Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected


  • This topic is locked This topic is locked
177 replies to this topic

#1 tripleblack

tripleblack

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 01 November 2015 - 04:06 PM

I have a 64 bit Windows 7 machine which uses 50% or more CPU capacity at all times, even when there are no programs running! I have a virtual XP installed, but which I very rarely run. Not only do I get the CPU fan screaming all the time, but on startup, I get a warning sound and" whose source is usbmon. when I look in event viewer, there is a message stating "detected unrecognized usb driver whose source is usbmon.

 

Please help as  I think that this virus has already burned out some memory (which I have recently replaced) and now concerned that it will destroy my CPU as well.

 

I turn on the computer only in limited amounts of time to seek help. Machine runs much slower than it normally does.

 

Should I start up in SAFE mode to save my hardware until this is resolved.

 

Thank you.

Joe C


Edited by tripleblack, 01 November 2015 - 04:07 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:36 PM

Posted 06 November 2015 - 10:46 AM

Greetings Joe and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Edited by Oh My!, 06 November 2015 - 10:47 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 07 November 2015 - 03:24 PM

Thank you OhMy and good to meet you.

Please excuse my tardy response but I try to run my computer ine VERY limited bursts, as this virus has already destroyed my RAM (I am running on new RAM as we speak). and I am worried that the CPU will be next to die as it is being driven at AT LEAST 50% with no apps running.

Two things before we start, if you don't mind:

 

1. I had aVMware virtual XP machine installed, which I have already uninstalled. I suspect that one of the programs installed therein might have been infected. I uninstalled the virtual machine already. PLEASE INSRTUCT ME as to the best way to delete the virtual partition before we begin.

 

2. I have a multiboot system, with UBUNTU inasalled along with my Windows 7 64 bit OS. If the bootloader is infected, must something be done with the MBR before we begin?

 

3. I am running my CPU mildly overclocked. Should I eliminate this before we begin?

 

Thanks,

Joe C

 

PS: Please lets get started ASAP, as , again, I don't want to overdrive my CPU and risk killing it along with my new RAM sticks.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:36 PM

Posted 07 November 2015 - 03:32 PM

Greetings,

For the Virtual Drive see here.

----------
 

I am running my CPU mildly overclocked. Should I eliminate this before we begin?


Yes

----------

Regarding the bootloader I don't know until we take a look at things. Before running the FRST scan place a check mark in List BCD under the Optional Scan section.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 07 November 2015 - 03:54 PM

Gary,

 

I have never seen a VHD in Disk Management, and I never did. It doesn't appear now so I assume that either I was wrong about originally creating one, or the uninstallation of VHWare automatically eliminated it.

 

One more thing: I have an SSHD primary drive where both os's are installed. I have a conventional HDD where my data is stored.

 

I will now reset the CPU clocking to normal, run the first set of instructions, and post the results as instructed.



#6 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 07 November 2015 - 04:33 PM

I have reset the BIOS to eliminate overclocking and back to default. I will now begin the process per instructions.



#7 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 07 November 2015 - 04:44 PM

Here are the first results will do second test now.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Joe Ciaravino (administrator) on GLORIA (07-11-2015 16:37:00)
Running from C:\Users\Joe Ciaravino\Desktop
Loaded Profiles: Joe Ciaravino (Available Profiles: Joe Ciaravino)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\findstr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTHELPER.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM\...\Run: [AsioThk32Reg] => %SYSTEMROOT%\SYSWOW64\REGSVR32.EXE /S %SYSTEMROOT%\SYSWOW64\CTASIO.DLL
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2014-03-31] (RealNetworks, Inc.)
HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\Run: [SetDefaultMIDI] => C:\Windows\system32\MIDIDef.exe [35840 2005-08-03] (Creative Technology Ltd)
HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-02-09]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136
Tcpip\..\Interfaces\{7FD350ED-A4B7-481B-8EB4-15749E21A757}: [DhcpNameServer] 167.206.245.135 167.206.245.136

