Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High memory usage with multiple conhost.exe, msiexec.exe, svchost.exe, etc.


  • This topic is locked This topic is locked
30 replies to this topic

#1 candresbeltran

candresbeltran

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 08 December 2015 - 11:50 AM

Hi,

 

I have been having issues with my computer with some processes that get launched and consumes most of the computer memory, up to a point that the computer suddenly shuts down. The interesting thing is that when Internet access gets disconnected, most of those processes disappear and the computer memory goes back to normal.

 

I have run the FRST64.exe from my external HD and here are the results. I hope you guys can help me out.

 

Thanks.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by SYSTEM on MININT-NTEMCOB (08-12-2015 08:21:27)
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1573504 2011-06-03] (Conexant Systems, Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-11-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1734544 2015-11-13] (APN)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2014-06-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-09-26] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Andres Beltran\...\Run: [Google Update] => C:\Users\Andres Beltran\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\Andres Beltran\...\Run: [googletalk] => C:\Users\Andres Beltran\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\Andres Beltran\...\Run: [cdloader] => C:\Users\Andres Beltran\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\Andres Beltran\...\Run: [MusicManager] => C:\Users\Andres Beltran\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-05-29] (Google Inc.)
HKU\Andres Beltran\...\Run: [GoogleChromeAutoLaunch_881DDA5CC50F72C0C32A1305234880A6] => C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\chrome.exe [741704 2015-11-24] (Google Inc.)
HKU\Andres Beltran\...\Run: [Spotify Web Helper] => C:\Users\Andres Beltran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-17] (Spotify Ltd)
HKU\Andres Beltran\...\Run: [Dropbox Update] => C:\Users\Andres Beltran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-25] (Dropbox, Inc.)
HKU\Andres Beltran\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50515584 2015-11-17] (Skype Technologies S.A.)
HKU\Andres Beltran\...\Run: [RSA3091558760] => C:\Windows\system32\rundll32.exe ",DllInitialize
Startup: C:\Users\Andres Beltran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-13]
ShortcutTarget: Dropbox.lnk ->  (No File)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-11-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-11-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-11-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-11-05] (Avira Operations GmbH & Co. KG)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198544 2015-11-13] (APN LLC.)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [28288 2011-06-03] (Conexant Systems, Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-11-05] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-01] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-30] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-11-05] (Avira Operations GmbH & Co. KG)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
S3 MCfilt; C:\Windows\System32\drivers\MCfilt64.sys [32344 2010-12-08] (Creative Technology Ltd.)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Accelern.sys E0065CBF1A25C015C218457D2CD522B9
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\AMPPAL.sys 9921E78BC29634235F4BF5809E7E8CDE
C:\Windows\System32\DRIVERS\amppal.sys 9921E78BC29634235F4BF5809E7E8CDE
C:\Windows\system32\drivers\appid.sys 27DABFB4A6B0140C34DBEC713469592B
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgntflt.sys 03C6DEB5C74C8140C2167677DBE2F79A
C:\Windows\System32\DRIVERS\avipbb.sys 043E5F34C3878C844568658B79B3E55C
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\System32\DRIVERS\avnetflt.sys 080860E03F0219AF0A0377A02292741F
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\drivers\btmaud.sys 0A6CD4C79C92EEC0FA60B1EEA2677B37
C:\Windows\System32\DRIVERS\btmaux.sys 270FBA230E78E25726D065A924589A72
C:\Windows\System32\DRIVERS\btmhsf.sys 40C6FEC49D1CC4D112368A2BCD2BCBB7
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EC0511BB85BAA42A9734011685A6732C
C:\Windows\System32\drivers\CHDRT64.sys 64AABED297B4A6B14DDFB48565207DB1
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys DF214BFF646880D0EB31BDC86136B29B
C:\Windows\System32\drivers\DDDriver64Dcsa.sys B56714DED87E29377F1EE930691DADA2
C:\Windows\System32\drivers\DellProf.sys DC3BD578642252FD9569B9CD75CEF81E
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys D469B77687E12FE43E344806740B624D
C:\Windows\System32\DRIVERS\iaStorA.sys 57CD95DEB3529181BCC931DD2DFB2341
C:\Windows\System32\DRIVERS\iaStorF.sys CE5CD8CBE940965867D507AB8EA2795A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\iBtFltCoex.sys FC47F5CF561BF0FD897EFD1A9604DCCF
C:\Windows\System32\DRIVERS\igdkmd64.sys 6383899C5F964D71B0F96B81FBE59BB8
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\intelaud.sys CADDF0927DAC63EDAE48F5C35A61D87D
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iwdbus.sys 716F66336F10885D935B08174DC54242
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys BCC83F22805F560C8A487F2F296A78FE
C:\Windows\System32\Drivers\ksecpkg.sys 33D52A96BEEE8AFCE9E07EEC9FE0C9DB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 173666119D217E3739205C169E2BF0E5
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MCfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys 73ADDCC406B86E7DA4416691E8E74BDA
C:\Windows\System32\DRIVERS\mrxsmb10.sys 7C81098FBAF2EAF5B54B939F832B0F61
C:\Windows\System32\DRIVERS\mrxsmb20.sys ACB763673BCCE6C7B3B8F858C9FE4F1F
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETwNs64.sys AC69618DE5BCCE8747C9AB0AAE1003C1
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 01266516E6E88D183A2B58722EEB4443
C:\Windows\System32\DRIVERS\nusb3xhc.sys 5EC04F55CC5F165F21752712437DF638
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 135A64530D7699AD48F29D73A658DD11
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 21AB491BBCC8C1B26FDC402A374AB196
C:\Windows\System32\DRIVERS\Sftplaylh.sys 3B8D43FEEFF7A187534DDDFD675FE123
C:\Windows\System32\DRIVERS\Sftredirlh.sys F1D1B1DC7A8765A09D7640FBF8D20970
C:\Windows\System32\DRIVERS\Sftvollh.sys B3B9ADE7F8C4AF0C20E712E040588543
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\stdcfltn.sys 92E7F6666633D2DD91D527503DAA7BE0
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys AAD83760A0887975D8F524B4D2C86060
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\tihub3.sys 4DA8FF05C0FD3E5026003FFB76238471
C:\Windows\system32\drivers\tixhci.sys 9372B5596C187C846EC6DDC5859007A5
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys 91D3C92A44FC682DD791147604E79152
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys F7FFDF2A1D19A76A87759126B244C816
C:\Windows\System32\DRIVERS\usbhub.sys 245FE7FC634D6A993E682E0A9EBA4ABB
C:\Windows\system32\drivers\usbohci.sys C1A8966E0D09BFB501045105B30D86F2
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 2E682DCE4319A90E02A327F8A427544A
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 18:44 - 2015-12-06 18:44 - 00000000 ____D C:\Users\Andres Beltran\Downloads\The Hunger Games Mockingjay - Part 1 2014.1080p.BluRay 5.1.x264 . NVEE
2015-12-05 17:19 - 2015-12-05 17:19 - 00000000 ____D C:\Users\Andres Beltran\AppData\LocalLow\BitTorrent
2015-12-05 16:52 - 2015-12-05 17:00 - 00000000 ____D C:\Users\Andres Beltran\Downloads\The Hunger Games Mockingjay Part 1 (2014) HDRip XviD-MAXSPEED
2015-12-04 07:47 - 2015-12-04 07:47 - 00015253 _____ C:\Users\Andres Beltran\Downloads\4550.tmp
2015-12-04 07:45 - 2015-12-04 07:45 - 00015253 _____ C:\Users\Andres Beltran\Downloads\50BF.tmp
2015-12-03 20:09 - 2015-12-03 20:09 - 00000000 ____D C:\Windows\System32\Archive
2015-12-03 17:19 - 2015-12-03 19:36 - 00048486 _____ C:\Users\Andres Beltran\Desktop\Addition.txt
2015-12-03 17:08 - 2015-12-03 20:41 - 00082011 _____ C:\Users\Andres Beltran\Desktop\FRST.txt
2015-12-03 17:07 - 2015-12-08 08:21 - 00000000 ____D C:\FRST
2015-12-01 21:08 - 2015-12-01 21:10 - 00293978 _____ C:\Windows\ntbtlog.txt
2015-12-01 20:19 - 2015-12-01 20:19 - 00000000 ____D C:\ProgramData\Reimage Protector
2015-12-01 20:18 - 2015-12-01 20:19 - 00001863 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-12-01 20:18 - 2015-12-01 20:19 - 00001863 _____ C:\ProgramData\Desktop\PC Scan & Repair by Reimage.lnk
2015-12-01 20:18 - 2015-12-01 20:18 - 00000000 ____D C:\Program Files\Reimage
2015-12-01 20:17 - 2015-12-01 20:18 - 02350080 _____ (Farbar) C:\Users\Andres Beltran\Desktop\FRST64.exe
2015-12-01 20:17 - 2015-12-01 20:18 - 00000000 ____D C:\rei
2015-12-01 20:14 - 2015-12-03 20:01 - 00000120 _____ C:\Windows\Reimage.ini
2015-12-01 20:13 - 2015-12-01 20:13 - 00772016 _____ (Reimage®) C:\Users\Andres Beltran\Desktop\ReimageRepair.exe
2015-11-16 10:50 - 2015-12-01 16:27 - 00000000 ____D C:\Users\Andres Beltran\Downloads\Adobe Acrobat XI Pro 11.0.7 Multilanguage [ChingLiu]
2015-11-16 10:46 - 2015-12-01 16:27 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-11-13 14:22 - 2015-11-13 14:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-13 13:12 - 2015-12-05 17:50 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-11-13 13:12 - 2015-11-13 13:12 - 00004042 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-11-13 13:12 - 2015-11-13 13:12 - 00003232 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-11-13 13:11 - 2015-12-01 16:17 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-11-13 13:11 - 2015-11-13 13:11 - 00000000 ____D C:\Program Files\Dell Support Center
2015-11-13 10:49 - 2015-11-03 11:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-11-11 10:07 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-11-11 10:07 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-11-11 10:07 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-11-11 10:07 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-11-11 10:07 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-11-11 10:07 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-11-11 10:07 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-11-11 10:07 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-11-11 10:07 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-11-11 10:07 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-11-11 10:07 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-11-11 10:07 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 10:07 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 10:07 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 10:07 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 10:07 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 10:06 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-11-11 10:06 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 10:06 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-11-11 10:06 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-11-11 10:06 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-11-11 10:06 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-11-11 10:06 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-11-11 10:06 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-11-11 10:06 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 10:06 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-11-11 10:06 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 10:06 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 10:06 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-11-11 10:06 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 10:06 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 10:06 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2015-11-11 10:06 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 10:06 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 10:06 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 10:06 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 10:06 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 10:06 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 10:06 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 10:06 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-11-11 10:06 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-11-11 10:06 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 10:06 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 10:06 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 10:06 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 10:06 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 10:06 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 10:06 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 10:06 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 10:06 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-11-11 10:06 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 10:06 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 10:05 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-11-11 10:05 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-11-11 10:05 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-11-11 10:05 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-11-11 10:05 