Solved Computer encrypted by cryptolock and lots of pop-ups

L

lemowill

Posts: 123   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Neshaboo (administrator) on NESHABOO-HP (04-08-2015 11:03:42)
Running from C:\Users\Neshaboo\Desktop
Loaded Profiles: Neshaboo (Available Profiles: Neshaboo & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\005\cyycfhtzro64.exe
Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard HP Quick Launch\HPWMISVC.exe
Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
() C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files\HP HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-06-10] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-06-10] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 32-bit] => C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 64-bit] => C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
HKU\S-1-5-18\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-02-20]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-02-20]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-03-27] ()
Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-03-27] ()
InternetURL: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.optionstopaytos.com/RUzQtU
Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-05-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXLQ,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXLQ,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\.DEFAULT -> {5F2A9A3B-630C-4E1F-9785-313E87C386F6} URL = http://websearch.ask.com/redirect?c...pn_sauid=D59ECCFE-7C17-4A34-8BA4-B77722EE0ABD
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?g...754D09D9&q={searchTerms}&SSPV=NewSP218B_sp_ie
SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?g...754D09D9&q={searchTerms}&SSPV=NewSP218B_sp_ie
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: No Name -> {4F564F32-5637-5341-5443-7A786E7484D7} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-08-04] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-04] (Microsoft Corporation)
BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-08-04] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/Web...n&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
Winsock: Catalog9 16 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
Winsock: Catalog9-x64 01 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
Winsock: Catalog9-x64 02 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
Winsock: Catalog9-x64 03 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
Winsock: Catalog9-x64 04 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
Winsock: Catalog9-x64 16 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 71.252.0.12 71.242.0.12
Tcpip\..\Interfaces\{24A37B02-85F7-46A1-B9B5-AC8490AD0C15}: [DhcpNameServer] 71.252.0.12 71.242.0.12

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll [2013-11-23] ()
FF Extension: ArcadeParlor - C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-09-18]

Chrome:
=======
CHR Profile: C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Simple Dictation) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\diondlbenfmpcapnbegmodfdgmnnpgln [2014-09-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-15]
CHR Extension: (nbglmejghppifhhbdhbaijiagbaedeec) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbglmejghppifhhbdhbaijiagbaedeec [2014-10-04]
CHR Extension: (Google Wallet) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AllDaySavingsService64; C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-12-06] (CyberLink)
R2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe [709120 2014-09-01] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-17] (WildTangent)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
R2 Verifies and fixes application compatibility issues; C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2013-11-27] (Belcarra Technologies) [File not signed]
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-22] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S1 tlsvjnyh; C:\Windows\system32\drivers\tlsvjnyh.sys [55168 2015-08-04] (Microsoft Corporation)
R2 X5XSEx_Pr135; C:\Program Files (x86)\Verizon Games Player\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-04 10:58 - 2015-08-04 10:58 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tlsvjnyh.sys
2015-08-04 10:53 - 2015-08-04 11:03 - 00047877 _____ C:\Users\Neshaboo\Desktop\Addition.txt
2015-08-04 10:50 - 2015-08-04 11:03 - 00026752 _____ C:\Users\Neshaboo\Desktop\FRST.txt
2015-08-04 10:50 - 2015-08-04 11:03 - 00000000 ____D C:\FRST
2015-08-04 10:43 - 2015-08-04 10:43 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-04 10:42 - 2015-08-04 10:42 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-04 10:42 - 2015-08-04 10:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-04 10:42 - 2015-08-04 10:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-04 10:38 - 2015-08-04 10:38 - 14243008 _____ (Microsoft Corporation) C:\Users\Neshaboo\Downloads\mseinstall64.exe
2015-08-04 10:37 - 2015-08-04 10:37 - 02169856 _____ (Farbar) C:\Users\Neshaboo\Desktop\FRST64.exe
2015-08-04 10:29 - 2015-08-04 10:30 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Neshaboo\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-15 20:13 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 20:13 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 19:44 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 19:44 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 19:44 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-15 19:44 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 19:44 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 19:44 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-15 19:43 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-15 19:43 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-15 19:43 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-15 19:43 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-15 19:43 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-07-15 19:43 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-07-15 19:43 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-07-15 19:43 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-07-15 19:43 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-07-15 19:42 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 19:42 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 19:42 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 19:42 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 19:42 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 19:42 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 19:42 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 19:42 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 19:42 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-15 19:42 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-07-15 19:42 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 19:42 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-15 19:42 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-07-15 19:42 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-15 19:42 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-15 19:42 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-07-15 19:42 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-15 19:42 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-07-15 19:42 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-07-15 19:42 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-07-15 19:42 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-07-15 19:42 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-07-15 19:42 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-07-15 19:42 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-07-15 19:42 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-07-15 19:42 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-07-15 19:42 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-07-15 19:42 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-15 19:42 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-15 19:42 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-15 19:42 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-07-15 19:42 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-07-15 19:42 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-15 19:42 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-15 19:42 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-15 19:42 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-07-15 19:41 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 19:41 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 19:41 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 19:41 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 19:41 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 19:41 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 19:41 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 19:41 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 19:41 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 19:41 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 19:41 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 19:41 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 19:41 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 19:41 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 19:41 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 19:41 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 19:41 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 19:41 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 19:41 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 19:41 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 19:41 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 19:41 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 19:41 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 19:41 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 19:41 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 19:41 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 19:41 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 19:41 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 19:41 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 19:41 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 19:41 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 19:41 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 19:41 - 2015-06-20 15:13 - 00077824 _____ Microsoft Corporation) C: Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 19:41 - 2015-06-20 15:08 - 00199680 _____ Microsoft Corporation) C: Windows\system32\msrating.dll
2015-07-15 19:41 - 2015-06-20 15:07 - 00092160 _____ Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 19:41 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 19:41 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 19:41 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 19:41 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 19:41 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 19:41 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 19:41 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 19:41 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 19:41 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 19:41 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 19:41 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 19:41 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 19:41 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 19:41 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 19:41 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 19:41 - 2015-06-19 14:13 - 00115712 _____ Microsoft Corporation) C: Windows\SysWOW64\ieUnatt.exe
2015-07-15 19:41 - 2015-06-19 14:03 - 00418304 _____ Microsoft Corporation) C: Windows\SysWOW64\dxtmsft.dll
2015-07-15 19:41 - 2015-06-19 13:57 - 00060416 _____ Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 19:41 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 19:41 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 19:41 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 19:41 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 19:41 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 19:41 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 19:41 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 19:41 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 19:41 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 19:41 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 19:41 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32 InkEd.dll
2015-07-15 19:41 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-07-15 19:41 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-07-15 19:41 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-07-15 19:40 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 19:40 - 2015-07-04 13:48 - 01414656 _____ Microsoft Corporation) C: Windows\SysWOW64\ole32.dll
2015-07-15 19:40 - 2015-04-27 15:23 - 01480192 _____ Microsoft Corporation) C: Windows\system32\crypt32.dll
2015-07-15 19:40 - 2015-04-27 15:23 - 00229376 _____ Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 19:40 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 19:40 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 19:40 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 19:40 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 19:40 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 19:40 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 19:40 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-15 19:40 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-15 19:39 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32 Drivers\ksecpkg.sys
2015-07-15 19:39 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 19:39 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00210944 _____ Microsoft Corporation) C: Windows\system32\wdigest.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00136192 _____ Microsoft Corporation) C: Windows\system32\sspicli.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00086528 _____ Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 19:39 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 19:39 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 19:39 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 19:39 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 19:39 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 19:39 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 19:39 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 19:39 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 19:39 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 19:39 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 19:39 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 19:39 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 19:39 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 19:39 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 19:39 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 19:39 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 19:39 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 19:39 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 19:39 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 19:39 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 19:39 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 19:39 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 19:39 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 19:39 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 19:39 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 19:39 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 19:39 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 19:39 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 19:39 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-15 19:39 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-07-15 19:39 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-07-15 19:39 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-07-15 19:38 - 2015-07-09 13:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 19:38 - 2015-07-09 13:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 19:38 - 2015-07-09 13:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 19:38 - 2015-07-09 13:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 19:38 - 2015-07-09 13:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 19:38 - 2015-07-09 13:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 19:38 - 2015-07-09 13:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 19:38 - 2015-07-09 13:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 19:38 - 2015-07-03 14:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 19:38 - 2015-07-03 14:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 19:38 - 2015-07-03 14:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 19:38 - 2015-07-03 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 19:38 - 2015-07-03 13:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 19:38 - 2015-07-03 13:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 19:38 - 2015-07-03 13:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 19:38 - 2015-07-03 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 19:38 - 2015-07-03 12:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 19:38 - 2015-07-03 12:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 19:38 - 2015-06-03 16:17 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-07-15 19:38 - 2015-06-03 16:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-15 19:38 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-15 19:38 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-07-15 19:38 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-07-15 19:38 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-07-15 19:37 - 2015-07-15 19:37 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-15 19:37 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 19:37 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-07-15 19:37 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-15 19:37 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-07-15 19:37 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-07-15 19:37 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-15 19:37 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-15 19:21 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-15 19:21 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-15 19:21 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-07-15 19:15 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-15 19:15 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-07-15 19:01 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-07-15 19:01 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-07-15 19:01 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-07-15 19:01 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-07-15 19:00 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-07-15 19:00 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-07-15 19:00 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-07-15 19:00 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-07-15 19:00 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-07-15 19:00 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-07-15 19:00 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-07-15 19:00 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-07-15 19:00 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-07-15 19:00 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-07-15 19:00 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-07-15 19:00 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-07-15 18:59 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-07-15 18:59 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-07-15 18:59 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-07-15 18:59 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-07-15 18:59 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-07-15 18:59 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-07-15 18:59 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-07-15 18:59 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-07-15 18:59 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-07-15 18:58 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-07-15 18:58 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-07-15 18:51 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-15 18:51 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-15 18:39 - 2015-07-15 18:39 - 00000000 ____D C:\Program Files (x86)\GUM25DC.tmp
2015-07-15 18:39 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-15 18:39 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-07-15 18:39 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-07-15 18:39 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
 
