Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

In need of a fixlist.txt file for Farbar recovery scan tool


  • This topic is locked This topic is locked
5 replies to this topic

#1 bwaggoner

bwaggoner

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 22 January 2016 - 09:04 PM

First post on here after using this site's downloads for quite a while!  Helping clean a friend's laptop and have already run my usual batch of programs from this site's download section but am still having quirks with this system.  I have always wanted to use the Farbar tool but need help with a custom fixlist.  I will paste as well as attach my results...

 

Here is my FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by Jeff Collins (administrator) on JEFFCOLLINS-PC (22-01-2016 20:08:35)
Running from C:\Users\Jeff Collins\Desktop
Loaded Profiles: Jeff Collins (Available Profiles: Jeff Collins)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-12] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12720880 2016-01-20] (Zemana Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [GeneralMotorsTIS2WebTLC] => C:\Program Files (x86)\General Motors\TIS2Web\TLC\tlcn32.exe [523072 2014-10-23] (General Motors)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4125507415-772478176-2026208290-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4125507415-772478176-2026208290-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-22] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\J2534 Config App (MDI).lnk [2015-12-01]
ShortcutTarget: J2534 Config App (MDI).lnk -> C:\Program Files (x86)\GM MDI Software\J2534 Configuration\J2534ConfigApp.exe (Vetronix Corp)
Startup: C:\Users\Jeff Collins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series.lnk [2016-01-22]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series.lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{38F56B5C-616F-46BC-944D-8A1CE1A86FAE}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A7D96B94-638D-4C45-9690-ABE89D991C1B}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4125507415-772478176-2026208290-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4125507415-772478176-2026208290-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4125507415-772478176-2026208290-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-4125507415-772478176-2026208290-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-17] (Google Inc.)
BHO-x32: CGMFragment Class -> {0695F52A-89A2-4246-81B5-AFAD2D3B865F} -> C:\Program Files (x86)\Ematek\MetaWeb\MetaBHO.dll [2007-01-20] ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-17] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-17] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-4125507415-772478176-2026208290-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-17] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-11-10] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-11-10] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-01-22] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Jeff Collins\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jeff Collins\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-12]
CHR Extension: (Google Drive) - C:\Users\Jeff Collins\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-11]
CHR Extension: (YouTube) - C:\Users\Jeff Collins\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-12]
CHR Extension: (Google Search) - C:\Users\Jeff Collins\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-12]
CHR Extension: (SiteAdvisor) - C:\Users\Jeff Collins\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-08-11]
CHR Extension: (Bookmark Manager) - C:\Users\Jeff Collins\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-08-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jeff Collins\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff Collins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]
CHR Extension: (Gmail) - C:\Users\Jeff Collins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
S2 GMMDIIdentificationService; C:\Program Files (x86)\GM MDI Software\GM MDI Identification Service\GM_MDI_Ident.exe [2017792 2015-09-18] (Vetronix Corp.) [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-11-10] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe [1694152 2015-10-27] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-10] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12720880 2016-01-20] (Zemana Ltd.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 evserial7; C:\Windows\System32\DRIVERS\evserial7.sys [70752 2013-10-15] (ELTIMA Software)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-12] (Synaptics Incorporated)
S3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 VSBC7; C:\Windows\System32\DRIVERS\evsbc7.sys [34232 2013-10-15] (ELTIMA Software)
S3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S1 ZAM; C:\Windows\System32\drivers\zam64.sys [202144 2016-01-22] (Zemana Ltd.)
S1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [202144 2016-01-22] (Zemana Ltd.)
S3 catchme; \??\C:\combofix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-22 20:08 - 2016-01-22 20:08 - 00019825 _____ C:\Users\Jeff Collins\Desktop\FRST.txt
2016-01-22 20:08 - 2016-01-22 20:08 - 00000000 ____D C:\FRST
2016-01-22 19:59 - 2016-01-22 19:59 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-01-22 19:59 - 2016-01-22 19:59 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-22 19:54 - 2016-01-22 20:05 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-22 19:52 - 2016-01-22 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-01-22 19:47 - 2016-01-22 19:50 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-22 19:47 - 2016-01-22 19:47 - 00001810 _____ C:\Users\Jeff Collins\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-22 19:47 - 2016-01-22 19:47 - 00000000 ____D C:\Users\Jeff Collins\AppData\Roaming\SUPERAntiSpyware.com
2016-01-22 19:47 - 2016-01-22 19:47 - 00000000 ____D C:\Users\Jeff Collins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-22 19:47 - 2016-01-22 19:47 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-22 19:06 - 2016-01-22 19:06 - 00000000 ____D C:\Windows\system32\Archive
2016-01-22 18:48 - 2016-01-22 18:48 - 02001540 _____ C:\Users\Jeff Collins\Desktop\pc-decrapifier-3.0.0.exe
2016-01-22 18:08 - 2016-01-22 18:08 - 00000745 _____ C:\Users\Jeff Collins\Desktop\Start Emsisoft Emergency Kit.lnk
2016-01-22 18:07 - 2016-01-22 19:09 - 00000000 ____D C:\EEK
2016-01-22 17:51 - 2016-01-22 17:52 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-22 17:50 - 2016-01-22 17:50 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-22 17:50 - 2016-01-22 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-22 17:50 - 2016-01-22 17:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-22 17:50 - 2016-01-22 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-22 17:50 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-22 17:50 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-22 17:50 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-22 17:15 - 2016-01-22 17:15 - 00000000 ____D C:\Users\Jeff Collins\AppData\Local\CrashDumps
2016-01-22 17:12 - 2016-01-22 17:12 - 05198336 _____ (AVAST Software) C:\Users\Jeff Collins\Desktop\aswMBR.exe
2016-01-22 17:09 - 2016-01-22 17:09 - 00695448 _____ (Sysinternals - www.sysinternals.com) C:\Users\Jeff Collins\Desktop\autoruns.exe
2016-01-22 17:07 - 2016-01-22 17:08 - 21771608 _____ (Tweaking.com) C:\Users\Jeff Collins\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-01-22 17:06 - 2016-01-22 17:06 - 02370560 _____ (Farbar) C:\Users\Jeff Collins\Desktop\FRST64.exe
2016-01-22 16:56 - 2016-01-22 19:44 - 00000620 _____ C:\Windows\ZAM.krnl.trace