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Joe Ciaravino\AppData\Roaming\Mozilla\Firefox\Profiles\gxb4a4cx.default
FF Homepage: hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-03-31] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-03-31] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-31] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> ""
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll => No File
CHR Profile: C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-10]
CHR Extension: (YouTube) - C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-16]
CHR Extension: (Google Search) - C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-10]
CHR Extension: (Google Docs Offline) - C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-10]
CHR Extension: (RealPlayer Downloader) - C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-10]
CHR Extension: (Gmail) - C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-10]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 HPSLPSVC; C:\Users\JOECIA~1\AppData\Local\Temp\7zS34CB\hpslpsvc64.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151552 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctac32k; C:\Windows\System32\drivers\ctac32k.sys [573952 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctaud2k; C:\Windows\System32\drivers\ctaud2k.sys [738560 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [695808 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [208896 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [316928 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [169472 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [356864 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctprxy2k; C:\Windows\System32\drivers\ctprxy2k.sys [9728 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [676864 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ctsfm2k; C:\Windows\System32\drivers\ctsfm2k.sys [284160 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 emupia; C:\Windows\System32\drivers\emupia2k.sys [130048 2005-08-03] (Creative Technology Ltd) [File not signed]
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
S3 esgiguard; no ImagePath
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10208 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10848 2014-11-18] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-10-29] ()
S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [1300480 2005-08-03] (Creative Technology Ltd) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 ossrv; C:\Windows\System32\drivers\ctoss2k.sys [205824 2005-08-03] (Creative Technology Ltd.) [File not signed]
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R3 SCTDriverV1011; C:\Windows\System32\drivers\SCTDriverV1011.sys [261712 2012-10-26] (Jungo)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [95232 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 16:37 - 2015-11-07 16:37 - 00020665 _____ C:\Users\Joe Ciaravino\Desktop\FRST.txt
2015-11-07 16:36 - 2015-11-07 16:37 - 00000000 ____D C:\FRST
2015-11-07 16:35 - 2015-11-07 16:35 - 02198528 _____ (Farbar) C:\Users\Joe Ciaravino\Desktop\FRST64.exe
2015-10-31 17:58 - 2015-10-31 17:59 - 00001595 _____ C:\Users\Joe Ciaravino\Desktop\MalwareBytes.lnk
2015-10-31 17:55 - 2015-10-31 17:55 - 01992641 _____ C:\Users\Joe Ciaravino\Desktop\MGtools.exe
2015-10-31 17:54 - 2015-10-31 17:55 - 11336600 _____ (SurfRight B.V.) C:\Users\Joe Ciaravino\Desktop\HitmanPro_x64.exe
2015-10-31 17:54 - 2015-10-31 17:54 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Joe Ciaravino\Desktop\tdsskiller.exe
2015-10-31 17:53 - 2015-10-31 17:53 - 24925400 _____ (Adlice Software ) C:\Users\Joe Ciaravino\Desktop\RogueKiller.exe
2015-10-31 17:47 - 2015-11-07 16:24 - 00001736 _____ C:\Windows\setupact.log
2015-10-31 17:47 - 2015-10-31 17:47 - 00000000 _____ C:\Windows\setuperr.log
2015-10-31 09:20 - 2015-10-31 09:20 - 00000000 ____D C:\Users\Joe Ciaravino\AppData\Local\CEF
2015-10-31 09:19 - 2015-11-03 17:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-31 09:19 - 2015-10-31 09:19 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-29 18:24 - 2015-10-29 18:29 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-10-28 09:28 - 2015-10-28 09:28 - 00003214 _____ C:\Windows\System32\Tasks\{699F0075-0422-422C-B7AD-DC0068D75365}
2015-10-25 15:45 - 2015-10-25 15:45 - 00000000 ____D C:\Users\Joe Ciaravino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
2015-10-25 15:45 - 2015-10-25 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
2015-10-25 15:45 - 2015-10-25 15:45 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner
2015-10-25 15:40 - 2015-10-25 15:40 - 00001471 _____ C:\JRT.txt
2015-10-25 15:28 - 2015-10-25 15:28 - 00000000 ____D C:\ProgramData\Emsisoft
2015-10-25 15:13 - 2015-10-25 15:31 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-10-25 15:13 - 2015-03-23 23:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-10-25 14:53 - 2015-10-25 14:53 - 00019545 _____ C:\ComboFix.txt
2015-10-25 14:19 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-25 14:19 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-25 14:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-25 14:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-25 14:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-25 14:19 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-25 14:19 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-25 14:19 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-25 10:58 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-25 10:58 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-25 10:58 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-25 10:58 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-25 10:58 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-25 10:58 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-25 10:58 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-25 10:58 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-25 10:58 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-25 10:58 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-25 10:58 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-25 10:58 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-25 10:58 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-25 10:58 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-25 10:58 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-25 10:58 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-25 10:58 - 2015-09-14 14:45 - 03210240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-10-25 10:58 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-10-25 10:58 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-10-25 10:58 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-10-25 10:58 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-10-25 10:58 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-10-25 10:57 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-25 10:57 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-25 10:57 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-25 10:57 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-25 10:57 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-25 10:57 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-25 10:57 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-25 10:57 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-25 10:57 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-25 10:57 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-25 10:57 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-25 10:57 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-25 10:57 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-25 10:57 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-25 10:57 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-25 10:57 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-25 10:57 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-25 10:57 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-25 10:57 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-25 10:57 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-25 10:57 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-25 10:57 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-25 10:57 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-25 10:57 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-25 10:57 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-25 10:57 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-25 10:57 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-25 10:57 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-25 10:57 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-25 10:57 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-25 10:57 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-25 10:57 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-25 10:57 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-25 10:57 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-25 10:57 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-25 10:57 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-25 10:57 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-25 10:57 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-25 10:57 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-25 10:57 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-25 10:57 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-25 10:57 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-25 10:57 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-25 10:57 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-25 10:57 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-25 10:57 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-25 10:57 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-25 10:57 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-25 10:57 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-25 10:57 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-25 10:57 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-25 10:57 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-25 10:57 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-25 10:57 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-25 10:57 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-25 10:57 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-25 10:57 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-25 10:57 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-25 10:57 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-25 10:57 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-25 10:57 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-25 10:57 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-25 10:57 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-25 10:57 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-25 10:57 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-25 10:57 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-25 10:57 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-25 10:57 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-25 10:57 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-25 10:57 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-25 