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-04 11:00 - 2012-03-09 09:27 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{56CD31B4-BB90-4A70-A0F1-FA3D0FBFD449}
2015-08-04 10:58 - 2014-01-26 14:31 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-04 10:57 - 2015-01-11 00:39 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier
2015-08-04 10:57 - 2014-01-26 14:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-04 10:54 - 2014-03-11 15:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-04 10:53 - 2015-01-13 00:52 - 00000112 _____ C:\ProgramData\3550uus0.dat
2015-08-04 10:53 - 2011-02-20 05:38 - 01455146 _____ C:\Windows\WindowsUpdate.log
2015-08-04 10:41 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-04 10:41 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-04 10:39 - 2012-11-14 15:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-04 10:24 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-04 10:21 - 2014-10-22 20:05 - 00000372 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Neshaboo).job
2015-08-04 10:21 - 2014-01-26 14:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-03 11:28 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-03 11:28 - 2009-07-14 00:51 - 00073906 _____ C:\Windows\setupact.log
2015-08-01 10:19 - 2014-11-13 04:09 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieBrowserModeList
2015-08-01 10:19 - 2014-04-14 21:59 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieUserList
2015-08-01 10:19 - 2014-04-14 21:59 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieSiteList
2015-08-01 10:19 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-01 10:08 - 2009-07-14 00:45 - 00442664 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-01 10:04 - 2014-12-14 04:15 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-01 10:04 - 2014-05-07 15:43 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-01 10:04 - 2011-02-20 05:43 - 00282088 _____ C:\Windows\PFRO.log
2015-08-01 10:03 - 2014-01-26 14:31 - 00000000 ____D C:\Program Files\Google
2015-08-01 10:03 - 2014-01-26 14:30 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-15 20:28 - 2011-04-28 18:49 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-15 20:12 - 2013-03-16 03:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-15 20:11 - 2013-03-16 03:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-15 20:11 - 2013-03-16 03:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-15 20:10 - 2013-07-17 23:16 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 19:37 - 2012-11-14 15:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 19:37 - 2012-11-14 15:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 19:37 - 2011-08-07 12:36 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 19:24 - 2014-01-26 14:30 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\Google
2015-07-15 19:06 - 2014-01-26 14:31 - 00000000 ____D C:\ProgramData\Google
2015-07-15 19:03 - 2011-01-09 05:55 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-07-15 18:45 - 2014-01-26 14:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 18:45 - 2014-01-26 14:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-05 06:08 - 2014-09-30 01:48 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Neshaboo\AppData\Roaming\CXJVL
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Neshaboo\AppData\Roaming\FFBRK
2011-06-04 15:49 - 2011-06-24 13:08 - 0001854 _____ () C:\Users\Neshaboo\AppData\Roaming\GhostObjGAFix.xml
2015-03-19 00:22 - 2015-03-19 00:22 - 0045711 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-19 00:22 - 2015-03-19 00:22 - 0004280 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-19 00:22 - 2015-03-19 00:22 - 0000300 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.URL
2014-10-22 18:50 - 2014-10-22 18:51 - 0118784 _____ () C:\Users\Neshaboo\AppData\Local\ChromeHitoryDB
2012-05-08 20:30 - 2012-05-08 20:58 - 0000581 _____ () C:\Users\Neshaboo\AppData\Local\cookies.ini
2015-03-19 00:21 - 2015-03-19 00:21 - 0045711 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.PNG
2015-03-19 00:21 - 2015-03-19 00:21 - 0004280 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.TXT
2015-03-19 00:21 - 2015-03-19 00:21 - 0000300 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.URL
2011-07-14 10:10 - 2011-07-14 10:18 - 0010924 ___SH () C:\Users\Neshaboo\AppData\Local\p800dh7g330a2tcht155xte60kn03vi76
2015-01-13 00:52 - 2015-08-04 10:53 - 0000112 _____ () C:\ProgramData\3550uus0.dat
2013-03-09 23:17 - 2013-03-09 23:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-03-19 00:18 - 2015-03-19 00:18 - 0045711 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-19 00:18 - 2015-03-19 00:18 - 0004280 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-19 00:18 - 2015-03-19 00:18 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2011-07-14 10:10 - 2011-07-14 10:12 - 0010908 ___SH () C:\ProgramData\p800dh7g330a2tcht155xte60kn03vi76
2011-02-20 05:47 - 2011-02-20 05:47 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2011-01-09 06:02 - 2011-01-09 06:02 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-02-20 05:47 - 2011-02-20 05:47 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2011-01-09 06:01 - 2011-01-09 06:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-02-20 05:46 - 2011-02-20 05:46 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-01-09 06:00 - 2011-01-09 06:00 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\3550uus0.dat