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-11-11 10:05 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-11-11 10:05 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-11-11 10:05 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-11-11 10:05 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-11-11 10:05 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-11-11 10:05 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-11-11 10:05 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-11-11 10:05 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-11-11 10:05 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-11-11 10:05 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-11-11 10:05 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 10:05 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 10:05 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-11-11 10:05 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-11-11 10:05 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-11-11 10:05 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-11-11 10:05 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 10:05 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-11-11 10:05 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 10:05 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 10:05 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 10:05 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-11-11 10:05 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 10:05 - 2015-10-19 19:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-11-11 10:05 - 2015-10-19 19:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-11-11 10:05 - 2015-10-19 19:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-11-11 10:05 - 2015-10-19 19:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-11-11 10:05 - 2015-10-19 19:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-11-11 10:05 - 2015-10-19 19:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-11-11 10:05 - 2015-10-19 19:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-11-11 10:05 - 2015-10-19 19:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-11-11 10:05 - 2015-10-19 19:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-11-11 10:05 - 2015-10-19 19:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-11-11 10:05 - 2015-10-19 19:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-11-11 10:05 - 2015-10-19 19:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-11-11 10:05 - 2015-10-19 19:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-11-11 10:05 - 2015-10-19 19:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-11-11 10:05 - 2015-10-19 19:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-11-11 10:05 - 2015-10-19 18:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 10:05 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 10:05 - 2015-10-19 18:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 10:05 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 10:05 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 10:05 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 10:05 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 10:05 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 10:05 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 10:05 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 10:05 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 10:05 - 2015-10-19 18:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 10:05 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 10:05 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 10:05 - 2015-10-19 18:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 10:05 - 2015-10-19 18:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 10:05 - 2015-10-19 18:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 10:05 - 2015-10-19 18:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 10:05 - 2015-10-19 18:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 10:05 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 10:05 - 2015-10-19 18:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 10:05 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 10:05 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 17:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2015-11-11 10:05 - 2015-10-19 17:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2015-11-11 10:05 - 2015-10-19 17:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-11-11 10:05 - 2015-10-19 17:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 10:05 - 2015-10-19 17:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 10:05 - 2015-10-19 17:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 17:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 17:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 10:05 - 2015-10-19 17:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 10:05 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-11-11 10:05 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll
2015-11-11 10:05 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 10:04 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\apphelp.dll
2015-11-11 10:04 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\System32\aelupsvc.dll
2015-11-11 10:04 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\sdbinst.exe
2015-11-11 10:04 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\shimeng.dll
2015-11-11 10:04 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 10:04 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 10:04 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 10:04 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2015-11-11 10:04 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2015-11-11 10:04 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2015-11-11 10:04 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll
2015-11-11 10:04 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\jnwmon.dll
2015-11-11 10:04 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-09 12:04 - 2015-11-09 12:04 - 00000957 _____ C:\Windows\System32\Drivers\etc\hosts.txt
2015-11-09 11:49 - 2015-11-09 11:49 - 00002142 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2015-11-09 11:49 - 2015-11-09 11:49 - 00002142 _____ C:\ProgramData\Desktop\Adobe FormsCentral.lnk
2015-11-09 11:49 - 2015-11-09 11:49 - 00002028 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2015-11-09 11:49 - 2015-11-09 11:49 - 00002028 _____ C:\ProgramData\Desktop\Adobe Acrobat XI Pro.lnk
2015-11-09 10:54 - 2015-11-11 09:41 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-11-09 10:17 - 2015-11-09 11:43 - 00000000 ____D C:\Users\Andres Beltran\Desktop\Adobe Acrobat XI
2015-11-09 09:55 - 2015-11-09 10:02 - 00000000 ____D C:\Users\Andres Beltran\Downloads\Adobe Acrobat XI Pro 11.0.12
2015-11-05 11:40 - 2015-11-05 11:40 - 01222144 _____ C:\Users\Andres Beltran\Desktop\-2080929374.pdf
2015-11-05 11:17 - 2015-11-05 11:17 - 00003820 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-11-05 11:14 - 2015-11-05 11:15 - 00139265 _____ C:\Users\Andres Beltran\Desktop\Carlos Beltran - CV.pdf
2015-11-05 10:39 - 2015-11-05 10:39 - 01169047 _____ C:\Users\Andres Beltran\Desktop\Carlos Beltran - Diploma Ingeniería Química.pdf
2015-11-05 10:16 - 2015-10-01 12:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-11-05 10:16 - 2015-10-01 12:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-11-05 10:16 - 2015-10-01 12:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2015-11-05 10:16 - 2015-10-01 12:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2015-11-05 10:16 - 2015-10-01 12:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2015-11-05 10:16 - 2015-10-01 12:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2015-11-05 10:16 - 2015-10-01 12:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2015-11-05 10:16 - 2015-10-01 11:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-11-05 10:16 - 2015-10-01 11:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2015-11-05 10:16 - 2015-08-06 12:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-11-05 10:16 - 2015-08-06 12:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2015-11-05 10:16 - 2015-08-06 11:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-11-05 10:16 - 2015-08-06 11:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-11-05 10:13 - 2015-09-18 13:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2015-11-05 10:13 - 2015-09-18 13:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-11-05 10:13 - 2015-09-18 13:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-11-05 10:13 - 2015-09-18 13:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-11-05 10:13 - 2015-09-18 13:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-11-05 10:13 - 2015-09-18 13:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-11-05 10:13 - 2015-09-18 13:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-eventing-provider-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2015-11-05 10:13 - 2015-07-18 07:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 00:29 - 2015-10-13 00:29 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-10-13 00:22 - 2015-10-13 00:22 - 00869568 _____ (Microsoft Corporation) C:\Windows\System32\msvcr120_clr0400.dll
2015-09-30 15:42 - 2015-09-30 15:42 - 00000000 _____ C:\Windows\SysWOW64\sho3100.tmp
2015-09-30 11:45 - 2015-09-30 11:45 - 00000000 __HDC C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-08 07:55 - 2015-06-25 10:38 - 00000954 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000UA.job
2015-12-08 07:53 - 2009-07-13 22:45 - 00026448 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-08 07:53 - 2009-07-13 22:45 - 00026448 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-08 07:41 - 2015-06-25 10:38 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000Core.job
2015-12-08 07:38 - 2015-09-01 14:36 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000Core.job
2015-12-08 07:38 - 2011-08-24 17:28 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000UA.job
2015-12-07 07:41 - 2015-07-03 11:44 - 00000000 ___RD C:\Users\Andres Beltran\Dropbox
2015-12-07 07:41 - 2012-01-11 13:38 - 00000000 ____D C:\Users\Andres Beltran\AppData\Roaming\Dropbox
2015-12-07 07:41 - 2011-08-24 17:28 - 00000000 ____D C:\Users\Andres Beltran\AppData\Roaming\Skype
2015-12-07 07:36 - 2011-08-03 17:01 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-12-07 07:32 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-06 19:23 - 2011-12-07 21:46 - 00000000 ____D C:\Users\Andres Beltran\AppData\Roaming\BitTorrent
2015-12-04 07:33 - 2015-09-01 14:38 - 00003536 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000Core
2015-12-04 07:33 - 2011-08-24 17:28 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000UA
2015-12-03 19:50 - 2009-07-13 23:13 - 00006506 _____ C:\Windows\System32\PerfStringBackup.INI
2015-12-03 19:34 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-03 18:28 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-12-01 21:24 - 2011-08-24 17:28 - 00000000 ____D C:\Users\Andres Beltran\AppData\Local\Google
2015-12-01 21:21 - 2011-08-03 17:03 - 00000000 ____D C:\ProgramData\Skype
2015-12-01 16:36 - 2011-08-24 14:40 - 00129072 _____ C:\Users\Andres Beltran\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-01 16:30 - 2011-08-24 14:40 - 00000000 ____D C:\users\Andres Beltran
2015-12-01 16:28 - 2015-04-23 12:47 - 00000000 ____D C:\Windows\System32\appraiser
2015-12-01 16:28 - 2015-04-07 11:26 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-01 16:28 - 2015-04-07 11:26 - 00000000 ___SD C:\Windows\System32\GWX
2015-12-01 16:28 - 2014-05-25 02:30 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-12-01 16:28 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-01 16:28 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-01 16:27 - 2014-08-12 18:59 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-01 16:27 - 2014-08-05 23:20 - 00000000 ____D C:\Users\Andres Beltran\AppData\Local\AskPartnerNetwork
2015-12-01 16:27 - 2014-08-05 23:20 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2015-12-01 16:27 - 2011-09-25 13:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-01 16:27 - 2011-08-24 14:47 - 00000000 ____D C:\Users\Andres Beltran\AppData\Roaming\Creative
2015-12-01 16:27 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-01 16:27 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-01 16:25 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-12-01 16:17 - 2011-08-03 17:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-01 16:17 - 2011-08-03 17:00 - 00000000 ____D C:\ProgramData\Adobe
2015-12-01 16:15 - 2011-08-03 17:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-16 10:58 - 2012-12-04 03:54 - 02216448 ___SH C:\Users\Andres Beltran\Downloads\Thumbs.db
2015-11-16 09:41 - 2015-09-01 16:04 - 00001136 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-11-16 09:41 - 2015-09-01 16:04 - 00001136 _____ C:\ProgramData\Desktop\Avira Launcher.lnk
2015-11-16 09:34 - 2009-07-13 22:45 - 00470704 _____ C:\Windows\System32\FNTCACHE.DAT
2015-11-13 16:39 - 2013-09-17 15:16 - 00000000 ____D C:\Windows\System32\MRT
2015-11-13 16:05 - 2009-07-13 20:34 - 00000510 _____ C:\Windows\win.ini
2015-11-11 09:40 - 2011-08-24 17:22 - 00000000 ____D C:\Users\Andres Beltran\AppData\Roaming\Adobe
2015-11-09 10:56 - 2011-08-31 10:58 - 00000000 ____D C:\Users\Andres Beltran\AppData\Local\Adobe
 