2016-01-22 16:56 - 2016-01-22 19:44 - 00000119 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-01-22 16:56 - 2016-01-22 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-01-22 16:55 - 2016-01-22 16:56 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-01-22 16:55 - 2016-01-22 16:56 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-01-22 16:55 - 2016-01-22 16:56 - 00001078 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-01-22 16:55 - 2016-01-22 16:56 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-01-22 16:55 - 2016-01-22 16:55 - 00000000 ____D C:\Users\Jeff Collins\AppData\Local\Zemana
2016-01-22 16:32 - 2016-01-22 16:34 - 00000000 ____D C:\AdwCleaner
2016-01-22 16:28 - 2015-09-14 18:05 - 00448512 _____ (OldTimer Tools) C:\Users\Jeff Collins\Desktop\TFC.exe
2016-01-22 16:27 - 2016-01-22 19:58 - 11323704 _____ (SurfRight B.V.) C:\Users\Jeff Collins\Desktop\HitmanPro_x64.exe
2016-01-22 16:27 - 2015-08-10 09:29 - 22872488 _____ (SUPERAntiSpyware) C:\Users\Jeff Collins\Desktop\SUPERAntiSpyware.exe
2016-01-22 16:24 - 2016-01-22 16:24 - 00000000 ____D C:\Windows\pss
2016-01-22 15:38 - 2016-01-22 15:38 - 00000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-01-22 15:38 - 2016-01-22 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-01-22 15:38 - 2016-01-22 15:38 - 00000000 ____D C:\Program Files\RogueKiller
2016-01-22 15:31 - 2016-01-22 17:02 - 00000000 ____D C:\Users\Jeff Collins\AppData\Roaming\Google
2016-01-22 15:30 - 2016-01-22 15:30 - 00001752 _____ C:\Users\Jeff Collins\Desktop\JRT.txt
2016-01-22 15:25 - 2016-01-22 19:05 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-01-22 15:25 - 2016-01-22 15:25 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-01-22 15:10 - 2015-09-23 09:43 - 00415976 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaack.sys
2016-01-22 15:07 - 2016-01-22 15:07 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-01-22 15:07 - 2016-01-22 15:07 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-01-22 13:23 - 2016-01-22 13:23 - 00000000 ____D C:\NBRT
2016-01-22 12:58 - 2016-01-22 15:39 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-22 12:58 - 2016-01-22 13:16 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-22 12:53 - 2016-01-22 12:55 - 00002442 _____ C:\Users\Jeff Collins\Desktop\Rkill.txt
2016-01-22 12:43 - 2016-01-22 12:46 - 00228392 _____ C:\TDSSKiller.3.1.0.9_22.01.2016_12.43.45_log.txt
2016-01-22 12:36 - 2016-01-22 12:36 - 00033978 _____ C:\ComboFix.txt
2016-01-22 11:59 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-22 11:59 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-22 11:59 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-22 11:59 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-22 11:59 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-22 11:59 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-22 11:59 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-22 11:59 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-22 11:58 - 2016-01-22 12:37 - 00000000 ____D C:\Qoobox
2016-01-22 11:57 - 2016-01-22 12:31 - 00000000 ____D C:\Windows\erdnt
2016-01-22 11:56 - 2016-01-22 11:57 - 00229282 _____ C:\TDSSKiller.3.1.0.6_22.01.2016_11.56.09_log.txt
2016-01-22 09:40 - 2016-01-22 20:05 - 01538036 _____ C:\Windows\ntbtlog.txt
2016-01-22 09:33 - 2016-01-22 09:36 - 00000000 ____D C:\Users\Jeff Collins\Desktop\brent
2016-01-21 22:59 - 2016-01-21 22:59 - 00000000 ____D C:\Program Files (x86)\Ematek
2016-01-21 22:47 - 2016-01-21 22:47 - 06512640 _____ C:\Users\Jeff Collins\Downloads\metaweb (4).msi
2016-01-21 22:33 - 2016-01-21 22:34 - 06512640 _____ C:\Users\Jeff Collins\Downloads\metaweb (3).msi
2016-01-21 22:21 - 2016-01-21 22:21 - 06512640 _____ C:\Users\Jeff Collins\Downloads\metaweb (2).msi
2016-01-13 11:00 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 11:00 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 11:00 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 11:00 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 11:00 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 11:00 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 11:00 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 11:00 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 11:00 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 11:00 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 11:00 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 11:00 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 11:00 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 11:00 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 11:00 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 11:00 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 11:00 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 11:00 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 11:00 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 11:00 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 11:00 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 11:00 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 11:00 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 11:00 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 11:00 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 11:00 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 11:00 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 11:00 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 11:00 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 11:00 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 11:00 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 11:00 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 11:00 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 11:00 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 11:00 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 11:00 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 11:00 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 11:00 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 11:00 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 11:00 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 11:00 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 11:00 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 11:00 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 11:00 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 11:00 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 11:00 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 11:00 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 11:00 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 11:00 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 11:00 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 11:00 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 11:00 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 11:00 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 11:00 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 11:00 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 11:00 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 11:00 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 11:00 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 11:00 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 11:00 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 11:00 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 11:00 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-13 11:00 - 2015-12-15 17:28 - 17892352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 11:00 - 2015-12-15 17:25 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 11:00 - 2015-12-15 17:21 - 10938368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 11:00 - 2015-12-15 17:20 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 11:00 - 2015-12-15 17:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 11:00 - 2015-12-15 17:19 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 11:00 - 2015-12-15 17:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 11:00 - 2015-12-15 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 11:00 - 2015-12-15 17:18 