10:57 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-25 10:57 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-25 10:57 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-25 10:57 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-25 10:57 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-25 10:57 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-25 10:57 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-25 10:56 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-25 10:56 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-25 10:56 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-25 10:56 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-25 10:56 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-25 10:56 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-25 10:56 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-25 10:56 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-25 10:56 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-25 10:56 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-25 10:56 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-25 10:56 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-25 10:56 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-25 10:56 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-25 10:56 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-25 10:56 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-25 10:56 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-25 10:56 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-25 10:56 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-25 10:56 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-25 10:56 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-25 10:56 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-25 10:56 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-25 10:56 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-25 10:56 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-25 10:56 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-25 10:56 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-25 10:56 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-25 10:56 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-25 10:56 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-25 10:56 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-25 10:56 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-25 10:56 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-25 10:56 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-25 10:56 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-25 10:56 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-25 10:56 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-25 10:56 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-25 10:56 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-25 10:56 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-25 10:56 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-25 10:56 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-25 10:56 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-25 10:56 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-25 10:56 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-25 10:56 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-25 10:56 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-25 10:56 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-25 10:56 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-25 10:56 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-25 10:56 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-25 10:56 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-25 10:56 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-25 10:56 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-25 10:56 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-25 10:56 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-25 10:56 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-25 10:56 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-25 10:56 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-25 10:56 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-25 10:56 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-25 10:56 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-25 10:56 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-25 10:56 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-25 10:56 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-25 10:56 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-25 10:56 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-25 10:56 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-25 10:56 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-25 10:56 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-10-25 10:56 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-10-25 10:56 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-10-25 10:56 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-10-25 10:56 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-10-25 10:56 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-10-25 10:56 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-10-25 10:56 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-10-25 10:56 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-10-25 10:56 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-10-25 10:56 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-10-25 10:56 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-10-25 10:56 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-10-25 10:56 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-10-25 10:56 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-10-25 10:56 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-10-25 10:56 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-10-25 10:56 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-25 10:56 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-14 17:07 - 2015-10-14 17:07 - 00001803 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-14 17:07 - 2015-10-14 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-14 17:07 - 2015-10-14 17:07 - 00000000 ____D C:\Program Files\iTunes
2015-10-14 17:07 - 2015-10-14 17:07 - 00000000 ____D C:\Program Files\iPod
2015-10-14 17:06 - 2015-10-14 17:06 - 00000000 ____D C:\Program Files\Bonjour
2015-10-14 17:06 - 2015-10-14 17:06 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-14 17:06 - 2015-10-14 17:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 16:32 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-07 16:32 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-07 16:28 - 2009-07-14 00:13 - 00782450 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 16:27 - 2014-02-13 13:42 - 01228560 _____ C:\Windows\WindowsUpdate.log
2015-11-07 16:25 - 2014-03-11 19:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 16:24 - 2014-03-11 19:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 16:24 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-07 15:09 - 2014-02-14 17:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-07 15:03 - 2014-02-24 16:22 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7792D992-6378-4096-99DA-F26822365D03}
2015-11-06 12:53 - 2009-07-14 00:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-04 17:46 - 2015-03-09 15:10 - 00000000 ____D C:\ProgramData\VMware
2015-11-04 17:42 - 2015-03-10 16:27 - 00000000 ____D C:\Users\Joe Ciaravino\AppData\Roaming\VMware
2015-11-04 17:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-04 17:28 - 2015-03-09 15:16 - 00000000 ____D C:\Users\Joe Ciaravino\AppData\Local\VMware
2015-11-02 08:34 - 2015-09-05 10:11 - 00007604 _____ C:\Users\Joe Ciaravino\AppData\Local\Resmon.ResmonCfg
2015-10-31 17:38 - 2015-06-20 15:13 - 00000000 ____D C:\Users\Joe Ciaravino\AppData\Local\CrashDumps
2015-10-31 17:38 - 2014-12-28 17:22 - 00000000 ____D C:\Windows\Minidump
2015-10-31 09:20 - 2014-08-29 10:46 - 00000000 ____D C:\Users\Joe Ciaravino\AppData\Local\Adobe
2015-10-31 09:19 - 2014-12-23 10:29 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-31 09:19 - 2014-02-13 12:31 - 00000000 ____D C:\ProgramData\Adobe
2015-10-31 09:15 - 2014-06-28 19:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-29 18:28 - 2014-02-13 11:58 - 00030528 _____ C:\Windows\GVTDrv64.sys
2015-10-29 18:28 - 2014-02-13 11:58 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys
2015-10-29 18:19 - 2014-02-13 10:58 - 00000010 _____ C:\Windows\GSetup.ini
2015-10-27 09:56 - 2014-02-22 22:02 - 00000000 ___RD C:\Users\Joe Ciaravino\Desktop\TOOLBOX
2015-10-26 07:21 - 2015-04-08 13:10 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-25 15:52 - 2014-02-14 19:39 - 00000635 _____ C:\Users\Joe Ciaravino\AppData\Roaming\burnaware.ini
2015-10-25 15:49 - 2014-04-12 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CompCams Software
2015-10-25 15:31 - 2014-02-28 22:44 - 00000000 ____D C:\ProgramData\TEMP
2015-10-25 15:02 - 2014-03-06 21:03 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-10-25 14:53 - 2015-06-30 11:34 - 00000000 ____D C:\Qoobox
2015-10-25 14:51 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-10-25 13:14 - 2015-06-30 11:34 - 00000000 ____D C:\Windows\erdnt
2015-10-25 11:13 - 2015-02-06 18:21 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
2015-10-25 11:09 - 2009-07-13 23:45 - 00276392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-25 11:08 - 2015-04-08 13:10 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-25 11:08 - 2014-12-10 08:53 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-25 11:08 - 2014-04-23 08:07 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-25 11:08 - 2014-02-13 13:52 - 00000000 ____D C:\Windows\system32\MRT
2015-10-25 11:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-25 10:37 - 2014-03-31 13:03 - 00003352 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2896351573-1439903457-3680831720-1000
2015-10-25 10:37 - 2014-03-31 13:03 - 00003234 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2896351573-1439903457-3680831720-1000
2015-10-25 10:37 - 2014-03-21 17:59 - 00000000 ____D C:\Users\Joe Ciaravino\AppData\Roaming\Audacity
2015-10-24 08:52 - 2014-03-11 19:50 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-22 11:29 - 2014-02-13 11:11 - 00000000 ____D C:\Program Files (x86)\AMD
2015-10-22 11:29 - 2014-02-13 11:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-17 13:09 - 2014-02-14 17:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-17 13:09 - 2014-02-13 17:12 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 13:09 - 2014-02-13 17:12 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 17:58 - 2014-03-15 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-10-14 17:27 - 2014-06-28 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-14 17:27 - 2014-06-28 19:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-14 17:15 - 2015-02-02 18:08 - 00000000 ____D C:\Users\Joe Ciaravino\Desktop\iPhone Backup In iCloud
2015-10-14 17:07 - 2015-07-15 18:58 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-10-14 17:07 - 2014-04-11 07:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-14 17:06 - 2014-04-11 07:29 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