Files to move or delete:
====================
C:\Users\Andres Beltran\gotomypc_438.exe
 
 
Some files in TEMP:
====================
C:\Users\Andres Beltran\AppData\Local\Temp\APNSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\AskSLib.dll
C:\Users\Andres Beltran\AppData\Local\Temp\avgnt.exe
C:\Users\Andres Beltran\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\Delta.exe
C:\Users\Andres Beltran\AppData\Local\Temp\DeltaTB.exe
C:\Users\Andres Beltran\AppData\Local\Temp\DivXSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\Andres Beltran\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc9xzum.dll
C:\Users\Andres Beltran\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Andres Beltran\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Andres Beltran\AppData\Local\Temp\GUR83FD.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\MSN98FF.exe
C:\Users\Andres Beltran\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Andres Beltran\AppData\Local\Temp\PicasaUpdater_28c9.exe
C:\Users\Andres Beltran\AppData\Local\Temp\PicasaUpdater_4ca2.exe
C:\Users\Andres Beltran\AppData\Local\Temp\PicasaUpdater_58c3.exe
C:\Users\Andres Beltran\AppData\Local\Temp\PicasaUpdater_b20.exe
C:\Users\Andres Beltran\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Andres Beltran\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Andres Beltran\AppData\Local\Temp\sqlite3.exe
C:\Users\Andres Beltran\AppData\Local\Temp\tmp7011.tmp.exe
C:\Users\Andres Beltran\AppData\Local\Temp\uttD3A6.tmp.exe
C:\Users\Andres Beltran\AppData\Local\Temp\WSSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point date: 2015-11-16 11:02
Restore point date: 2015-11-16 14:17
Restore point date: 2015-11-17 10:21
Restore point date: 2015-12-03 18:27
Restore point date: 2015-12-07 08:09
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=D:
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {default}
resumeobject            {af68f735-be2d-11e0-95c5-14feb5c058f4}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-us
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {af68f735-be2d-11e0-95c5-14feb5c058f4}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{f194ec6b-be28-11e0-b952-ac72892a7442}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{f194ec6b-be28-11e0-b952-ac72892a7442}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {af68f735-be2d-11e0-95c5-14feb5c058f4}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=D:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {f194ec6b-be28-11e0-b952-ac72892a7442}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 3982.99 MB
Available physical RAM: 3324.16 MB
Total Virtual: 3981.19 MB
Available Virtual: 3325.69 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:178.65 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive f: (My Passport) (Fixed) (Total:297.44 GB) (Free:34.96 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 297.4 GB) (Disk ID: 00035F28)
Partition 1: (Not Active) - (Size=297.4 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2015-12-03 18:20
 
==================== End of FRST.txt ============================

Edited by hamluis, 08 December 2015 - 11:51 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:21 PM

Posted 09 December 2015 - 04:40 PM

Greetings candresbeltran and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like you to disconnect from the Internet, move the FRST.exe file onto the desktop of your computer then run a scan with the default settings. Make sure Addition.txt is checked before scanning the computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Double click FRST.exe
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 candresbeltran

candresbeltran
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 10 December 2015 - 10:57 PM

Hi Gary,

 

Thanks for your assistance.