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 11:00 - 2015-12-15 17:18 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 11:00 - 2015-12-15 17:18 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 11:00 - 2015-12-15 17:18 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 11:00 - 2015-12-15 17:18 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 11:00 - 2015-12-15 17:18 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 11:00 - 2015-12-15 17:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 11:00 - 2015-12-15 17:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-01-13 11:00 - 2015-12-15 17:18 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 11:00 - 2015-12-15 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 11:00 - 2015-12-15 17:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 11:00 - 2015-12-15 17:18 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-01-13 11:00 - 2015-12-15 17:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-01-13 11:00 - 2015-12-15 17:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-01-13 11:00 - 2015-12-15 16:50 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 11:00 - 2015-12-15 16:49 - 12388864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 11:00 - 2015-12-15 16:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 11:00 - 2015-12-15 16:46 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 11:00 - 2015-12-15 16:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 11:00 - 2015-12-15 16:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 11:00 - 2015-12-15 16:44 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 11:00 - 2015-12-15 16:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 11:00 - 2015-12-15 16:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 11:00 - 2015-12-15 16:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 11:00 - 2015-12-15 16:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-01-13 11:00 - 2015-12-15 16:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 11:00 - 2015-12-15 16:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 11:00 - 2015-12-15 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 11:00 - 2015-12-15 16:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 11:00 - 2015-12-15 16:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 11:00 - 2015-12-15 16:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 11:00 - 2015-12-15 16:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 11:00 - 2015-12-15 16:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 11:00 - 2015-12-15 16:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-01-13 11:00 - 2015-12-15 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-01-13 11:00 - 2015-12-15 16:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-01-13 10:58 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 10:58 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 10:58 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 10:58 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 10:58 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 10:58 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 10:58 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 10:58 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 10:58 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 10:58 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 10:58 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 10:58 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 10:58 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 10:58 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 10:58 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 10:58 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 10:58 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 10:58 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 10:58 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 10:58 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 10:58 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 10:58 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 10:58 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 10:58 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 10:58 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 10:58 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 10:58 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 10:58 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 10:58 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 10:58 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 10:58 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 10:58 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 10:58 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 10:58 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 10:58 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 10:58 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 10:58 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 10:58 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 10:58 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 10:58 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 10:58 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 10:58 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 10:58 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 10:58 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 10:53 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 10:53 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 10:53 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 10:53 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 10:53 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 10:53 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 10:48 - 2015-12-11 13:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 10:48 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 10:48 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 10:45 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 10:45 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 10:45 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 10:45 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 10:45 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 10:45 - 2015-11-16 20:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 10:45 - 2015-11-16 20:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 10:45 - 2015-11-16 20:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 10:45 - 2015-11-16 20:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 10:45 - 2015-11-16 20:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 10:45 - 2015-11-16 20:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 10:45 - 2015-11-16 15:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 09:59 - 2016-01-13 09:59 - 00002310 _____ C:\Users\Public\Desktop\Quickstart.lnk
2016-01-13 09:59 - 2016-01-13 09:59 - 00002194 _____ C:\Users\Public\Desktop\Tech2Win.lnk
2016-01-03 19:46 - 2016-01-03 19:46 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-03 19:46 - 2016-01-03 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-03 19:45 - 2016-01-03 19:46 - 00000000 ____D C:\Program Files\iTunes
2016-01-03 19:45 - 2016-01-03 19:45 - 00000000 ____D C:\Program Files\iPod
2016-01-03 19:45 - 2016-01-03 19:45 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-03 19:42 - 2016-01-03 19:42 - 00000000 ____D C:\Program Files\Bonjour
2016-01-03 19:42 - 2016-01-03 19:42 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-01-03 19:41 - 2016-01-03 19:41 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-01-03 19:41 - 2016-01-03 19:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-01-03 19:23 - 2016-01-03 19:23 - 00003244 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-01-03 19:22 - 2016-01-03 19:22 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-01-03 19:22 - 2016-01-03 19:22 - 00000000 ____D C:\Program Files\Dell Support Center