==================== Files in the root of some directories =======

2014-02-14 19:39 - 2015-10-25 15:52 - 0000635 _____ () C:\Users\Joe Ciaravino\AppData\Roaming\burnaware.ini
2014-04-25 16:53 - 2014-04-25 16:57 - 0000161 _____ () C:\Users\Joe Ciaravino\AppData\Roaming\settings.xml
2015-04-26 12:35 - 2015-04-26 12:37 - 0000030 _____ () C:\Users\Joe Ciaravino\AppData\Roaming\splitterdirectorys.txt
2015-09-05 10:11 - 2015-11-02 08:34 - 0007604 _____ () C:\Users\Joe Ciaravino\AppData\Local\Resmon.ResmonCfg
2015-02-07 20:53 - 2015-02-07 20:53 - 0000000 _____ () C:\Users\Joe Ciaravino\AppData\Local\{E2F6AB0C-5286-489C-BF61-9F384A0ADA49}
2014-02-28 18:28 - 2014-02-28 18:28 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\Joe Ciaravino\Power Scheme When PLEX Server Runs.bat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-22 09:48

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Joe Ciaravino (2015-11-07 16:37:34)
Running from C:\Users\Joe Ciaravino\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-13 15:42:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2896351573-1439903457-3680831720-500 - Administrator - Disabled)
Guest (S-1-5-21-2896351573-1439903457-3680831720-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2896351573-1439903457-3680831720-1004 - Limited - Enabled)
Joe Ciaravino (S-1-5-21-2896351573-1439903457-3680831720-1000 - Administrator - Enabled) => C:\Users\Joe Ciaravino