 

Please find the logs and the attachment requested.

 

Regards,

 

Andres

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Andres Beltran (administrator) on ANDRES (10-12-2015 08:25:28)
Running from C:\Users\Andres Beltran\Desktop
Loaded Profiles: Andres Beltran (Available Profiles: Andres Beltran)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Google Inc.) C:\Users\Andres Beltran\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Spotify Ltd) C:\Users\Andres Beltran\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Temp\9CD14601-B4EF-4D64-B213-6DEC08424A90\DismHost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1573504 2011-06-03] (Conexant Systems, Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-11-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1734544 2015-11-13] (APN)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2014-06-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-09-26] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Run: [Google Update] => C:\Users\Andres Beltran\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Run: [googletalk] => C:\Users\Andres Beltran\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Run: [cdloader] => C:\Users\Andres Beltran\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Run: [MusicManager] => C:\Users\Andres Beltran\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-05-29] (Google Inc.)
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Run: [GoogleChromeAutoLaunch_881DDA5CC50F72C0C32A1305234880A6] => C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\chrome.exe [741704 2015-11-24] (Google Inc.)
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Run: [Spotify Web Helper] => C:\Users\Andres Beltran\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-17] (Spotify Ltd)
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Run: [Dropbox Update] => C:\Users\Andres Beltran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-25] (Dropbox, Inc.)
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50515584 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Run: [RSA3091558760] => C:\Windows\system32\rundll32.exe ",DllInitialize
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\MountPoints2: E - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\MountPoints2: {56069837-ce90-11e0-958b-ac72892a7442} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\MountPoints2: {8c7fe2b4-bb1e-11e2-a347-ac72892a7442} - E:\setup_vmb_lite.exe /checkApplicationPresence
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
Startup: C:\Users\Andres Beltran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1F9E6454-F8C7-4C9A-A311-2EADD4787BC8}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DE60FFDD-5008-430D-9E3B-B3CCC3127FF0}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=104&itype=a&ver=13765&tm=275&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=104&itype=a&ver=13765&tm=275&src=ds&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = 
SearchScopes: HKU\S-1-5-21-1188693244-803552386-2746217484-1000 -> {42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = 
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2011-03-21] (TechSmith Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2011-03-21] (TechSmith Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-13] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2011-03-21] (TechSmith Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2011-03-21] (TechSmith Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKU\S-1-5-21-1188693244-803552386-2746217484-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Andres Beltran\AppData\Roaming\Mozilla\Firefox\Profiles\2th2rkh6.default
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1188693244-803552386-2746217484-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Andres Beltran\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1188693244-803552386-2746217484-1000: @talk.google.com/O1DPlugin -> C:\Users\Andres Beltran\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1188693244-803552386-2746217484-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1188693244-803552386-2746217484-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Andres Beltran\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Andres Beltran\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-01-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: No Name - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-12-01] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.default-search.net?sid=476&aid=104&itype=a&ver=13277&tm=275&src=hmp"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Native Client) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\47.0.2526.73\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\47.0.2526.73\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\47.0.2526.73\gcswf32.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Andres Beltran\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Andres Beltran\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java™ Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (foscam plugin) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajbmdpdjmfgplpciphhfmgdmpkpipkkp [2015-07-13]
CHR Extension: (YouTube) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-12-01]
CHR Extension: (IE Tab) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-12-01]
CHR Extension: (Cuevana Stream) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg [2013-05-02]
CHR Extension: (Skype Click to Call) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-01]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-01-30]
CHR Extension: (Cuevana Stream) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj [2012-05-08] [UpdateUrl: hxxp://www.cuevana.tv/player/plugins/chrome.xml] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Ask Search) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2015-09-30]
CHR Extension: (Google Slides) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-30]
CHR Extension: (foscam plugin) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajbmdpdjmfgplpciphhfmgdmpkpipkkp [2015-09-30]
CHR Extension: (Google Docs) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-30]
CHR Extension: (Google Drive) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-30]
CHR Extension: (YouTube) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-30]
CHR Extension: (Google Sheets) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-30]
CHR Extension: (Avira Browser Safety) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-09-30]
CHR Extension: (Google Docs Offline) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-30]
CHR Extension: (Skype Click to Call) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-09-30]
CHR Extension: (Ask Search) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-09-30]
CHR Extension: (iLivid) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-30]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-09-30]
CHR Extension: (Gmail) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-30]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-11-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-11-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-11-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-11-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198544 2015-11-13] (APN LLC.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [28288 2011-06-03] (Conexant Systems, Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-11-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-11-05] (Avira Operations GmbH & Co. KG)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MCfilt; C:\Windows\System32\drivers\MCfilt64.sys [32344 2010-12-08] (Creative Technology Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 19:44 - 2015-12-06 19:44 - 00000000 ____D C:\Users\Andres Beltran\Downloads\The Hunger Games Mockingjay - Part 1 2014.1080p.BluRay 5.1.x264 . NVEE
2015-12-05 18:19 - 2015-12-05 18:19 - 00000000 ____D C:\Users\Andres Beltran\AppData\LocalLow\BitTorrent
2015-12-05 17:52 - 2015-12-05 18:00 - 00000000 ____D C:\Users\Andres Beltran\Downloads\The Hunger Games Mockingjay Part 1 (2014) HDRip XviD-MAXSPEED
2015-12-04 08:47 - 2015-12-04 08:47 - 00015253 _____ C:\Users\Andres Beltran\Downloads\4550.tmp
2015-12-04 08:45 - 2015-12-04 08:45 - 00015253 _____ C:\Users\Andres Beltran\Downloads\50BF.tmp
2015-12-03 21:09 - 2015-12-03 21:09 - 00000000 ____D C:\Windows\system32\Archive
2015-12-03 18:19 - 2015-12-03 20:36 - 00048486 _____ C:\Users\Andres Beltran\Desktop\Addition.txt
2015-12-03 18:08 - 2015-12-10 08:26 - 00038919 _____ C:\Users\Andres Beltran\Desktop\FRST.txt
2015-12-03 18:07 - 2015-12-10 08:25 - 00000000 ____D C:\FRST
2015-12-01 22:08 - 2015-12-01 22:10 - 00293978 _____ C:\Windows\ntbtlog.txt
2015-12-01 21:19 - 2015-12-01 21:19 - 00000000 ____D C:\ProgramData\Reimage Protector
2015-12-01 21:18 - 2015-12-01 21:19 - 00001863 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-12-01 21:18 - 2015-12-01 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-12-01 21:18 - 2015-12-01 21:18 - 00000000 ____D C:\Program Files\Reimage
2015-12-01 21:17 - 2015-12-01 21:18 - 02350080 _____ (Farbar) C:\Users\Andres Beltran\Desktop\FRST64.exe
2015-12-01 21:17 - 2015-12-01 21:18 - 00000000 ____D C:\rei
2015-12-01 21:14 - 2015-12-03 21:01 - 00000120 _____ C:\Windows\Reimage.ini
2015-12-01 21:13 - 2015-12-01 21:13 - 00772016 _____ (Reimage®) C:\Users\Andres Beltran\Desktop\ReimageRepair.exe
2015-11-16 11:50 - 2015-12-01 17:27 - 00000000 ____D C:\Users\Andres Beltran\Downloads\Adobe Acrobat XI Pro 11.0.7 Multilanguage [ChingLiu]
2015-11-16 11:46 - 2015-12-01 17:27 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-11-13 15:22 - 2015-11-13 15:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-13 14:12 - 2015-12-05 18:50 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-11-13 14:12 - 2015-11-13 14:12 - 00004042 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-11-13 14:12 - 2015-11-13 14:12 - 00003232 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-11-13 14:11 - 2015-12-01 17:17 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-11-13 14:11 - 2015-11-13 14:11 - 00000000 ____D C:\Program Files\Dell Support Center