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-22 20:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-22 19:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-22 19:42 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-22 19:42 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-22 19:30 - 2014-06-13 07:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-22 19:04 - 2013-12-10 20:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-22 18:54 - 2013-12-10 20:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-22 18:53 - 2013-12-26 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-01-22 18:45 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-22 18:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-22 18:39 - 2013-12-10 20:48 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-01-22 18:39 - 2013-12-10 20:48 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-01-22 18:26 - 2014-06-13 07:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-22 15:33 - 2013-12-19 11:08 - 00003978 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FBAFE2E2-9970-4C03-9D4A-0E8A0F25932F}
2016-01-22 15:31 - 2014-04-17 07:28 - 00000000 ____D C:\Users\Jeff Collins\AppData\Local\Google
2016-01-22 15:25 - 2013-12-10 20:42 - 00000000 ____D C:\ProgramData\McAfee
2016-01-22 15:20 - 2013-12-10 20:42 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-01-22 15:20 - 2013-12-10 20:42 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-01-22 14:47 - 2013-12-10 20:42 - 00000000 ____D C:\Program Files\mcafee
2016-01-22 12:19 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-01-22 09:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-22 09:27 - 2014-06-02 10:17 - 00000000 ____D C:\Users\Jeff Collins\AppData\Local\ElevatedDiagnostics
2016-01-21 18:52 - 2013-12-19 13:00 - 00000000 ____D C:\Users\Jeff Collins\sps
2016-01-19 09:45 - 2013-12-10 20:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-14 18:28 - 2015-03-17 07:23 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-14 16:22 - 2015-05-12 14:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 08:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-14 08:14 - 2009-07-13 23:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-14 08:11 - 2014-12-11 19:49 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-14 08:11 - 2014-04-30 15:08 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 20:27 - 2013-12-19 11:29 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 20:24 - 2013-12-19 11:29 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 10:03 - 2014-06-09 15:03 - 00000000 ____D C:\ProgramData\GDS 2
2016-01-13 10:00 - 2013-12-19 13:08 - 00000000 ____D C:\Users\Jeff Collins\swdl
2016-01-13 09:59 - 2013-12-19 13:15 - 00000000 ____D C:\ProgramData\General Motors
2016-01-13 09:59 - 2013-12-19 13:15 - 00000000 ____D C:\Program Files (x86)\General Motors
2016-01-13 09:59 - 2013-12-19 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\General Motors
2016-01-03 19:45 - 2015-02-23 19:38 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-01-03 19:45 - 2015-02-02 08:31 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-03 19:41 - 2015-02-02 08:32 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-03 19:22 - 2013-12-10 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-01-03 19:21 - 2013-12-10 20:40 - 00000000 ____D C:\ProgramData\PCDr
2016-01-03 19:20 - 2015-02-13 09:49 - 00003818 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate

==================== Files in the root of some directories =======

2013-12-26 08:40 - 2013-12-26 08:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-10-15 11:32 - 2014-10-15 11:33 - 0002824 _____ () C:\ProgramData\regid.2014-07.com.eoos-technologies,Development_d7c9a7b0-1f0b-11b2-9cc2-e91594528295.swidtag
2014-11-05 14:05 - 2014-11-05 14:05 - 0002824 _____ () C:\ProgramData\regid.2014-07.com.eoos-technologies,Development_d7c9a7b0-1f0b-11b2-9cc2-e91594528295_1.swidtag
2014-12-16 08:08 - 2014-12-16 08:08 - 0002802 _____ () C:\ProgramData\regid.2014-10.com.eoos-technologies,Development_79749156-1f1b-11b2-a336-cb7a35faa655.swidtag

Files to move or delete:
====================
C:\Users\Jeff Collins\NPSI2KVW.dll

Some files in TEMP:
====================
C:\Users\Jeff Collins\AppData\Local\Temp\HitmanPro_x64.exe
C:\Users\Jeff Collins\AppData\Local\Temp\msvcp110.dll
C:\Users\Jeff Collins\AppData\Local\Temp\msvcp120.dll
C:\Users\Jeff Collins\AppData\Local\Temp\msvcr110.dll
C:\Users\Jeff Collins\AppData\Local\Temp\msvcr120.dll
C:\Users\Jeff Collins\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Jeff Collins\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-19 10:33

==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   63.88KB   0 downloads


BC AdBot (Login to Remove)

 


#2 bwaggoner

bwaggoner
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 22 January 2016 - 09:16 PM