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft Camera Suite (HKLM-x32\...\{AD708DF0-9F04-4CB3-821A-85804A833B4D}) (Version: - )
ArcSoft MediaImpression 2 (HKLM-x32\...\{3D9326E1-E378-48A6-A82B-800147E63306}) (Version: 2.0.50.560 - ArcSoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BurnAware Free 6.9.3 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
Camera Window (x32 Version: 4.5.2 - Canon) Hidden
CamQuest6 Cam Selection.0408 (HKLM-x32\...\CamQuest6 Cam Selection.0408) (Version: 6.0.1.111807.D - ProRacing Sim, LLC.)
Canon Camera Window for ZoomBrowser EX (HKLM-x32\...\InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}) (Version: 4.5.2 - Canon)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon PhotoRecord (HKLM-x32\...\{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}) (Version: 02.00.00029 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}) (Version: 0.9.0 - Canon)
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{F0FC315A-7D1D-444F-BB96-A59B28179626}) (Version: 1.0.1 - Canon)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.8.0.17 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.1.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{C05E2D43-A05F-4835-A15C-CD0AD1576506}) (Version: 3.1.11 - Canon)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.9.0.1 - Canon Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DCR Calculator (HKLM-x32\...\ST6UNST #1) (Version: - )
Drag2003 v4.05 (HKLM-x32\...\Drag2003_is1) (Version: - Motion Software)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Dyno2003 v4.05 (HKLM-x32\...\Dyno2003_is1) (Version: - Mottion Software)
EaseUS Partition Master 10.2 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version: - Eusing Software)
Free PNG To JPG Converter (HKLM-x32\...\{A2440851-7707-4AE6-86A6-DE4982E902D2}) (Version: 1.0.0 - Free Picture Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LiveLink Gen-II (HKLM-x32\...\{43C73E7E-7408-45A1-A738-64DDD9ED7C9F}) (Version: 2.3.11.0 - SCT Performance LLC)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Manual CanoScan LiDE 60 (HKLM-x32\...\{23B72D50-1C7E-491C-8086-9E060051D316}) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - )
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
nLite 1.4.9.3 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
PhotoStitch (x32 Version: 3.1.11 - Canon) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
RAW Image Task (x32 Version: 0.9.0 - Canon) Hidden
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.007 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 3.75 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RemoteCapture Task 1.0.1 (x32 Version: 1.0.1 - Canon) Hidden
SCT Device Updater (HKLM-x32\...\{1E05E69C-38E3-40A8-96BA-07900EE62F4F}) (Version: 2.9.8.91 - SCT)
SCTDriversV1011x64 (HKLM\...\{8210330D-4DDA-4356-9941-3B19F8E8A15C}) (Version: 11.0.0 - SCT Performance LLC)
SeaMonkey 2.38 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.38 (x86 en-US)) (Version: 2.38 - Mozilla)
SolveigMM AVI Trimmer (HKLM-x32\...\SolveigMM AVI Trimmer 2.0.1210.11) (Version: 2.0.1210.11 - Solveig Multimedia)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Webcam Driver (HKLM-x32\...\{3D029F75-BF59-42CE-9B2B-BE25D0F67B80}) (Version: 2.2.3.6 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPEP 7 (HKLM-x32\...\InstallShield_{A0568C61-9443-43F3-9938-E573A3BEFB7B}) (Version: 7.5.1.14 - Dynojet Research Inc.)
WinPEP 7 (x32 Version: 7.5.1.14 - Dynojet Research Inc.) Hidden
WinZip (HKLM-x32\...\WinZip) (Version: 8.1 (4331) - WinZip Computing, Inc.)
Zeitronix Data Logger (HKLM-x32\...\{FACFDC50-6015-456F-B6EF-612DD07B7B2D}) (Version: 2.0.18 - Zeitronix)
Zeitronix Data Logger v3.1.6 (HKLM-x32\...\ZDL_v3.1.6_is1) (Version: 3.1.6 - Zeitronix)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F70D503-9468-D082-5545-01EE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5926A83F-9468-D082-6938-57A885889A47} => No File