Some files in TEMP:
====================
C:\Users\Neshaboo\AppData\Local\Temp\.exe
C:\Users\Neshaboo\AppData\Local\Temp\212F.exe
C:\Users\Neshaboo\AppData\Local\Temp\932E.exe
C:\Users\Neshaboo\AppData\Local\Temp\AAAF.exe
C:\Users\Neshaboo\AppData\Local\Temp\AllDaySavings.exe
C:\Users\Neshaboo\AppData\Local\Temp\CFA.exe
C:\Users\Neshaboo\AppData\Local\Temp\contentDATs.exe
C:\Users\Neshaboo\AppData\Local\Temp\D8A.exe
C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginROW.exe
C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginUS.exe
C:\Users\Neshaboo\AppData\Local\Temp\Extract.exe
C:\Users\Neshaboo\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Neshaboo\AppData\Local\Temp\Launcher.exe
C:\Users\Neshaboo\AppData\Local\Temp\mssinstaller.exe
C:\Users\Neshaboo\AppData\Local\Temp\NEW21A1.tmp.exe
C:\Users\Neshaboo\AppData\Local\Temp\nse3A24.exe
C:\Users\Neshaboo\AppData\Local\Temp\nso6F1C.exe
C:\Users\Neshaboo\AppData\Local\Temp\nso73FD.exe
C:\Users\Neshaboo\AppData\Local\Temp\nsrE679.exe
C:\Users\Neshaboo\AppData\Local\Temp\nst3EC6.exe
C:\Users\Neshaboo\AppData\Local\Temp\nsw55CC.tmp.exe
C:\Users\Neshaboo\AppData\Local\Temp\ochelper.exe
C:\Users\Neshaboo\AppData\Local\Temp\offercast.exe
C:\Users\Neshaboo\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Neshaboo\AppData\Local\Temp\optprosetup.exe
C:\Users\Neshaboo\AppData\Local\Temp\rcpsetup_26034.exe
C:\Users\Neshaboo\AppData\Local\Temp\Resource.exe
C:\Users\Neshaboo\AppData\Local\Temp\scp73BA.tmp.exe
C:\Users\Neshaboo\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Neshaboo\AppData\Local\Temp\setup.exe
C:\Users\Neshaboo\AppData\Local\Temp\SHelp2.exe
C:\Users\Neshaboo\AppData\Local\Temp\sNwrWt21.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52093.exe
C:\Users\Neshaboo\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52264.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52407.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52469.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52509.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52615.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52796.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52799.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52956.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP53133.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP53546.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP53663.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP53851.exe
C:\Users\Neshaboo\AppData\Local\Temp\sp54620.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP54714.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP55026.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP55029.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP55031.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP55152.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP56215.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP56874.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP56878.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP56929.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP57398.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP57698.exe
C:\Users\Neshaboo\AppData\Local\Temp\sp58915.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP59202.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP60864.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP61152.exe
C:\Users\Neshaboo\AppData\Local\Temp\sp64126.exe
C:\Users\Neshaboo\AppData\Local\Temp\SpOrder.dll
C:\Users\Neshaboo\AppData\Local\Temp\SymCCIS.dll
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite44837.dll
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite46318.dll
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite74679.dll
C:\Users\Neshaboo\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Neshaboo\AppData\Local\Temp\wejtzk5q.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Neshaboo (2015-08-04 11:04:21)
Running from C:\Users\Neshaboo\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-720022467-1087662642-2550357224-500 - Administrator - Disabled)
Guest (S-1-5-21-720022467-1087662642-2550357224-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-720022467-1087662642-2550357224-1002 - Limited - Enabled)
Neshaboo (S-1-5-21-720022467-1087662642-2550357224-1000 - Administrator - Enabled) => C:\Users\Neshaboo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Burger Shop 2™ (HKLM-x32\...\exent_645450) (Version: - )
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cases of Stolen Beauty (x32 Version: 2.2.0.110 - WildTangent) Hidden
Christmas Wonderland (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3525 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4814 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3609 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Department 42: The Mystery of the Nine (x32 Version: 2.2.0.110 - WildTangent) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Family Vacation: California (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version: - Zecter Inc.)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{0C107330-16DF-4D39-AA74-0E5448AED9E8}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I SPY Treasure Hunt (x32 Version: 2.2.0.97 - WildTangent) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Inbetween Land (x32 Version: 3.0.2.51 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3429 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3429 - CyberLink Corp.) Hidden
LeapFrog LeapReader Plugin (x32 Version: 5.2.4.18512 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nancy Drew: Secrets Can Kill Remastered (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.35 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4725 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4725 - CyberLink Corp.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Snark Busters 3: High Society (x32 Version: 2.2.0.110 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Fog (x32 Version: 3.0.2.59 - WildTangent) Hidden
The Lost Cases of Sherlock Holmes 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version: - LeapFrog)
Verizon Games Player (HKLM-x32\...\{A7DDBA41-E56C-4654-9AB2-C8187E3F2C27}) (Version: - )
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
WebIQ Technology Engine (HKLM-x32\...\{31F039C7-DF16-4FCC-85AE-68E68352D2B2}) (Version: 1.7.1114 - Usability Sciences Corporation)
Weird Park: Broken Tune (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

27-03-2015 00:41:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
27-03-2015 00:41:33 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
27-03-2015 00:45:25 Restore Operation
15-07-2015 19:02:19 Removed Windows Live Mesh ActiveX Control for Remote Connections
15-07-2015 19:21:02 Windows Update
15-07-2015 19:26:00 HPSF Restore Point
15-07-2015 20:03:41 Windows Update
04-08-2015 10:23:35 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-09-30 08:54 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 d3oxij66pru1i3.cloudfront.net

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15217754-BF21-497A-AF48-25CCC4EBD9B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {153B3946-3819-4C13-9075-6DA98BF9EF92} - System32\Tasks\{3B14636D-5FDA-48FF-8FB3-E97C22CB0F7E} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {171F9109-F9DA-42BA-A15C-E8A2468D8CCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {44012427-6770-48F9-B81C-77E1BBC077F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {56D17EA8-0591-4E56-B700-504255195064} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Neshaboo) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {578D75BC-05E9-4212-A0A1-3AB5F3139BD1} - System32\Tasks\HP AR Program Upload - baf9a344280e45d08081662302573919bc7c06020fab43629b1abf48c628606d => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {6666C4D7-04E6-4262-B536-492F7CA75125} - System32\Tasks\HP AR Program Upload - e7686d6754a54044ac830d08a6c86ab8a8594926fded4dfca8f7303591da2bf7 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {73D1BF56-F620-4D74-AD38-10B94C9CD917} - System32\Tasks\HP AR Program Upload - 7e18934b81cb4b93b008770d06d1629824b5c61632e24ae6aeba3948b76d49f8 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {77A744A8-7F99-42DD-918E-904ACDEC2F02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {7C864BDD-2135-4A59-AB67-55DFA5BE0126} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7D6F2967-4CC1-42C1-96AF-4DFCB24F8812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {8845D76B-BCF3-4C82-AFC8-4D1A6C28C9F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8A356F31-450B-4646-AD62-91D06892EFF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8D97317C-AE08-49D8-B23A-6B930C2E0A57} - System32\Tasks\HP AR Program Upload - 7e6a3e70bd4242cda7017a70eed11a1a1a66478c86134afe952181005e18c563 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {944FF85D-A193-4195-88FE-49BF80A6B762} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {A6FC653D-E61B-4AAE-A0B9-FC5BB471AAB4} - System32\Tasks\HP AR Program Upload - 1ac898481ec845ddb78da7e6335898d398451f13e90b4f64b1ffed57ad5eadfe => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B23102A2-E0E8-4074-A78B-8377CC64D47F} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B28CFF47-1E15-4022-9A47-1406169E9ADF} - System32\Tasks\{E7B58D99-4F3C-49AA-BB2E-135811BE89F0} => pcalua.exe -a "C:\Program Files (x86)\Verizon Games Player\Uninstall.exe"
Task: {B55D2396-49EA-4EAD-B40E-ECCEF88D8BFB} - System32\Tasks\{D4B7C16E-2B81-4288-8611-82DB39965C64} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {D2D33CF4-ED3E-481F-B6B7-49ECE8D58817} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-12-11] (CyberLink)
Task: {DE73B2F0-FB23-46FD-B26D-1F378267A77F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EA1CC361-C3E0-473C-BF23-6699CBC219F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
Task: {ED260611-6F26-45D2-9C05-F3B3733B2152} - System32\Tasks\{ED962435-FD06-416F-9C70-1159E0F3E9C0} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {F65997B1-6EC4-4998-828B-F03FA3BC900C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-08-04] (Microsoft Corporation)
Task: {F8F3DE14-AD82-4C94-9472-F15F701D1C51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Neshaboo).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (Whitelisted) ==============
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

We can remove Cryptolocker itself but encrypted files are not recoverable.
If that's OK with you let me know and we'll proceed.
 