Here is my Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Jeff Collins (2016-01-22 20:09:27)
Running from C:\Users\Jeff Collins\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-19 15:49:34)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4125507415-772478176-2026208290-500 - Administrator - Disabled)
Guest (S-1-5-21-4125507415-772478176-2026208290-501 - Limited - Disabled)
Jeff Collins (S-1-5-21-4125507415-772478176-2026208290-1000 - Administrator - Enabled) => C:\Users\Jeff Collins

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Bus Diagnostic Tool (HKLM-x32\...\{564D9BD9-F1C5-4233-981F-C10D1A7AFAC0}) (Version: 1.29.3 - General Motors)
Dell Custom Help (Version: 15.08.0000.0172 - Intel Corporation) Hidden
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{3F862535-33F3-4F3F-864E-6D4F6FD3258D}) (Version: 1.5.2000.0 - Dell Inc.)
DJ3510FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
Elevated Installer (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{0904cc72-1b29-426a-b0f0-228d2744a4f6}) (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
GDS 2 (HKLM-x32\...\{0624CA22-A85C-4A3B-97DD-C73ACB26AFEF}) (Version: 14.0.02040 - MAHLE Test Systems)
GDS 2 Java (HKLM-x32\...\{B9525813-BCCB-4A40-AF67-6F2A808459CA}) (Version: 13.0.00000 - MAHLE Test Systems)
GM MDI Software - 8.3.103.26 (HKLM-x32\...\{9AFE7A26-DA54-4F7D-B1CE-095152EDD0DD}) (Version: 8.3.103.26 - Bosch)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{0AB0989D-2EBF-4772-830A-B370E0D7ED71}) (Version: 28.0.989.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{B9EE2364-A67C-40DD-8413-495E2C7FBCD0}) (Version: 2.1.2.0206 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{deff5bea-aa8c-46fb-b17d-1cc69b242494}) (Version: 15.8.0 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.6120 - McAfee, Inc.)
MetaWeb (HKLM-x32\...\{EDBEE0B8-E971-48D4-BF08-B68CDDEF3B81}) (Version: 3.3.0.4 - CGM Technology Services)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SIplugin (HKLM-x32\...\InstallShield_{D9D59C79-B080-4C94-B72A-1EB432ED192E}) (Version: 1.00.0000 - GM Service and Parts Operation)
SIplugin (x32 Version: 1.00.0000 - GM Service and Parts Operation) Hidden
Skype™ 5.8 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.158 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Tech2 SAE J2534 DLL (HKLM-x32\...\{E1EB0C47-FC2D-4495-ACDC-60FC4640462E}) (Version: 2.4.0.9 - General Motors)
Tech2Win (HKLM-x32\...\{DDE2FD16-9AF9-4314-A546-DD42F6188782}) (Version: 2.3.22 - General Motors)
Techline Cache (TLC) Administration (HKLM-x32\...\Techline Cache (TLC) Administration) (Version: 6.1.44.0 - Eoos Technologies GmbH)
TIS2Web IVCS5B COM Proxy (HKLM-x32\...\TIS2Web IVCS5B COM Proxy) (Version: 5.0.15.0 - Eoos Technologies GmbH)
TIS2WebProxy (HKLM-x32\...\TIS2WebProxy) (Version: 1.0.60.0 - Eoos Technologies GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.844 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05A9FBE1-DA00-4D4B-BEE3-A49E9C3725F0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {07C8A1A1-BC68-472D-A632-DD095CE00A79} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {0ED42416-6E73-44DC-ACEA-15A202526140} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {191C3679-70B8-4B55-A2B4-0044A36C4F72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {3063293E-97E7-449D-BD06-0804D4E3FEEE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-30] (Adobe Systems Incorporated)
Task: {311AD01D-E779-452F-9D23-12A26F00AF93} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {31DC0733-2DCA-4DA0-ACD9-A89C94BE8D98} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {478ECCCE-D864-4E4E-AD4B-D6278A6FB515} - System32\Tasks\{01C946CB-D0D9-428C-853C-E073C89D9759} => pcalua.exe -a "C:\Users\Jeff Collins\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5F258PFE\JavaSetup8u45.exe" -d "C:\Users\Jeff Collins\Desktop"
Task: {49F3EEF2-8BBE-4A62-B183-AA2C8A5F5BDB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {4AE3BD04-E768-4A7E-8C2E-328BDFA1416C} - System32\Tasks\{76F9D37B-C23D-40F7-A960-C02C52A3A5BC} => pcalua.exe -a C:\ProgramData\Websteroids\uninstall.exe -c /kb=y /ic=2