==================== Restore Points =========================

25-10-2015 10:58:42 Windows Update
25-10-2015 15:36:49 JRT Pre-Junkware Removal
29-10-2015 09:44:15 Windows Update
29-10-2015 18:21:15 Installed Easy Tune 6 B13.1029.1
01-11-2015 15:25:12 Windows Update
05-11-2015 07:55:34 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-10-25 14:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02A9F27E-4187-4E18-B48D-19788AD16763} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2896351573-1439903457-3680831720-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {116E4A8C-F0D2-401F-BDFD-22E261B2D223} - System32\Tasks\{402124F0-27C6-4BA2-8FC5-C71329EBC8D4} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"c:\program files (x86)\Performance Trends\Uninst.isu"
Task: {1215C8B5-E478-4CC4-8C11-E541BA365BC6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {1871861E-8ECD-4281-AA16-5FA13F0F3154} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2896351573-1439903457-3680831720-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {18FF0BC3-E32E-4F06-A121-5CDD9CCAB502} - \LaunchSignup -> No File <==== ATTENTION
Task: {1EB97E61-57EE-454B-8E3D-F6E3CBBA703C} - System32\Tasks\{8539F1B9-FA95-410A-BC01-37A53DC398B7} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\PowerPoint to Video Converter Free\Uninstall.exe"
Task: {2218BAA9-69F7-4CDD-9014-768C6143253F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2896351573-1439903457-3680831720-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {35F13A67-5699-4211-B549-A903B4339B58} - System32\Tasks\{DB53EDD4-535F-4437-8980-194C8C628019} => pcalua.exe -a "D:\Downloads\Downloads From Old Computer\Eng Analyzer v3.0\EA\Disk_1\SETUP.EXE" -d "D:\Downloads\Downloads From Old Computer\Eng Analyzer v3.0"
Task: {4F25188E-9004-4965-960B-ABDDBB96D655} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {558062C5-7C7F-466D-B205-3149B86063E9} - System32\Tasks\{46374FEF-CA6D-47F2-85F8-40842D0471C9} => pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe" -c /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A} /x
Task: {65790FF2-46CE-4441-9609-35AA22DF06C4} - System32\Tasks\{593AF642-97B1-4B69-BBEB-8833ACD3A042} => pcalua.exe -a "C:\Users\Joe Ciaravino\Desktop\StartupCPL.exe" -d "C:\Users\Joe Ciaravino\Desktop"
Task: {79DA9D2C-EF2A-4D14-8853-582075D5BB32} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2896351573-1439903457-3680831720-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {903903E3-2045-40BD-92E9-83E0574DFDE0} - System32\Tasks\HP AR Program Upload - 3adb73ff941d4fff9a1ea0c78fbe712ebd30ca52ddc441f2a7f1fdd1bf8bdc48 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {A2E8C90A-B4BD-4A05-AC02-7457F0C95189} - System32\Tasks\{7C795235-923D-478D-A043-36F9BDD90E92} => pcalua.exe -a D:\Downloads\930-enu-xp.exe -d D:\Downloads
Task: {AB476FAA-762C-4602-B01F-3DC925DB8030} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2896351573-1439903457-3680831720-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {AD051689-70E2-4064-8601-05922FA920D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B604C545-D261-462E-8446-3274A1ECA978} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {C0541C7D-A9E0-464C-91C4-62FA9D678DE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C1824C76-9F84-4BD3-8F99-0E3A089C4CC4} - System32\Tasks\ScanToPCActivationApp.exe_{F55E28E5-8B70-4863-A2A4-929B6A310471} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C5E02D61-4953-4808-B44A-E0BA61C443EB} - System32\Tasks\{699F0075-0422-422C-B7AD-DC0068D75365} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
Task: {D065A999-A0A9-4E1C-8E60-24A0C2EED026} - System32\Tasks\HP AR Program Upload - 8219b32f91fc4822a13f08ee73ddefc56d5efffe42e74e34b07a3646e7317f4a => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {EAB7EC39-8336-4689-8ED0-EE1F6A22795F} - System32\Tasks\plexpowerscheme => cmd.exe /c "C:\scheduled\plex.bat"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2896351573-1439903457-3680831720-1000.job => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