Addition log is incomplete.
There is more below this line:

==================== Loaded Modules (Whitelisted) ==============
 
==================== Loaded Modules (Whitelisted) ==============

2014-09-01 00:26 - 2014-09-01 00:26 - 00709120 _____ () C:\Program Files\005\cyycfhtzro64.exe
2015-01-11 00:39 - 2015-01-12 14:55 - 00091304 _____ () C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2014-11-19 00:12 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-12-08 14:55 - 2010-12-08 14:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-07-29 23:39 - 2010-07-29 23:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-07-21 18:33 - 2010-07-21 18:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-07-21 18:33 - 2010-07-21 18:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 18:33 - 2010-07-21 18:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-03-11 15:18 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-11-22 18:00 - 2010-11-22 18:00 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-11-22 18:00 - 2010-11-22 18:00 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-11-22 18:00 - 2010-11-22 18:00 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-10-22 19:33 - 2014-10-22 19:33 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-02-20 05:35 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-08-04 10:48 - 2015-07-25 04:46 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll
2015-08-04 10:47 - 2015-07-25 04:46 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll
2015-08-04 10:49 - 2015-07-25 04:46 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\tlsvjnyh.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 71.252.0.12 - 71.242.0.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D6D334A1-795D-4D28-9E95-5BB4AB6A9FDB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{DD0BB6D1-83CC-4CFF-AEDB-D7827BC946B1}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{8E526251-143C-4534-89BC-4CAD045FA589}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{7F45E489-EEBA-4E82-9A82-2EBEA63E61EE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{96B0D824-04F5-47B1-9DC8-F1CFA71E0461}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C86EBE37-B6DF-4FE5-9223-D6B476A23436}] => (Allow) LPort=2869
FirewallRules: [{5AF2DF68-743D-43B3-87AE-6814D15DCA52}] => (Allow) LPort=1900
FirewallRules: [{7C9C6D48-825D-423A-B138-34DA1695DB97}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9FB0E4CB-CAFC-4354-ACBE-8D386E075A97}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{29EDA64A-5A0B-4AB3-B01B-3897977B7BA2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{EF959CFD-3727-480E-9ED3-93C5CC0F4107}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{2D26D779-C688-4FC8-8DC1-CECD444AD4F2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [TCP Query User{89A3BEEA-7323-4B0C-B086-61590CE8E2E9}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{B4BD1E27-AC5D-47F3-9245-6EAC6CA5D4E8}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{E4E4E7F1-4496-481B-B430-584953D470AF}] => (Allow) LPort=443
FirewallRules: [{216AA462-61AD-4421-AE98-2E6B0B192C50}] => (Allow) LPort=443
FirewallRules: [{39FE1071-A14E-4E22-8584-25712ED26017}] => (Allow) LPort=37674
FirewallRules: [{8F189678-5155-489B-B4AB-258315C094E3}] => (Allow) LPort=37674
FirewallRules: [{45349DEB-7CDF-4BC5-BDE9-A3E62220FFF6}] => (Allow) LPort=37675
FirewallRules: [TCP Query User{139DFFBC-1CC8-4513-B65D-FA5A0C6D8B12}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{E44FBF13-9DCD-445D-A5FE-C6E07FA2B4BF}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{8DDEE566-636C-4E66-B0A5-74C18C86FBDA}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
FirewallRules: [{3C9A2EB5-0699-47C2-ADEA-D6EF8EC13C3C}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
FirewallRules: [TCP Query User{E5D3A398-A13C-444A-94D6-A92C2EBA8648}C:\program files (x86)\tango\tango.exe] => (Block) C:\program files (x86)\tango\tango.exe
FirewallRules: [UDP Query User{EC433D7C-FF32-4D0A-BD5B-961082A2A499}C:\program files (x86)\tango\tango.exe] => (Block) C:\program files (x86)\tango\tango.exe
FirewallRules: [{91AE8FC2-5E12-49A2-AC94-ECF1D7991B4A}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{1B942E25-0E89-420D-9657-B276A65120EB}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{EEB6CA6F-4C12-4480-A3D4-4D4FF72430EA}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F09BC73F-5A49-49B2-B7D3-20871A9F9984}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{23F8B979-D326-4F20-BB5D-FD45668514C5}] => (Allow) C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{29133CE9-206E-4278-97B3-E82EB52D90DA}] => (Allow) C:\Users\Neshaboo\AppData\Local\Temp\7zS2156.tmp\SymNRT.exe
FirewallRules: [{E3175C05-A110-4118-9F0B-BE134694C8EB}] => (Allow) C:\Users\Neshaboo\AppData\Local\Temp\7zS2156.tmp\SymNRT.exe
FirewallRules: [{4EEAE3D9-9677-4E48-81BD-CCE3AA2BF523}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D0585044-54FE-4001-AC3E-B2D6A6B8AE79}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2609BBB3-26FE-4C9F-BC4E-38047A21B3C7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{E03A776E-E979-441D-B6AF-4F7CA37110C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2015 10:43:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

Error: (08/01/2015 10:14:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: compatibilitycheck.exe, version: 0.0.0.0, time stamp: 0x54bd82c9
Faulting module name: compatibilitycheck.exe, version: 0.0.0.0, time stamp: 0x54bd82c9
Exception code: 0xc0000005
Fault offset: 0x0009587e
Faulting process id: 0x200
Faulting application start time: 0xcompatibilitycheck.exe0
Faulting application path: compatibilitycheck.exe1
Faulting module path: compatibilitycheck.exe2
Report Id: compatibilitycheck.exe3

Error: (07/15/2015 07:52:48 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
Description: Microsoft Word: Accepted Safe Mode action : Word couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?.
Accepted Safe Mode action : Microsoft Word.

Error: (07/15/2015 06:45:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 15.0.4701.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1684

Start Time: 01d0bf4fbf0ac110

Termination Time: 0

Application Path: C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE

Report Id: 2545557e-2b43-11e5-bd28-cc52af6b1fdb

Error: (07/15/2015 06:38:21 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/27/2015 12:42:52 AM) (Source: VSS) (EventID: 12344) (User: )
Description: Volume Shadow Copy Error: An error 0x00000000c000014d was encountered while Registry Writer was preparing the registry for a shadow
copy. Check the Application and System event logs for any related errors.