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {60C24B3F-5E64-42A1-B764-0A0BD8C8E946} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {82BABDCD-C560-4243-BAA0-485455C07220} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {9B8F98D7-9058-4E80-BAD7-6D750B670261} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {A5092217-8C63-4AAD-BB5D-25BB67169244} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2016-01-22] (McAfee, Inc.)
Task: {D375D93D-4969-4E4D-ADCD-81C458331255} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {FBA4C2D2-C474-4000-84F2-1ACC90BBDA8A} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2016-01-22] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-22 16:55 - 2016-01-22 16:55 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4125507415-772478176-2026208290-1000\...\autopartners.net -> hxxps://www.autopartners.net
IE trusted site: HKU\S-1-5-21-4125507415-772478176-2026208290-1000\...\gm.com -> hxxps://tis2web.service.gm.com
IE trusted site: HKU\S-1-5-21-4125507415-772478176-2026208290-1000\...\windstream.net -> hxxp://www.windstream.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-01-22 15:59 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4125507415-772478176-2026208290-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeff Collins\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A0C12AD5-B9C2-488D-9889-8472FF7D1CB1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2134B727-B739-442D-AF14-395410130FE4}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{0CA789F2-4019-4469-A5F6-FF29BDF27BA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AE939424-6BC6-41A1-A8B6-896AE56B65AE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{61C7E20B-9920-4355-B05D-B1B722083665}] => (Allow) LPort=2869
FirewallRules: [{A5EA99CE-3D65-424F-A31D-43F8EFB3D847}] => (Allow) LPort=1900
FirewallRules: [{16EDB4FB-5993-41BC-936C-8E364DB604FE}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{650C089E-F913-4F8C-8010-5EC5EFF9A8AB}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E9610838-F61C-479A-BB67-81ED23866495}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D1615656-EB73-47FE-B0B1-F1FC1200AE0E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9F97F8EE-DAF8-4A3A-9EA0-58A59ED3D933}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B77C96DE-8697-4253-AB72-508A09A1DE43}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B568ACD4-71F2-42A6-BD77-4C164C045608}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EC3C89CB-4686-4C98-8D9D-CB11C74B5796}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A60A24AF-B4C5-41BE-A5CB-59A310301424}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{23351AB5-81E0-45FB-9835-8CFEC0D263CA}C:\program files (x86)\gds 2\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\gds 2\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{92618DF5-4696-48BA-948F-46B1B4218406}C:\program files (x86)\gds 2\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\gds 2\jre6\bin\javaw.exe
FirewallRules: [{7502A6C6-7B51-434D-924B-5191BF018A77}] => (Allow) C:\Program Files (x86)\GM MDI Software\GM MDI Identification Service\GM_MDI_Ident.exe
FirewallRules: [{D4E76A3E-0425-4DE2-B8D1-8D7D355544E8}] => (Allow) C:\Program Files (x86)\GM MDI Software\GM MDI Manager\GM_MDI_Manager.exe
FirewallRules: [{4B166690-8D20-4856-B227-20E2FAFDE871}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03688A5D-519B-4960-8AD5-5A0975F25510}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82473C7F-98C4-4D14-9E9D-85E23E03029C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7A00AAC9-E487-4E9F-84E0-2BFD0E179AB0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{31D626C4-F6D9-4C40-87E8-173212820971}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D1E8B801-4C78-4DE9-99E4-C7F836ACE7B3}] => (Allow) C:\Program Files (x86)\General Motors\Tech2Win\bin\emulator.exe
FirewallRules: [{3ACAFDB3-63C6-4009-9B96-671DFBBF2A30}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-01-2016 08:28:39 Scheduled Checkpoint
12-01-2016 13:22:28 Scheduled Checkpoint
13-01-2016 09:58:18 Removed Tech2Win
13-01-2016 09:59:17 Installed Tech2Win
13-01-2016 20:21:02 Windows Update
21-01-2016 08:27:33 Scheduled Checkpoint
21-01-2016 22:50:46 Removed MetaWeb
21-01-2016 22:59:23 Installed MetaWeb
22-01-2016 15:27:08 JRT Pre-Junkware Removal
22-01-2016 16:22:37 brent
22-01-2016 18:52:42 PC Decrapifier Restore Point
22-01-2016 18:54:33 Removed Dell DataSafe Local Backup
22-01-2016 18:57:32 Removed HP Deskjet 3510 series Product Improvement Study