2015-11-13 11:49 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-13 11:21 - 2015-11-13 11:21 - 00000000 ____D C:\Users\Andres Beltran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-11 11:07 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 11:07 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 11:07 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 11:07 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 11:07 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 11:07 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 11:07 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 11:07 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 11:07 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 11:07 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 11:07 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 11:07 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 11:07 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 11:07 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 11:07 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 11:07 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 11:06 - 2015-11-03 17:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 11:06 - 2015-11-03 16:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 11:06 - 2015-10-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 11:06 - 2015-10-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 11:06 - 2015-10-30 18:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 11:06 - 2015-10-30 18:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 11:06 - 2015-10-30 18:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 11:06 - 2015-10-30 18:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 11:06 - 2015-10-30 17:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 11:06 - 2015-10-30 17:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 11:06 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 11:06 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 11:06 - 2015-10-30 17:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 11:06 - 2015-10-30 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 11:06 - 2015-10-30 17:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 11:06 - 2015-10-30 17:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 11:06 - 2015-10-30 17:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 11:06 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 11:06 - 2015-10-30 17:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 11:06 - 2015-10-30 17:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 11:06 - 2015-10-30 17:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 11:06 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 11:06 - 2015-10-30 17:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 11:06 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 11:06 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 11:06 - 2015-10-30 17:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 11:06 - 2015-10-30 17:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 11:06 - 2015-10-30 17:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 11:06 - 2015-10-30 17:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 11:06 - 2015-10-30 17:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 11:06 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 11:06 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 11:06 - 2015-10-30 17:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 11:06 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 11:06 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 11:06 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 11:05 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 11:05 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 11:05 - 2015-10-30 18:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 11:05 - 2015-10-30 18:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 11:05 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 11:05 - 2015-10-30 18:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 11:05 - 2015-10-30 18:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 11:05 - 2015-10-30 18:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 11:05 - 2015-10-30 18:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 11:05 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 11:05 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 11:05 - 2015-10-30 18:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 11:05 - 2015-10-30 18:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 11:05 - 2015-10-30 17:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 11:05 - 2015-10-30 17:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 11:05 - 2015-10-30 17:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 11:05 - 2015-10-30 17:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 11:05 - 2015-10-30 17:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 11:05 - 2015-10-30 17:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 11:05 - 2015-10-30 17:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 11:05 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 11:05 - 2015-10-30 17:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 11:05 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 11:05 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 11:05 - 2015-10-30 17:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 11:05 - 2015-10-30 17:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 11:05 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 11:05 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 11:05 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 11:05 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 11:05 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 11:05 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 11:05 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 11:05 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 11:05 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 11:05 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 11:05 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 11:05 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 11:05 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 11:05 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 11:05 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 11:05 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 11:05 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 11:05 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 11:05 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 11:05 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 11:05 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 11:05 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 11:05 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 11:05 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 11:05 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 11:05 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 11:05 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 11:05 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 11:05 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 11:05 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 11:05 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 11:05 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 11:05 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 11:05 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 11:05 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 11:05 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 11:05 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 11:05 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 11:05 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 11:05 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 11:05 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 11:05 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 11:05 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 11:05 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 11:05 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 11:05 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 11:05 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 11:05 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 11:05 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 11:04 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 11:04 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 11:04 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 11:04 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 11:04 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 11:04 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 11:04 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 11:04 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 11:04 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 11:04 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 11:04 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 11:04 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 11:04 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-10 08:20 - 2011-08-24 18:28 - 00000000 ____D C:\Users\Andres Beltran\AppData\Roaming\Skype
2015-12-10 08:17 - 2015-09-01 15:36 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000Core.job
2015-12-10 08:13 - 2015-06-25 11:38 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000Core.job
2015-12-10 08:05 - 2009-07-14 00:13 - 00006506 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-10 08:04 - 2015-06-25 11:38 - 00000954 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000UA.job
2015-12-10 08:04 - 2011-08-24 18:28 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000UA.job
2015-12-09 06:10 - 2009-07-13 23:45 - 00026448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-09 06:10 - 2009-07-13 23:45 - 00026448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-09 05:53 - 2015-07-03 12:44 - 00000000 ___RD C:\Users\Andres Beltran\Dropbox
2015-12-09 05:53 - 2012-01-11 14:38 - 00000000 ____D C:\Users\Andres Beltran\AppData\Roaming\Dropbox
2015-12-09 05:46 - 2011-08-03 18:01 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-12-09 05:45 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-06 20:23 - 2011-12-07 22:46 - 00000000 ____D C:\Users\Andres Beltran\AppData\Roaming\BitTorrent
2015-12-04 08:33 - 2015-09-01 15:38 - 00003536 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000Core
2015-12-04 08:33 - 2011-08-24 18:28 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000UA
2015-12-03 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-03 19:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-01 22:24 - 2011-08-24 18:28 - 00000000 ____D C:\Users\Andres Beltran\AppData\Local\Google
2015-12-01 22:21 - 2011-08-03 18:03 - 00000000 ____D C:\ProgramData\Skype
2015-12-01 17:36 - 2011-08-24 15:40 - 00129072 _____ C:\Users\Andres Beltran\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-01 17:30 - 2011-08-24 15:40 - 00000000 ____D C:\Users\Andres Beltran
2015-12-01 17:28 - 2015-04-23 13:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-12-01 17:28 - 2015-04-07 12:26 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-01 17:28 - 2015-04-07 12:26 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-01 17:28 - 2014-05-25 03:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-12-01 17:28 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-01 17:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-01 17:27 - 2014-08-12 19:59 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-01 17:27 - 2014-08-06 00:20 - 00000000 ____D C:\Users\Andres Beltran\AppData\Local\AskPartnerNetwork
2015-12-01 17:27 - 2014-08-06 00:20 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2015-12-01 17:27 - 2014-07-30 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 17:27 - 2011-09-25 14:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-01 17:27 - 2011-08-24 15:47 - 00000000 ____D C:\Users\Andres Beltran\AppData\Roaming\Creative
2015-12-01 17:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-01 17:27 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-01 17:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-12-01 17:17 - 2011-08-03 18:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-01 17:17 - 2011-08-03 18:00 - 00000000 ____D C:\ProgramData\Adobe
2015-12-01 17:15 - 2011-08-03 18:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-16 11:58 - 2012-12-04 04:54 - 02216448 ___SH C:\Users\Andres Beltran\Downloads\Thumbs.db
2015-11-16 10:41 - 2015-09-01 17:04 - 00001136 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-11-16 10:34 - 2009-07-13 23:45 - 00470704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-13 17:39 - 2013-09-17 16:16 - 00000000 ____D C:\Windows\system32\MRT
2015-11-13 17:05 - 2009-07-13 21:34 - 00000510 _____ C:\Windows\win.ini
2015-11-13 15:27 - 2015-11-09 12:49 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-11-13 15:27 - 2015-11-09 12:49 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-11-13 15:27 - 2015-11-09 12:49 - 00002051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-11-13 14:11 - 2011-08-03 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-11-11 10:41 - 2015-11-09 11:54 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-11-11 10:40 - 2011-08-24 18:22 - 00000000 ____D C:\Users\Andres Beltran\AppData\Roaming\Adobe
 
