcomputer.com/forums/f/21/networking/

#14 scorpianf5

scorpianf5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 11 September 2015 - 06:34 PM

How? When it's not primarily a network issue? It's a issue within the computer as it won't connect to any network. Just not the network itself. This happened after the farbar ran and scan and a fix under your instructions. So what now ? I'm trying to get this issue resolved by Saturday - thanks

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:16 AM

Posted 12 September 2015 - 08:42 AM

I would you could restore you system to a date prior to the date when the problem began.


I can only suggest that your reset your router.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Any other questions on this issues should be addressed in the Networking network.
http://www.bleepingcomputer.com/forums/f/21/networking/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users