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2016 08:05:31 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Jeff Collins\Desktop\HitmanPro_x64.exe Collins\Desktop\HitmanPro_x64.exe" /updated:"C:\Users\JEFFCO~1\AppData\Local\Temp\HitmanPro_x64.exe"; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (01/22/2016 08:05:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Jeff Collins\Desktop\HitmanPro_x64.exe Collins\Desktop\HitmanPro_x64.exe" /updated:"C:\Users\JEFFCO~1\AppData\Local\Temp\HitmanPro_x64.exe"; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (01/22/2016 07:47:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2016 07:44:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2016 07:31:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2016 07:02:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2016 06:39:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2016 05:46:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2016 05:15:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_btmshell.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: comctl32.dll, version: 6.10.7601.18837, time stamp: 0x553a8775
Exception code: 0xc000041d
Fault offset: 0x0000000000087b71
Faulting process id: 0x1084
Faulting application start time: 0xrundll32.exe_btmshell.dll0
Faulting application path: rundll32.exe_btmshell.dll1
Faulting module path: rundll32.exe_btmshell.dll2
Report Id: rundll32.exe_btmshell.dll3

Error: (01/22/2016 05:14:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_btmshell.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: comctl32.dll, version: 6.10.7601.18837, time stamp: 0x553a8775
Exception code: 0xc0000005
Fault offset: 0x0000000000087b71
Faulting process id: 0x1084
Faulting application start time: 0xrundll32.exe_btmshell.dll0
Faulting application path: rundll32.exe_btmshell.dll1
Faulting module path: rundll32.exe_btmshell.dll2
Report Id: rundll32.exe_btmshell.dll3

System errors:
=============
Error: (01/22/2016 08:08:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/22/2016 08:08:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/22/2016 08:08:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/22/2016 08:08:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/22/2016 08:08:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/22/2016 08:08:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/22/2016 08:08:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/22/2016 08:08:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/22/2016 08:08:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/22/2016 08:08:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

CodeIntegrity:
===================================
  Date: 2016-01-22 12:09:18.152
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\combofix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-22 12:09:18.105
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\combofix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-19 13:16:26.043
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\evsbc7.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-19 13:16:25.848
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\evsbc7.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 16%
Total physical RAM: 8079.36 MB
Available physical RAM: 6783.75 MB
Total Virtual: 16156.92 MB
Available Virtual: 14993.53 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:837.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F20429AC)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 23 January 2016 - 10:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please update for you added secucity.
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4125507415-772478176-2026208290-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\combofix\catchme.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry. <- let me know what difficulties you have when running in normal mode.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

===

If using IE as your default browser you should update it to at least version 10.
Internet Explorer Version 9 (Default browser: IE)

===

How is the computer running now?

#4 bwaggoner

bwaggoner
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 23 January 2016 - 02:46 PM

Here is my fixlog.  Looks like it went well.  I am in the process of addressing the other issues you mentioned.  I will monitor the system's performance and get back to you later today if it still has any issues. 

 

Thanks for your help!!!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Jeff Collins (2016-01-23 14:33:43) Run:1
Running from C:\Users\Jeff Collins\Desktop
Loaded Profiles: Jeff Collins (Available Profiles: Jeff Collins)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4125507415-772478176-2026208290-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\combofix\catchme.sys [X]

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-4125507415-772478176-2026208290-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
catchme => service removed successfully
EmptyTemp: => 585.5 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 14:34:13 ====



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 28 January 2016 - 08:49 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 03 February 2016 - 10:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users