Operation:
OnFreeze event
Freeze Event

Context:
Execution Context: Registry Writer
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {4e63d4e7-31c0-4148-a7e3-8d2ae924031b}

Error: (03/27/2015 12:41:44 AM) (Source: VSS) (EventID: 12344) (User: )
Description: Volume Shadow Copy Error: An error 0x00000000c000014d was encountered while Registry Writer was preparing the registry for a shadow
copy. Check the Application and System event logs for any related errors.


Operation:
OnFreeze event
Freeze Event

Context:
Execution Context: Registry Writer
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {4e63d4e7-31c0-4148-a7e3-8d2ae924031b}

Error: (03/27/2015 12:04:14 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Neshaboo-HP)
Description: Application or service 'Microsoft PowerPoint' could not be shut down.


System errors:
=============
Error: (08/04/2015 10:43:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/04/2015 10:43:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/04/2015 10:43:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/04/2015 10:43:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/04/2015 10:43:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/04/2015 10:43:44 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/04/2015 10:43:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %Neshaboo-HP60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %Neshaboo-HP51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %Neshaboo-HP602

Update Type: %Neshaboo-HP604

User: Neshaboo-HP\Neshaboo

Current Engine Version: %Neshaboo-HP605

Previous Engine Version: %Neshaboo-HP606

Error code: %Neshaboo-HP607

Error description: %Neshaboo-HP608

Error: (08/04/2015 10:43:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %Neshaboo-HP60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %Neshaboo-HP51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %Neshaboo-HP602

Update Type: %Neshaboo-HP604

User: Neshaboo-HP\Neshaboo

Current Engine Version: %Neshaboo-HP605

Previous Engine Version: %Neshaboo-HP606

Error code: %Neshaboo-HP607

Error description: %Neshaboo-HP608

Error: (08/04/2015 10:43:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %Neshaboo-HP60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %Neshaboo-HP51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %Neshaboo-HP602

Update Type: %Neshaboo-HP604

User: Neshaboo-HP\Neshaboo

Current Engine Version: %Neshaboo-HP605

Previous Engine Version: %Neshaboo-HP606

Error code: %Neshaboo-HP607

Error description: %Neshaboo-HP608

Error: (08/04/2015 10:43:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office:
=========================
Error: (08/04/2015 10:43:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

Error: (08/01/2015 10:14:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e20001d0cc63f9cddd51C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe91a647ea-3857-11e5-b9cb-cc52af6b1fdb

Error: (07/15/2015 07:52:48 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
Description: Microsoft WordWord couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?

Error: (07/15/2015 06:45:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE15.0.4701.1000168401d0bf4fbf0ac1100C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE2545557e-2b43-11e5-bd28-cc52af6b1fdb

Error: (07/15/2015 06:38:21 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/27/2015 12:42:52 AM) (Source: VSS) (EventID: 12344) (User: )
Description: 0x00000000c000014d

Operation:
OnFreeze event
Freeze Event

Context:
Execution Context: Registry Writer
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {4e63d4e7-31c0-4148-a7e3-8d2ae924031b}

Error: (03/27/2015 12:41:44 AM) (Source: VSS) (EventID: 12344) (User: )
Description: 0x00000000c000014d

Operation:
OnFreeze event
Freeze Event

Context:
Execution Context: Registry Writer
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {4e63d4e7-31c0-4148-a7e3-8d2ae924031b}

Error: (03/27/2015 12:04:14 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Neshaboo-HP)
Description: 1C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exeMicrosoft PowerPoint021173960243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C006F0066006600690063006500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000


CodeIntegrity:
===================================
Date: 2015-02-19 14:19:28.804
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-19 14:18:51.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-15 02:31:02.362
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-15 02:29:56.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-14 22:57:52.201
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-14 22:57:51.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-14 22:57:20.669
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-14 10:33:51.800
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-14 10:33:51.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-14 10:33:20.339
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 72%
Total physical RAM: 3893.86 MB
Available physical RAM: 1082.11 MB
Total Virtual: 7785.93 MB
Available Virtual: 4124.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.82 GB) (Free:367.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.64 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F4AEA3A7)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    12.1 KB · Views: 2
Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Neshaboo (2015-08-06 00:51:46) Run:1
Running from C:\Users\Neshaboo\Desktop
Loaded Profiles: Neshaboo (Available Profiles: Neshaboo & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
() C:\Program Files\005\cyycfhtzro64.exe
C:\Program Files\005\cyycfhtzro64.exe
HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-03-27] ()
Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-03-27] ()
InternetURL: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.optionstopaytos.com/RUzQtU
C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG
C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT
C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXLQ,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXLQ,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\.DEFAULT -> {5F2A9A3B-630C-4E1F-9785-313E87C386F6} URL = http://websearch.ask.com/redirect?c...pn_sauid=D59ECCFE-7C17-4A34-8BA4-B77722EE0ABD
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?g...754D09D9&q={searchTerms}&SSPV=NewSP218B_sp_ie
SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?g...754D09D9&q={searchTerms}&SSPV=NewSP218B_sp_ie
BHO: No Name -> {4F564F32-5637-5341-5443-7A786E7484D7} -> No File
BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
Winsock: Catalog9 16 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
Winsock: Catalog9-x64 01 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
Winsock: Catalog9-x64 02 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
Winsock: Catalog9-x64 03 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
Winsock: Catalog9-x64 04 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
Winsock: Catalog9-x64 16 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
Hosts:
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
CHR Extension: (nbglmejghppifhhbdhbaijiagbaedeec) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbglmejghppifhhbdhbaijiagbaedeec [2014-10-04]
C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbglmejghppifhhbdhbaijiagbaedeec
R2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe [709120 2014-09-01] () [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
C:\monitorsvc.exe
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Neshaboo\AppData\Roaming\CXJVL
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Neshaboo\AppData\Roaming\FFBRK
2011-06-04 15:49 - 2011-06-24 13:08 - 0001854 _____ () C:\Users\Neshaboo\AppData\Roaming\GhostObjGAFix.xml
2015-03-19 00:22 - 2015-03-19 00:22 - 0045711 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-19 00:22 - 2015-03-19 00:22 - 0004280 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-19 00:22 - 2015-03-19 00:22 - 0000300 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.URL
2014-10-22 18:50 - 2014-10-22 18:51 - 0118784 _____ () C:\Users\Neshaboo\AppData\Local\ChromeHitoryDB
2012-05-08 20:30 - 2012-05-08 20:58 - 0000581 _____ () C:\Users\Neshaboo\AppData\Local\cookies.ini
2015-03-19 00:21 - 2015-03-19 00:21 - 0045711 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.PNG
2015-03-19 00:21 - 2015-03-19 00:21 - 0004280 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.TXT
2015-03-19 00:21 - 2015-03-19 00:21 - 0000300 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.URL
2011-07-14 10:10 - 2011-07-14 10:18 - 0010924 ___SH () C:\Users\Neshaboo\AppData\Local\p800dh7g330a2tcht155xte60kn03vi76
2015-01-13 00:52 - 2015-08-04 10:53 - 0000112 _____ () C:\ProgramData\3550uus0.dat
2013-03-09 23:17 - 2013-03-09 23:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-03-19 00:18 - 2015-03-19 00:18 - 0045711 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-19 00:18 - 2015-03-19 00:18 - 0004280 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-19 00:18 - 2015-03-19 00:18 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
2011-07-14 10:10 - 2011-07-14 10:12 - 0010908 ___SH () C:\ProgramData\p800dh7g330a2tcht155xte60kn03vi76
2011-02-20 05:47 - 2011-02-20 05:47 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2011-01-09 06:02 - 2011-01-09 06:02 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-02-20 05:47 - 2011-02-20 05:47 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2011-01-09 06:01 - 2011-01-09 06:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-02-20 05:46 - 2011-02-20 05:46 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-01-09 06:00 - 2011-01-09 06:00 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\ProgramData\3550uus0.dat
C:\Users\Neshaboo\AppData\Local\Temp\.exe
C:\Users\Neshaboo\AppData\Local\Temp\212F.exe
C:\Users\Neshaboo\AppData\Local\Temp\932E.exe
C:\Users\Neshaboo\AppData\Local\Temp\AAAF.exe
C:\Users\Neshaboo\AppData\Local\Temp\AllDaySavings.exe
C:\Users\Neshaboo\AppData\Local\Temp\CFA.exe
C:\Users\Neshaboo\AppData\Local\Temp\contentDATs.exe
C:\Users\Neshaboo\AppData\Local\Temp\D8A.exe
C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginROW.exe
C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginUS.exe
C:\Users\Neshaboo\AppData\Local\Temp\Extract.exe
C:\Users\Neshaboo\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Neshaboo\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Neshaboo\AppData\Local\Temp\Launcher.exe
C:\Users\Neshaboo\AppData\Local\Temp\mssinstaller.exe
C:\Users\Neshaboo\AppData\Local\Temp\NEW21A1.tmp.exe
C:\Users\Neshaboo\AppData\Local\Temp\nse3A24.exe
C:\Users\Neshaboo\AppData\Local\Temp\nso6F1C.exe
C:\Users\Neshaboo\AppData\Local\Temp\nso73FD.exe
C:\Users\Neshaboo\AppData\Local\Temp\nsrE679.exe
C:\Users\Neshaboo\AppData\Local\Temp\nst3EC6.exe
C:\Users\Neshaboo\AppData\Local\Temp\nsw55CC.tmp.exe
C:\Users\Neshaboo\AppData\Local\Temp\ochelper.exe
C:\Users\Neshaboo\AppData\Local\Temp\offercast.exe
C:\Users\Neshaboo\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Neshaboo\AppData\Local\Temp\optprosetup.exe
C:\Users\Neshaboo\AppData\Local\Temp\rcpsetup_26034.exe
C:\Users\Neshaboo\AppData\Local\Temp\Resource.exe
C:\Users\Neshaboo\AppData\Local\Temp\scp73BA.tmp.exe
C:\Users\Neshaboo\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Neshaboo\AppData\Local\Temp\setup.exe
C:\Users\Neshaboo\AppData\Local\Temp\SHelp2.exe
C:\Users\Neshaboo\AppData\Local\Temp\sNwrWt21.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52093.exe
C:\Users\Neshaboo\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52264.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52407.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52469.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52509.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52615.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52796.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52799.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP52956.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP53133.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP53546.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP53663.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP53851.exe
C:\Users\Neshaboo\AppData\Local\Temp\sp54620.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP54714.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP55026.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP55029.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP55031.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP55152.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP56215.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP56874.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP56878.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP56929.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP57398.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP57698.exe
C:\Users\Neshaboo\AppData\Local\Temp\sp58915.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP59202.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP60864.exe
C:\Users\Neshaboo\AppData\Local\Temp\SP61152.exe
C:\Users\Neshaboo\AppData\Local\Temp\sp64126.exe
C:\Users\Neshaboo\AppData\Local\Temp\SpOrder.dll
C:\Users\Neshaboo\AppData\Local\Temp\SymCCIS.dll
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite44837.dll
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite46318.dll
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite74679.dll
C:\Users\Neshaboo\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Neshaboo\AppData\Local\Temp\wejtzk5q.dll
AlternateDataStreams: C:\Windows\system32\Drivers\tlsvjnyh.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:373E1720