==================== Files in the root of some directories =======
 
2011-08-30 23:03 - 2011-08-30 23:08 - 0005120 _____ () C:\Users\Andres Beltran\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-17 12:33 - 2011-12-17 12:33 - 0000017 _____ () C:\Users\Andres Beltran\AppData\Local\resmon.resmoncfg
2011-12-11 17:22 - 2011-12-11 17:22 - 0000000 _____ () C:\Users\Andres Beltran\AppData\Local\rx_image32.Cache
2014-06-02 15:34 - 2014-06-02 15:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-08-24 18:31 - 2011-08-24 18:31 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-02-28 23:24 - 2012-02-28 23:25 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Andres Beltran\gotomypc_438.exe
 
 
Some files in TEMP:
====================
C:\Users\Andres Beltran\AppData\Local\Temp\APNSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\AskSLib.dll
C:\Users\Andres Beltran\AppData\Local\Temp\avgnt.exe
C:\Users\Andres Beltran\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\Delta.exe
C:\Users\Andres Beltran\AppData\Local\Temp\DeltaTB.exe
C:\Users\Andres Beltran\AppData\Local\Temp\DivXSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\Andres Beltran\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnxlio5.dll
C:\Users\Andres Beltran\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Andres Beltran\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Andres Beltran\AppData\Local\Temp\GUR83FD.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Andres Beltran\AppData\Local\Temp\MSN98FF.exe
C:\Users\Andres Beltran\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Andres Beltran\AppData\Local\Temp\PicasaUpdater_28c9.exe
C:\Users\Andres Beltran\AppData\Local\Temp\PicasaUpdater_4ca2.exe
C:\Users\Andres Beltran\AppData\Local\Temp\PicasaUpdater_58c3.exe
C:\Users\Andres Beltran\AppData\Local\Temp\PicasaUpdater_b20.exe
C:\Users\Andres Beltran\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Andres Beltran\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Andres Beltran\AppData\Local\Temp\sqlite3.exe
C:\Users\Andres Beltran\AppData\Local\Temp\tmp7011.tmp.exe
C:\Users\Andres Beltran\AppData\Local\Temp\uttD3A6.tmp.exe
C:\Users\Andres Beltran\AppData\Local\Temp\WSSetup.exe
C:\Users\Andres Beltran\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-03 19:20
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Andres Beltran (2015-12-10 08:27:55)
Running from C:\Users\Andres Beltran\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-08-24 20:40:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1188693244-803552386-2746217484-500 - Administrator - Disabled)
Andres Beltran (S-1-5-21-1188693244-803552386-2746217484-1000 - Administrator - Enabled) => C:\Users\Andres Beltran
Guest (S-1-5-21-1188693244-803552386-2746217484-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1188693244-803552386-2746217484-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
BitTorrent (HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11200.0 - Cisco Consumer Products LLC)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.13.40 - Conexant)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.55 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.55 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.1 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.19 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.5 - DivX, LLC)
Dropbox (HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
eMule (HKLM-x32\...\eMule) (Version:  - )
Google Chrome (HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Talk (remove only) (HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{EB94EF62-E46A-495E-AF31-69D1CB3B46EA}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
IHMC CmapTools v5.05.01 (HKLM-x32\...\IHMC CmapTools v5.05.01) (Version: 5.0.5.1 - Institute for Human & Machine Cognition)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Linkey (HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Linkey) (Version: 0.0.0.333 - Aztec Media Inc) <==== ATTENTION
magicJack (HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\MusicManager) (Version:  - Google, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.3 - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.5.11 - Intuit)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.2.6 - Reimage) <==== ATTENTION
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C2500}) (Version: 12.37.0.349 - APN, LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.)
Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.4.10 - )
Spotify (HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.4.2 - Helios)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad 5\System\shellext64.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Restore Points =========================
 
13-11-2015 16:58:53 Windows Update
16-11-2015 11:53:47 Removed Adobe Acrobat XI Pro.
16-11-2015 15:11:54 Removed Adobe Acrobat XI Pro.
17-11-2015 11:13:18 Restore Operation
03-12-2015 19:27:19 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0751F59B-713F-4712-8330-22EB02AFFCEF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {14FAA5CD-1035-4B83-A7F3-627DA71B0871} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {4ABE4FD7-C7E6-4492-9385-7E798D3B0978} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {4E7741BA-0C82-4F5F-BC44-7F430068F14D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000Core => C:\Users\Andres Beltran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {5552D347-0069-4D34-8739-2A0A6BB7F42A} - System32\Tasks\{ACB390FE-A3E6-4C22-9DA1-58EBC7397763} => pcalua.exe -a "C:\Users\Andres Beltran\Downloads\eMule0.50a-Installer (1).exe" -d "C:\Users\Andres Beltran\Downloads"
Task: {99437F1C-798C-438B-B7B2-E9F1A4052F23} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {B7716D9F-90FB-4901-A309-54E4D0FD106D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {BADD5298-CE56-4EAE-A079-A92D55E4D437} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000Core => C:\Users\Andres Beltran\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {F05618A7-B501-48ED-9DFF-15408BC004FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000UA => C:\Users\Andres Beltran\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {FB6AB9C6-15E6-4AEE-9021-DA7F8EDEACE7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000UA => C:\Users\Andres Beltran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000Core.job => C:\Users\Andres Beltran\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000UA.job => C:\Users\Andres Beltran\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000Core.job => C:\Users\Andres Beltran\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188693244-803552386-2746217484-1000UA.job => C:\Users\Andres Beltran\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-03 18:02 - 2011-05-16 10:33 - 02748736 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-08-03 19:09 - 2011-04-15 13:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-03 17:47 - 2010-12-17 10:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-04-29 18:18 - 2011-04-29 18:18 - 00885760 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2011-07-28 18:08 - 2011-07-28 18:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-29 15:04 - 2015-05-29 15:04 - 00117248 _____ () C:\Users\Andres Beltran\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-05-29 15:04 - 2015-05-29 15:04 - 00234496 _____ () C:\Users\Andres Beltran\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-05-29 15:04 - 2015-05-29 15:04 - 00253440 _____ () C:\Users\Andres Beltran\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-05-29 15:04 - 2015-05-29 15:04 - 00344064 _____ () C:\Users\Andres Beltran\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-11-14 03:30 - 2015-11-14 03:30 - 00147136 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-12-09 05:50 - 2015-12-09 05:50 - 00071168 _____ () c:\Users\Andres Beltran\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnxlio5.dll
2015-11-13 11:21 - 2015-09-02 19:11 - 00012800 _____ () C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-11-13 11:21 - 2015-09-02 19:11 - 00779776 _____ () C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-13 11:21 - 2015-09-02 19:11 - 00056320 _____ () C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-13 11:21 - 2015-09-02 19:11 - 00012288 _____ () C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2011-07-28 18:09 - 2011-07-28 18:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-12-01 19:21 - 2015-11-24 03:00 - 01583432 _____ () C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-01 19:21 - 2015-11-24 03:00 - 00081224 _____ () C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\47.0.2526.73\libegl.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-12-01 19:21 - 2015-11-24 03:00 - 16496456 _____ () C:\Users\Andres Beltran\AppData\Local\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\intuit.com -> hxxps://ttlc.intuit.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andres Beltran\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{349C0326-40BC-4CF8-88CB-89B7F118D1B0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{A45C8524-6DC3-4AC0-A332-84C603F4485B}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{812C498D-98DA-4B50-A1F4-D1A05D8A3863}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{43DFF538-933B-4B0E-9FDF-4E88EEC3AF27}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{0C11D7DF-09FF-482E-AEBB-970560CB3648}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{887FA26B-F186-497F-83B3-C95C17670CE6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{BDE83A0A-3DEB-4D53-8B2F-2C5DC501919F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D495A184-BEDD-4DE0-A5C5-FC2B8AE88B35}] => (Allow) LPort=2869
FirewallRules: [{B6F99CEF-8ACD-4DE5-A348-FCA512FF8C5D}] => (Allow) LPort=1900
FirewallRules: [{CCA5D5FE-99B6-4E36-9040-2FB42E02CC95}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9F66F401-3DF8-4A59-B623-3A4A2F7717F7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{706940BE-2469-48D6-BCD7-930D8E14059C}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{CC4BD842-CDDE-4D43-A1B9-3A7BF8F99530}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{F55E9A38-14FE-4B5A-A155-7270DCE56A95}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{CEFBD240-05AA-4A6D-BB23-42F546885924}C:\users\andres beltran\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andres beltran\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D44B9AF6-F97D-4638-9961-E5A1F4A35658}C:\users\andres beltran\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andres beltran\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{1E593587-8D12-471C-A534-EEF5B12CB580}C:\users\andres beltran\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\andres beltran\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{4240D722-828E-4F62-84CF-265319D57B80}C:\users\andres beltran\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\andres beltran\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{F75F5A76-269E-4CE5-A92A-1C2BD8BBFA03}] => (Allow) C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C26E2120-2B6B-4583-9109-773691D79206}] => (Allow) C:\Users\Andres Beltran\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{18751E09-22EB-4984-B22F-B2D33FA445D6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{97E991CB-D47F-466D-823E-B026CFA17579}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1F139D1C-4319-4571-BEC6-DEF56627FA99}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{414AFEC1-0C65-4B7C-96CF-F1C71CF17EDC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B1CF5A1-871A-4BFA-8FA6-B4A98A03C06C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{49D94432-1EAB-4B5A-B316-CF56B09A5553}C:\users\andres beltran\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\andres beltran\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{19939E93-322F-4765-AB4B-64BFC91523A5}C:\users\andres beltran\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\andres beltran\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{C20BDA91-C29E-4955-8680-31B02BED9B7D}C:\users\andres beltran\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andres beltran\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F1057400-6FCF-4503-87BE-B6C6D0A5B87F}C:\users\andres beltran\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andres beltran\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7F367E8E-90CF-4205-80BA-45416983480C}C:\users\andres beltran\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\andres beltran\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{E91BD8C1-7F83-4F91-A7F1-A350B47A23FA}C:\users\andres beltran\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\andres beltran\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{24161E61-AA77-4AB3-9EF3-5E95E1376F5C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{A707417D-9404-46C2-A9C7-D1542CAE2CFE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1D98232E-2B70-41CF-AD26-4D7355E25160}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F3C3B9A7-7BE0-49C5-8249-E144717DAD12}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D1B9E3D0-E7AD-45C9-A5D3-9937E61533C6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{21FB5A99-4EB6-49A0-A031-FF12E23D058B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{244DC07D-5595-43B0-A914-629E96A53003}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{BD3F646D-E95E-434A-985C-CF1582BFCFA2}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{01A68B57-E2EC-4FF0-B958-09E758B784F2}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{92D8E261-1209-49C6-9D57-780CD546E45E}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [TCP Query User{0BD2616A-EDBC-490B-9670-0CEFE5F60E3B}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{FB1DF0BA-3C57-44E4-9509-9CB8FF4F2A63}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{47EB012B-1A2B-46E8-8641-9FF6D04F8601}] => (Allow) C:\Users\Andres Beltran\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{0FB8D679-CA63-457E-A785-8D9C3411EE9F}] => (Allow) C:\Users\Andres Beltran\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{09393D35-D29E-4BB7-AE40-7A7193832945}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{E5EB8F38-2373-4BA9-9CFC-DACD82946277}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{73267AF4-AC7F-4EB8-931C-F5A707596D2C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{D40EFB00-C4D5-47FE-9C76-ED759E553B4A}C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [UDP Query User{F4CC887D-C442-4357-AD64-A0CEA38397EC}C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [TCP Query User{1B7F2F99-3096-4C03-A5DF-C37D61E1E0CB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{773F0235-4896-4E57-A9E8-A8B2D795141F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{265B0E30-ABB5-4400-B03D-EA5F2A582781}] => (Allow) C:\Program Files (x86)\SkypeWebPlugin\SkypeWebPlugin.exe
FirewallRules: [{1C038952-0E13-4D42-98C7-F8C9F5F37B85}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{ABC41C6C-F622-421F-B8EA-3A9C24F9A627}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BC1C3475-E061-4B58-85E7-5C559554BB58}] => (Allow) C:\Users\Andres Beltran\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3789AE45-2A77-48BC-932B-69C93BF13401}] => (Allow) C:\Users\Andres Beltran\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{048F6248-2751-4D2E-B452-FD1DCD68AD07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C91E9C6-FBA7-4253-898E-F2868255840F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{855B8111-31D1-4193-8D73-F136277C4C1E}C:\users\andres beltran\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\andres beltran\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{39334DEC-94B7-4163-91E0-20D278F8E0E6}C:\users\andres beltran\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\andres beltran\appdata\local\google\chrome\application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/10/2015 08:05:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (12/10/2015 08:05:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (12/10/2015 08:02:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 84827057
 