==================== Loaded Modules (Whitelisted) ==============

2013-08-30 19:47 - 2013-08-30 19:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 14:41 - 2012-10-22 14:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 14:42 - 2012-10-22 14:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-30 13:46 - 2014-04-08 09:13 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2015-03-20 09:28 - 2014-11-18 13:44 - 00255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe
2013-08-30 19:47 - 2013-08-30 19:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-30 13:39 - 2014-04-08 09:08 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2015-03-20 09:28 - 2014-02-13 14:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\traynet.dll
2015-03-20 09:28 - 2014-02-13 14:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\libcurl.dll
2015-03-20 09:28 - 2014-02-13 14:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\zlib1.dll
2015-03-20 09:28 - 2014-02-13 14:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\uexper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2896351573-1439903457-3680831720-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe Ciaravino\AppData\Roaming\Mozilla\SeaMonkey\Desktop Background.bmp
DNS Servers: 167.206.245.135 - 167.206.245.136
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6C7ACE2C-8370-4A1A-B713-AB11A9BDDCBF}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
FirewallRules: [{2A4A5147-D099-4E11-982E-29E4D61BF64D}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
FirewallRules: [TCP Query User{F9029A06-4691-4364-931C-AA7E028D7D6F}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Block) C:\program files (x86)\gigabyte\et6\updexe.exe
FirewallRules: [UDP Query User{D8928402-A650-4A0A-AC09-EAFA90581817}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Block) C:\program files (x86)\gigabyte\et6\updexe.exe
FirewallRules: [TCP Query User{394526BE-BB0A-40FF-83AB-4C57C23FF89E}C:\program files (x86)\gigabyte\et6\gbtupd.exe] => (Block) C:\program files (x86)\gigabyte\et6\gbtupd.exe
FirewallRules: [UDP Query User{90F76842-C53B-4174-A096-E534EF4C4CFD}C:\program files (x86)\gigabyte\et6\gbtupd.exe] => (Block) C:\program files (x86)\gigabyte\et6\gbtupd.exe
FirewallRules: [{8D55E899-318D-47B3-9285-EAEF5C833C97}] => (Allow) C:\Users\Joe Ciaravino\AppData\Local\Temp\7zS34CB\hppiw.exe
FirewallRules: [{76AFB8F8-BA18-4DA7-8EE1-659797A574C4}] => (Allow) C:\Users\Joe Ciaravino\AppData\Local\Temp\7zS34CB\hppiw.exe
FirewallRules: [{9EA66103-6CEE-4B60-B201-0B1665539457}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{BC79F6C4-F84B-435C-97C7-78DEE8D1BDEE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{491DD1EF-3CE3-4590-97F2-BC14BBE42314}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{0521B7A3-D07F-460C-BF5D-1F499A4495E8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{8D887A29-73FC-4AED-B2B8-D6D618F14FCC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{854125DC-F11D-4B58-8AB6-CB45825D74A6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{C25AD042-5677-44B4-8359-6F9EE90915F9}C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe] => (Allow) C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe
FirewallRules: [UDP Query User{2634694E-8D99-449B-BAEE-691628EE2E12}C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe] => (Allow) C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe
FirewallRules: [{4D27748F-1752-482B-ABDD-5A68C106045B}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{B6380D3C-AE95-4E54-9497-B30659A049C2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{A0AF90EB-1FF7-434D-81F3-76B76E7933D7}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{12457FCD-F405-4BAE-B43D-8F91E06EA176}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
FirewallRules: [{D7543C9F-E3A2-4A2D-A946-8CDFD8A9495C}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
FirewallRules: [{CD3E67D3-C4DB-40F0-A3F8-10E9BED6C9D5}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{098CF1A7-CFBE-419B-87B5-3A3AA45F8CA5}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{EDB74C1F-5442-4F93-A1DF-C1A354D0B444}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{75D6178F-EABE-4926-AAEF-DE12C85D4FC4}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{459AA70F-E19F-41A1-BF71-7BADD85DF950}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
FirewallRules: [{EA0D85BD-C9F8-4FEA-9E35-7D144422FA34}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
FirewallRules: [{5BB790A3-611B-49CE-8AB7-100E76543F06}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
FirewallRules: [{C7CCF441-A6BB-4B33-A64D-89CDB6F764F5}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
FirewallRules: [{53CE83A5-3DB7-42E9-A40D-E96CAEE96631}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
FirewallRules: [{67C78ED5-1C87-4819-8AFD-59CE9000C531}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
FirewallRules: [{ED41C21B-F205-4E81-897B-8E698A850B68}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
FirewallRules: [{E50DB017-2473-4A1E-A03B-FCE74412C717}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
FirewallRules: [TCP Query User{CFE97FB2-76C8-45FA-8CB5-A555D34BF443}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [UDP Query User{91C09B9F-F696-4150-A4A8-C1871577FC0C}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [TCP Query User{31B538D4-8844-4E59-B509-8651417633E5}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Block) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [UDP Query User{AA8FE101-312E-45AC-A281-2169D8081857}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Block) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [TCP Query User{76C985CD-8517-408A-A7A3-8B5EC3305AF8}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{0711892B-C61D-494C-BCF1-B966AC1C3864}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [{F3A447DD-4124-4D17-AF2F-227BFBD457C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6EE84EE0-6FB4-4BE7-9572-38095D05690A}] => (Allow) LPort=2869
FirewallRules: [{EEB459B0-78B1-420B-A348-1B1737F6D038}] => (Allow) LPort=1900
FirewallRules: [{54FE8A41-5D56-4D28-8799-A5F73147E276}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9644BBF9-2B4A-4B65-89AF-11B5263AD235}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4BC7340-7F2C-4B60-8EF4-A658841046A7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57FEAEE0-39AE-47A8-A5F5-094E103E5217}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B888B351-64C9-4443-A256-A7DB227FB0CB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2CBB9585-5606-42F9-894F-3B7AC277F806}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2015 04:26:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2015 03:02:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2015 10:22:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 02:40:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 02:08:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 02:02:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 12:55:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 12:23:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 11:19:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 09:04:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/07/2015 04:24:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%2