*****************

[1988] C:\Program Files\005\cyycfhtzro64.exe => process closed successfully.
C:\Program Files\005\cyycfhtzro64.exe => moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG => moved successfully.
C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT => moved successfully.
C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL => moved successfully.
"C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG" => File/Folder not found.
"C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT" => File/Folder not found.
"C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL" => File/Folder not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F2A9A3B-630C-4E1F-9785-313E87C386F6}" => key removed successfully
HKCR\CLSID\{5F2A9A3B-630C-4E1F-9785-313E87C386F6} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found.
"HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F564F32-5637-5341-5443-7A786E7484D7}" => key removed successfully
HKCR\CLSID\{4F564F32-5637-5341-5443-7A786E7484D7} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfully
"HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
Winsock: Catalog entry 000000000001 => removed successfully
Winsock: Catalog entry 000000000002 => removed successfully
Winsock: Catalog entry 000000000003 => removed successfully
Winsock: Catalog entry 000000000004 => removed successfully
Winsock: Catalog entry 000000000016 => removed successfully
Winsock: Catalog entry 000000000001 => removed successfully
Winsock: Catalog entry 000000000002 => removed successfully
Winsock: Catalog entry 000000000003 => removed successfully
Winsock: Catalog entry 000000000004 => removed successfully
Winsock: Catalog entry 000000000016 => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully
C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbglmejghppifhhbdhbaijiagbaedeec => moved successfully.
"C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbglmejghppifhhbdhbaijiagbaedeec" => File/Folder not found.
cyycfhtzro64 => service removed successfully
ProtectMonitor => service removed successfully
C:\monitorsvc.exe => moved successfully.
C:\Users\Neshaboo\AppData\Roaming\CXJVL => moved successfully.
C:\Users\Neshaboo\AppData\Roaming\FFBRK => moved successfully.
C:\Users\Neshaboo\AppData\Roaming\GhostObjGAFix.xml => moved successfully.
C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.PNG => moved successfully.
C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.TXT => moved successfully.
C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.URL => moved successfully.
C:\Users\Neshaboo\AppData\Local\ChromeHitoryDB => moved successfully.
C:\Users\Neshaboo\AppData\Local\cookies.ini => moved successfully.
C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.PNG => moved successfully.
C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.TXT => moved successfully.
C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.URL => moved successfully.
C:\Users\Neshaboo\AppData\Local\p800dh7g330a2tcht155xte60kn03vi76 => moved successfully.
C:\ProgramData\3550uus0.dat => moved successfully.
C:\ProgramData\Ament.ini => moved successfully.
C:\ProgramData\HELP_DECRYPT.PNG => moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT => moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => moved successfully.
C:\ProgramData\p800dh7g330a2tcht155xte60kn03vi76 => moved successfully.
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log => moved successfully.
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully.
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log => moved successfully.
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully.
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log => moved successfully.
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully.
"C:\ProgramData\3550uus0.dat" => File/Folder not found.
C:\Users\Neshaboo\AppData\Local\Temp\.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\212F.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\932E.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\AAAF.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\AllDaySavings.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\CFA.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\contentDATs.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\D8A.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginROW.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginUS.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\Extract.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\HPHelpUpdater.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\jre-8u31-windows-au.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\Launcher.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\mssinstaller.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\NEW21A1.tmp.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\nse3A24.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\nso6F1C.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\nso73FD.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\nsrE679.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\nst3EC6.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\nsw55CC.tmp.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\ochelper.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\offercast.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\OptimizerPro.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\optprosetup.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\rcpsetup_26034.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\Resource.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\scp73BA.tmp.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SecurityScan_Release.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\setup.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SHelp2.exe => moved successfully.
"C:\Users\Neshaboo\AppData\Local\Temp\sNwrWt21.exe" => File/Folder not found.
C:\Users\Neshaboo\AppData\Local\Temp\SP52093.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\sp52110.exe.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP52264.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP52407.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP52469.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP52509.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP52615.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP52796.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP52799.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP52956.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP53133.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP53546.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP53663.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP53851.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\sp54620.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP54714.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP55026.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP55029.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP55031.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP55152.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP56215.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP56874.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP56878.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP56929.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP57398.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP57698.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\sp58915.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP59202.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP60864.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SP61152.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\sp64126.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SpOrder.dll => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\SymCCIS.dll => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite.dll => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite44837.dll => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite46318.dll => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite74679.dll => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\The_Weather_Channel_Application.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPSA.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPTCA.exe => moved successfully.
C:\Users\Neshaboo\AppData\Local\Temp\wejtzk5q.dll => moved successfully.
"C:\Windows\system32\Drivers\tlsvjnyh.sys" => ":changelist" ADS not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.