Error: (12/10/2015 08:02:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 84827057
 
Error: (12/10/2015 08:02:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/10/2015 08:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 84817072
 
Error: (12/10/2015 08:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 84817072
 
Error: (12/10/2015 08:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/09/2015 10:32:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7398394
 
Error: (12/09/2015 10:32:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7398394
 
 
System errors:
=============
Error: (12/09/2015 08:32:21 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (12/09/2015 08:29:22 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.
 
Error: (12/09/2015 08:28:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DiagTrack service.
 
Error: (12/09/2015 06:20:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/09/2015 06:20:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/09/2015 06:19:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/09/2015 06:19:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/09/2015 06:12:29 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/09/2015 06:12:29 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/09/2015 05:53:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 54%
Total physical RAM: 3982.99 MB
Available physical RAM: 1817.76 MB
Total Virtual: 7964.18 MB
Available Virtual: 4046.61 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:178.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:21 PM

Posted 10 December 2015 - 11:23 PM

Hi Andres,

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Linkey
Reimage Repair
Search App by Ask

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Run: [RSA3091558760] => C:\Windows\system32\rundll32.exe ",DllInitialize
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = 
SearchScopes: HKU\S-1-5-21-1188693244-803552386-2746217484-1000 -> {42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = 
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\.DEFAULT -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
CHR Plugin: (Skype Toolbars) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Andres Beltran\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Java Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Google Update) - C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
2015-12-04 08:47 - 2015-12-04 08:47 - 00015253 _____ C:\Users\Andres Beltran\Downloads\4550.tmp
2015-12-04 08:45 - 2015-12-04 08:45 - 00015253 _____ C:\Users\Andres Beltran\Downloads\50BF.tmp
2015-11-16 11:46 - 2015-12-01 17:27 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\Users\Andres Beltran\gotomypc_438.exe
C:\Users\Andres Beltran\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs uninstall?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 candresbeltran

candresbeltran
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 11 December 2015 - 11:59 AM

Hi Gary, 

 

I have tried to run the appwiz.cpl but it seems that .cpl files cannot be run in the system (possible issues with the registry?). It asks me to run the program either from the Web or using a known program.

 

What should I do?

 

Thanks,

Andres



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:21 PM

Posted 11 December 2015 - 12:03 PM

Click Start, Control Panel, then Programs and Features (or it may be Programs - Uninstall a program).
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 candresbeltran

candresbeltran
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 11 December 2015 - 03:23 PM

Hi Gary,

 

I have followed the steps provided, however I was not able to run the Junkware program; it told me that the file get.bat was not able to be opened. 

 

I was able to uninstall the programs requested.

 

It seems that the performance of the computer is better. I do not see the multiple .exe processes running in the background.

 

Let me know if I need to do something else.

 

Please see below the results for the Fixlog and the AdwCleaner log:

 

Thanks!

 

Andres

 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Andres Beltran (2015-12-11 11:44:42) Run:1
Running from C:\Users\Andres Beltran\Desktop
Loaded Profiles: Andres Beltran (Available Profiles: Andres Beltran)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\...\Run: [RSA3091558760] => C:\Windows\system32\rundll32.exe ",DllInitialize
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT ->
{42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = 
SearchScopes: HKU\S-1-5-21-1188693244-803552386-2746217484-1000 -> {42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = 
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\.DEFAULT -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
CHR Plugin: (Skype Toolbars) - C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Andres Beltran\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Java Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Google Update) - C:\Users\Andres
Beltran\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
2015-12-04 08:47 - 2015-12-04 08:47 - 00015253 _____ C:\Users\Andres Beltran\Downloads\4550.tmp
2015-12-04 08:45 - 2015-12-04 08:45 - 00015253 _____ C:\Users\Andres Beltran\Downloads\50BF.tmp
2015-11-16 11:46 - 2015-12-01 17:27 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\Users\Andres Beltran\gotomypc_438.exe
C:\Users\Andres Beltran\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Andres
Beltran\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No
File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1188693244-803552386-2746217484-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RSA3091558760 => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\SearchScopes: HKU\.DEFAULT ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\.DEFAULT -> => value not found.
{42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1188693244-803552386-2746217484-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42B76A82-AB58-423B-9FBA-D691F6BD2A10}" => key removed successfully
HKCR\CLSID\{42B76A82-AB58-423B-9FBA-D691F6BD2A10} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value removed successfully
HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => key not found. 
C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => not found.
C:\Users\Andres Beltran\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Windows\SysWOW64\npdeployJava1.dll => not found.
CHR Plugin: (Google Update) - C:\Users\Andres => not found.
Beltran\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File => Error: No automatic fix found for this entry.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
C:\Users\Andres Beltran\Downloads\4550.tmp => moved successfully
C:\Users\Andres Beltran\Downloads\50BF.tmp => moved successfully
 
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" folder move:
 
Could not move "C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" => Scheduled to move on reboot.
 