Error: (11/07/2015 03:00:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%2

Error: (11/07/2015 10:20:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%2

Error: (11/06/2015 02:38:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%2

Error: (11/06/2015 02:06:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%2

Error: (11/06/2015 02:00:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%2

Error: (11/06/2015 12:53:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%2

Error: (11/06/2015 12:21:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%2

Error: (11/06/2015 11:17:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%2

Error: (11/06/2015 10:43:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%2


CodeIntegrity:
===================================
Date: 2015-10-25 15:51:28.486
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-25 15:51:28.439
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-20 15:36:20.928
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PEAuth.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-30 12:38:50.429
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-06-30 12:38:50.397
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-21 17:22:45.930
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-21 17:22:45.883
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-21 17:21:59.581
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-21 17:21:59.550
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\CTAUD2K.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-21 17:21:27.461
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTEDSPSY.DLL because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A6-6400K APU with Radeon™ HD Graphics
Percentage of memory in use: 18%
Total physical RAM: 7363.72 MB
Available physical RAM: 6027.2 MB
Total Virtual: 14725.65 MB
Available Virtual: 13276.02 MB

==================== Drives ================================

Drive c: (Windows 7 System) (Fixed) (Total:210.31 GB) (Free:145.85 GB) NTFS
Drive d: (Joe Ciaravino DATA) (Fixed) (Total:931.51 GB) (Free:881.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 581F5F9E)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 07 November 2015 - 05:46 PM.


#8 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 07 November 2015 - 05:07 PM

Here is the system info zip file:

 


Summary fileAttached File  Summary.zip   43.54KB   3 downloads



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:36 PM

Posted 07 November 2015 - 06:31 PM

Thank you.

Could you try to create and attach another System Summary report? The first one looks like it is corrupted.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll => No File
S3 HPSLPSVC; C:\Users\JOECIA~1\AppData\Local\Temp\7zS34CB\hpslpsvc64.dll [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 esgiguard; no ImagePath
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
CustomCLSID: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F70D503-9468-D082-5545-01EE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5926A83F-9468-D082-6938-57A885889A47} => No File
Task: {18FF0BC3-E32E-4F06-A121-5CDD9CCAB502} - \LaunchSignup -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 07 November 2015 - 07:31 PM

I do not understand.

Please be more specific.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:36 PM

Posted 07 November 2015 - 08:22 PM

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 08 November 2015 - 01:15 PM

Gary,

 

I tried running the System Summary six times last night and had to take a break. All six times the msinfo32 failed to complete and/or delivered a bad logfile. In all cases the program wouldn't respond when I tried to close it. I rebooted after getting the fixlog for you. SHOULD I TRY THE SYS SUMMARY AGAIN? DID THE FIXLOG FIX THE PROBLEM WITH THE SUMMARY LOG? I hate to run the machine for long periods because the CPY fan is screaming like a banshee.

 

I can "copy" logfiles but when I left click in the reply area, I don't get a "paste" option, which is why I have had to attach files. What can I do to solve this, if anything?

 

I must attach the fixlog at this time.



#13 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 08 November 2015 - 01:20 PM

Sorry....I had to attach it.
 
Cannot paste unless I reply in the normal way, by replying with quote at bottom of post.

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Joe Ciaravino (2015-11-08 13:05:12) Run:1
Running from C:\Users\Joe Ciaravino\Desktop
Loaded Profiles: Joe Ciaravino (Available Profiles: Joe Ciaravino)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll => No File
S3 HPSLPSVC; C:\Users\JOECIA~1\AppData\Local\Temp\7zS34CB\hpslpsvc64.dll [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 esgiguard; no ImagePath
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
CustomCLSID: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F70D503-9468-D082-5545-01EE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-2896351573-1439903457-3680831720-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5926A83F-9468-D082-6938-57A885889A47} => No File
Task: {18FF0BC3-E32E-4F06-A121-5CDD9CCAB502} - \LaunchSignup -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0" => key removed successfully
C:\Users\Joe Ciaravino\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => not found.
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll => not found.
HPSLPSVC => service removed successfully
AppMgmt => service removed successfully
esgiguard => service removed successfully
Bulk1528 => service removed successfully
Ca1528av => service removed successfully
catchme => service removed successfully
vmci => service removed successfully
VMnetAdapter => service removed successfully
"HKU\S-1-5-21-2896351573-1439903457-3680831720-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}" => key removed successfully
"HKU\S-1-5-21-2896351573-1439903457-3680831720-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18FF0BC3-E32E-4F06-A121-5CDD9CCAB502}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18FF0BC3-E32E-4F06-A121-5CDD9CCAB502}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => key not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 13:05:14 ====

Attached Files


Edited by Oh My!, 08 November 2015 - 03:31 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,947 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:36 PM

Posted 08 November 2015 - 03:33 PM

OK, please do this.

===================================================

Identifying Errors in Device Manager

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Click View, then Show Hidden Devices
  • Expand all categories
  • Identify and report on any entry showing a warning or error
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Any warinings or errors?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 08 November 2015 - 07:03 PM

I am a complete novice. Please tell me what I should do next.

Thank you.

I am signing off now for the night.


Edited by tripleblack, 08 November 2015 - 07:04 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users