==== End of Fixlog 00:52:09 ====
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V10.9.4.0 [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Neshaboo [Administrator]
Started from : C:\Users\Neshaboo\Desktop\RogueKiller.exe
Mode : Delete -- Date : 08/06/2015 21:28:58

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path|VT.Trojan.Win32.AdSuproot.a] compatibilitychecksvc.exe(2432) -- C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe[7] -> Killed [TermProc]
[Suspicious.Path] DismHost.exe(1632) -- C:\Windows\Temp\B9E447E4-EB8C-4232-B584-0EBEA326F025\DismHost.exe[x] -> Killed [TermThr]

¤¤¤ Registry : 14 ¤¤¤
[PUP|VT.Generic_r.RS] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AllDaySavingsService64 (C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Not selected
[PUP|Suspicious.Path|VT.Trojan.Win32.AdSuproot.a] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Verifies and fixes application compatibility issues (C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe) -> Deleted
[PUP|VT.Generic_r.RS] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AllDaySavingsService64 (C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Not selected
[PUP|Suspicious.Path|VT.Trojan.Win32.AdSuproot.a] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Verifies and fixes application compatibility issues (C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe) -> Deleted
[PUP|VT.Generic_r.RS] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AllDaySavingsService64 (C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ProtectMonitor (C:\monitorsvc.exe) -> Not selected
[PUP|Suspicious.Path|VT.Trojan.Win32.AdSuproot.a] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Verifies and fixes application compatibility issues (C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe) -> Deleted
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms} -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms} -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms} -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms} -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
--- User ---
[MBR] d899a7f5473cbe5689f82e1e04583e99
[BSP] b27509906ed6353760ff27ab2267a1ef : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 461641 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 945850368 | Size: 14995 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/6/2015
Scan Time: 9:30 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.06.07
Rootkit Database: v2015.08.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Neshaboo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 417375
Time Elapsed: 45 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 23
PUP.Optional.ModGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [acf37b8a99f2b086db7c0788a45d9a66],
PUP.Optional.ModGoog, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [acf37b8a99f2b086db7c0788a45d9a66],
PUP.Optional.Adpeak.A, HKLM\SOFTWARE\AllDaySavings, Quarantined, [3867ce372b601c1ad92a3a07f310a45c],
PUP.Optional.StormWatch.C, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASAPI32, Quarantined, [b7e8ff068407c37396d414971be9ab55],
PUP.Optional.StormWatch.C, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASMANCS, Quarantined, [544b27defd8e72c4b6b47f2ca95b41bf],
PUP.Optional.Adpeak.A, HKLM\SOFTWARE\WOW6432NODE\AllDaySavings, Quarantined, [ecb3ca3bc7c47bbb798a3e0319eaa15f],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [f4abeb1a2962ce686492871d7a8a55ab],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [f0af15f002893bfbd522782c3cc8d62a],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Quarantined, [d2cd71945a3181b5f5d087176d9737c9],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E1035F55-4C0C-4EFC-9AAE-38F421FCE726}, Quarantined, [455ac04523685dd9ecd9a2fc49bbf50b],
PUP.Optional.DriverUpdate.A, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\DriverUpdate, Quarantined, [c0df7491ef9cc07629bbf0b421e3827e],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [940b996cd6b593a317dedcc88282c838],
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\HQVPlus-3.5V30.09, Quarantined, [0d928f767a113bfb69022b09c2413dc3],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [702fd92c1477b77f7f602776cd3702fe],
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\StormWatchApp, Quarantined, [ccd382834249b6801b93e64d36cd926e],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [871834d1800b6acc55a0b9eb28dce21e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [f9a64db8404bb2844c11107526de867a],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [9906709598f34de9e33620fbb350f010],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{673D04B7-DA91-4A6C-9231-F75EBE815977}, Quarantined, [b1ee17ee8efda88e55eab5eb3cc8dc24],
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\OPTIMIZER PRO, Quarantined, [6a3536cfa7e436008045b4ee3cc86d93],
PUP.Optional.DriverUpdate.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\SLIMWARE UTILITIES INC\DriverUpdate, Quarantined, [abf4c93cf9920e28d111792bdb29b848],
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\SMARTBAR, Quarantined, [9708689d4b40d95dbae0d0bd34d046ba],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-720022467-1087662642-2550357224-501\SOFTWARE\APPDATALOW\SOFTWARE\FromDocToPDF_65, Quarantined, [0897c93c315aa195f8b491ba7d8608f8],

Registry Values: 8
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36b445bf-1b84-466a-a623-a360a8cff8c3}|AppPath, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin, Quarantined, [d2cd71945a3181b5f5d087176d9737c9]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e1035f55-4c0c-4efc-9aae-38f421fce726}|AppPath, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin, Quarantined, [455ac04523685dd9ecd9a2fc49bbf50b]
PUP.Optional.Mindspark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FromDocToPDF AppIntegrator 32-bit, C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator.exe, Quarantined, [9f00c540c5c671c5745a4ee7649f7c84]
PUP.Optional.Mindspark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FromDocToPDF AppIntegrator 64-bit, C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe, Quarantined, [217e679e4744f343824c87ae5aa9f10f]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, auto, Quarantined, [9906709598f34de9e33620fbb350f010]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{673D04B7-DA91-4A6C-9231-F75EBE815977}|AppName, cd4f07ce-597e-4b3d-a34a-324809336540-2.exe-buttonutil.exe, Quarantined, [b1ee17ee8efda88e55eab5eb3cc8dc24]
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\OPTIMIZER PRO|AdsBuyNowURL, http://www.safeshopgate.com/r?s=121001231&g=C8A7BFE2-D55C-14A0-FE36-44A1AF192EED, Quarantined, [6a3536cfa7e436008045b4ee3cc86d93]
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\SMARTBAR|publisher, ShoppingHelper, Quarantined, [9708689d4b40d95dbae0d0bd34d046ba]

Registry Data: 4
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXLQ,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzX...),Replaced,[316e0cf97f0c1125b6b0f947887db050]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzX...),Replaced,[8619a26398f3df570c5c112f9e67d62a]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzX...),Replaced,[504f5ca93f4ca98dda8ea0a05ea74bb5]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzX...),Replaced,[c9d6966f4942ba7c590ef54b976ed32d]