C:\Users\Andres Beltran\gotomypc_438.exe => moved successfully
 
"C:\Users\Andres Beltran\AppData\Local\Temp" folder move:
 
Could not move "C:\Users\Andres Beltran\AppData\Local\Temp" => Scheduled to move on reboot.
 
"HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
Beltran\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-1188693244-803552386-2746217484-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-11 11:54:33)
 
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Is moved successfully
C:\Users\Andres Beltran\AppData\Local\Temp => moved successfully
 
==== End of Fixlog 11:54:34 ====
 
 
# AdwCleaner v5.024 - Logfile created 11/12/2015 at 12:05:07
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Andres Beltran - ANDRES
# Running from : C:\Users\Andres Beltran\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\apn
[+] Folder Deleted : C:\ProgramData\BitGuard
[+] Folder Deleted : C:\ProgramData\Browser Manager
[+] Folder Deleted : C:\ProgramData\BrowserProtect
[-] Folder Deleted : C:\ProgramData\wincert
[-] Folder Deleted : C:\ProgramData\PC Cleaner Pro
[-] Folder Deleted : C:\Users\Andres Beltran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Cleaners
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_allin1convert.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_allin1convert.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cmaptools.en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cmaptools.en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Andres Beltran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linkey.lnk
[-] File Deleted : C:\Users\Andres Beltran\Desktop\PC Cleaner Pro.lnk
[-] File Deleted : C:\Windows\Reimage.ini
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : PC Cleaner Pro Update Job
[-] Task Deleted : PC Cleaner Pro Optimization
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
[-] Key Deleted : HKCU\Software\SmdmF
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\SystemK
[-] Key Deleted : HKCU\Software\Linkey
[-] Key Deleted : HKCU\Software\PCCleaners
[-] Key Deleted : HKLM\SOFTWARE\Freeze.com
[-] Key Deleted : HKLM\SOFTWARE\SmdmF
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Cleaners
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : askws
[-] [C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : default-search.net
[-] [C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.default-search.net?sid=476&aid=104&itype=a&ver=13277&tm=275&src=hmp
[-] [C:\Users\Andres Beltran\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaaiabcopkplhgaedhbloeejhhankf
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4950 bytes] ##########
 
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:21 PM

Posted 11 December 2015 - 04:03 PM

Thank you Andres.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKU\.DEFAULT ->{42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = 
CHR Plugin: (Google Update) - C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 candresbeltran

candresbeltran
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 12 December 2015 - 08:52 PM

Hi Gary,

 

I have run two out of three programs. The Security Check is not running because the computer does not recognize the extension .bat (SecurityCheck.bat).

 

What should I do?

 

Thanks.

 

Please see below the other two logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Andres Beltran (2015-12-11 16:20:18) Run:2
Running from C:\Users\Andres Beltran\Desktop
Loaded Profiles: Andres Beltran (Available Profiles: Andres Beltran)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SearchScopes: HKU\.DEFAULT ->{42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = 
CHR Plugin: (Google Update) - C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
emptytemp:
*****************
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\.DEFAULT ->{42B76A82-AB58-423B-9FBA-D691F6BD2A10} URL = => value not found.
C:\Users\Andres Beltran\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
EmptyTemp: => 4 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 16:31:55 ====
 
 
 
ESET Virus Scan:
 
C:\$RECYCLE.BIN\S-1-5-21-1188693244-803552386-2746217484-1000\$RV0EWF8\bar\Allin1ConvertCrxSetup.0E734F39-3685-4767-9710-28736EA53530.exe a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir Win32/Toolbar.SearchSuite.M potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir Win32/Toolbar.SearchSuite.M potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\umpo.dll a variant of Win64/Kryptik.ALG trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\SettingsManagerSetup.exe a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\tmp7011.tmp.exe Win32/Rovnix.AJ trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsa2A9B.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsa2A9B.tmp\soffer.dll Win32/Soffer.A potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsc45D1.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsc45D1.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsi7969.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsi7969.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsnAF84.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsnAF84.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nso798A.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nso798A.tmp\Starter.exe Win32/Toolbar.SearchSuite.T potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsp765.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsp765.tmp\Starter.exe Win32/Toolbar.SearchSuite.M potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsp765.tmp\~nsfE6DF.tmp Win32/Toolbar.SearchSuite.M potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsp765.tmp\nsa1168.tmp\mediabar.exe a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsp765.tmp\nsa1168.tmp\SettingsManagerMediaBar.exe a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsrC075.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsrC075.tmp\Starter.exe Win32/Toolbar.SearchSuite.T potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsw1D99.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Andres Beltran\AppData\Local\Temp\nsw1D99.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application cleaned by deleting - quarantined
C:\Users\Andres Beltran\Desktop\Sandra Cancino\Mc donalds\Copia McD\driver\installer_driver_samsung_ml-2010_laser_1_54_11_English.exe Win32/Toggle potentially unwanted application deleted - quarantined
 

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:21 PM

Posted 12 December 2015 - 09:19 PM

When you downloaded Security Check was it an .exe file extension?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 candresbeltran

candresbeltran
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 13 December 2015 - 01:26 PM

Yes, it was an .exe extension that after it got launched, it tried to open a .bat file.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:21 PM

Posted 13 December 2015 - 02:10 PM

OK thanks. Please do this.

===================================================

Resetting File Associations in Windows 7

--------------------
  • Click on bat_file_association_fix_win7.zip and save it to your desktop
  • Unzip the file to your desktop
  • Right click on the bat_file_association_fix_win7.reg file and select Merge
  • When asked Are sure you want to continue?, select Yes
  • You should receive a notification the file was successfully merged
  • Reboot your computer
  • Attempt to run the Security Check program
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 candresbeltran

candresbeltran
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 13 December 2015 - 02:56 PM

Hi Gary,

 

Please see below the results for the Security Check scan.

 

It seems that the computer is working better, however I think I still have some issues with the registry that need to be sorted such as opening .cpl extensions.

 

Any thoughts on that?

 

Andres.

 

 

 

Results of screen317's Security Check version 1.013 --- 11/28/15  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Mozilla Firefox 38.0.5 Firefox out of Date!  
 Google Chrome (47.0.2526.73) 
 Google Chrome (47.0.2526.80) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5% 
````````````````````End of Log`````````````````````` 
 


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:21 PM

Posted 13 December 2015 - 03:30 PM

Besides .cpl what other file associations are not working?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,630 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:21 PM

Posted 13 December 2015 - 05:08 PM

Thanks,

I am going to provide you a link to all Windows 7 file extension repairs. You can fix .cpl then if you come across others you will have the fix for those also.

Restore Default Windows 7 File Extension Type Associations

Please do this.

===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.
  • Please visit Adobe Reader
  • Uncheck the McAfee optional offer
  • Click Install now
  • Save the file to your desktop
  • Double click the installation icon
  • Select Run
  • When completed click Finish
  • Press the Windows key + R at the same time
  • Type appwiz.cpl, press Enter, and allow the Programs list to populate
  • Uninstall every Adobe Reader program except the one just downloaded and installed
===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the extension repair work?
  • Did the programs update properly?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users