Folders: 34
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\locales, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.SoftwareUpdater, C:\Program Files (x86)\Software Updater, Quarantined, [fda2f70e4e3d21159697523e43c18a76],
PUP.Optional.VisiCoupons.A, C:\Users\Neshaboo\AppData\Local\visi_coupon, Quarantined, [465901047813bd79ab81efa71fe51be5],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\Installers, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\AppCache, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Downloads, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\HookBackups, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Logs, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.MultiPlug.F, C:\ProgramData\293ee2eae6b2ad75, Quarantined, [554a8a7b4843f34314e83c70a361a65a],
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [990636cf1e6d53e391867060f50d916f],
PUP.Optional.Iminent.A, C:\Users\Neshaboo\AppData\Local\Temp\Iminent, Quarantined, [1689b550bdce122476feeff07f8360a0],
PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Local\ArcadeParlor, Quarantined, [a8f700053f4c8da9bbc07e62d230dc24],
PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarantined, [8b140104ed9ecb6b5224a946679b24dc],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [8b140104ed9ecb6b5224a946679b24dc],
PUP.Optional.GlobalUpdate.A, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897, Quarantined, [237c5baa3d4e78be65e4b9391fe3946c],
PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings, Quarantined, [c4dbca3b74175ed8939af201fe0424dc],
PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings\SSL, Quarantined, [c4dbca3b74175ed8939af201fe0424dc],
PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor, Quarantined, [3c63d530602b1a1cc9bb2dd83bc8f709],
PUP.Optional.KlipPal.A, C:\Users\Neshaboo\AppData\Local\Temp\Klip Pal, Quarantined, [faa5d82dd5b68fa7558044c7f310c63a],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [faa59273eba041f51e8363ab2dd647b9],

Files: 105
PUP.Optional.OSProtect.A, C:\Program Files (x86)\Web Protect\MyOSProtect.exe, Quarantined, [d6c9e025d5b6e1553b18fe40e41d4eb2],
PUP.Optional.Loadshop, C:\monitor.exe, Quarantined, [16890afba8e3c472aaf59248e61ba55b],
PUP.Optional.RegCleanPro.C, C:\Windows\System32\roboot64.exe, Quarantined, [5f40c44122690135333b710c47be9b65],
PUP.Optional.APNToolBar.A, C:\Users\Neshaboo\AppData\Local\Temp\SetF8CF.tmp, Quarantined, [1986f1145437e452935d1d89fa074db3],
PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\GoogleCrashHandler.exe, Quarantined, [326dec19c4c712242334721dec15a858],
PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\GoogleUpdate.exe, Quarantined, [acf37b8a99f2b086db7c0788a45d9a66],
PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\GoogleUpdateBroker.exe, Quarantined, [861972934d3ee4527fd8414e5aa7b14f],
PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\GoogleUpdateOnDemand.exe, Quarantined, [980709fc6e1d8caabe99642bfa0748b8],
PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\goopdate.dll, Quarantined, [e4bb2adbe9a292a45afd216e07fa7789],
PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\goopdateres_en.dll, Quarantined, [920d689d5a31b28492c5296610f18977],
PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\npGoogleUpdate4.dll, Quarantined, [2e71966f1e6d4de93324444b9b662ed2],
PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\psmachine.dll, Quarantined, [980735d0d5b68da9c69192fd877a3ec2],
PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\psuser.dll, Quarantined, [8817ea1b89020e28d2858b04c33ec33d],
PUP.Optional.OptimunInstaller, C:\Users\Neshaboo\Downloads\ (1), Quarantined, [356a5da83a510f273d739f99926e24dc],
PUP.Optional.OptimunInstaller, C:\Users\Neshaboo\Downloads\ (2), Quarantined, [6b3463a259322d09e1cf4eeae7190ef2],
PUP.Optional.OptimunInstaller, C:\Users\Neshaboo\Downloads\ (3), Quarantined, [ffa0f41158338da93d7367d111ef01ff],
PUP.Optional.APNToolBar.A, C:\Users\Neshaboo\AppData\Local\Downloaded Installations\{263E1DB9-E7C3-4F3E-AC28-9A519AD52AC8}\The Weather Channel App.msi, Quarantined, [e4bb19ecdfac211538b98620d03131cf],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\bgNova.html, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\1293297481.mxaddon, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\1687b8a8-65d4-4ec7-9bc4-ca3801ea4cfc.crx, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\1687b8a8-65d4-4ec7-9bc4-ca3801ea4cfc.xpi, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\4fe2876b-779f-421f-bbf9-ee87b9400081.crx, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\background.html, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\daa902bf-09bc-4522-a4ac-1de0d25bb86c.crx, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf, Quarantined, [ddc2ba4b018ad5613e152bfd6e950cf4],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\cef.pak, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\icudtl.dat, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\libEGL.dll, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
PUP.Optional.MyOSProtect.A, C:\Windows\Temp\MyOSProtect.log, Quarantined, [cbd4cb3a0b80191d79f058e0a65d3dc3],
PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\MyOSProtect.dll, Delete-on-Reboot, [8c1314f13358a393bd9355e4709328d8],
PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\MyOSProtectOff.ini, Quarantined, [ddc2ad58bbd005310d44aa8fb251b54b],
PUP.Optional.MyOSProtect.A, C:\Windows\SysWOW64\MyOSProtect.ini, Quarantined, [f1ae6c99abe083b371e185b4f50e12ee],
PUP.Optional.QuickStart.A, C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, [0d92fa0b73188caacf85dc5fe32053ad],
PUP.Optional.Iminent.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage, Quarantined, [a3fc4abbbad1a5917df658e3db286898],
PUP.Optional.Iminent.A, C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage, Quarantined, [920dc63f94f782b403703efd2ed5a65a],
PUP.Optional.Iminent.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage, Quarantined, [148b9d6855362b0b9ed6c4777390c937],
PUP.Optional.Iminent.A, C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage, Quarantined, [a5fa62a31d6ebe781f555cdfe0236e92],
PUP.Optional.Iminent.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage, Quarantined, [abf4a65fa7e44fe7150254ee7291a65a],
PUP.Optional.Iminent.A, C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage, Quarantined, [346bc540246737ff74a38fb3ed1612ee],
PUP.Optional.Iminent.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [2f70b451dab1f541536ec8862fd401ff],
PUP.Optional.Iminent.A, C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [8a158f764e3d5ed8b809c985f11207f9],
PUP.Optional.SoftwareUpdater, C:\Program Files (x86)\Software Updater\updater.log, Quarantined, [fda2f70e4e3d21159697523e43c18a76],
PUP.Optional.SoftwareUpdater, C:\Program Files (x86)\Software Updater\unins000.dat, Quarantined, [fda2f70e4e3d21159697523e43c18a76],
PUP.Optional.Vitruvian.A, C:\Users\Neshaboo\AppData\Local\Temp\vitruvian-installer-install-v0001, Quarantined, [247b7e87a4e780b69d457b18f311d42c],
PUP.Optional.Vitruvian.A, C:\Users\Neshaboo\AppData\Local\Temp\vitruvian-installer-processes-v0001, Quarantined, [b4ebb94c3f4c1323ecf682110df7c040],
PUP.Optional.Vitruvian.A, C:\Users\Neshaboo\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0001, Quarantined, [c2dd95701b70989e934ffe9527dd34cc],
PUP.Optional.Vitruvian.A, C:\Users\Neshaboo\AppData\Local\Temp\vitruvian-installer-uninstall-v0001, Quarantined, [3c638b7a692264d2687af2a17d876d93],
PUP.Optional.VisiCoupons.A, C:\Users\Neshaboo\AppData\Local\visi_coupon\merchants.dat2, Quarantined, [465901047813bd79ab81efa71fe51be5],
CryptoWall.Trace, C:\Users\Neshaboo\Desktop\HELP_DECRYPT.PNG, Quarantined, [702f41c4b3d85fd788327c1b9c688b75],
CryptoWall.Trace, C:\Users\Neshaboo\Desktop\HELP_DECRYPT.TXT, Quarantined, [f1aef70ed1ba0b2b2199bfd8be46a35d],
CryptoWall.Trace, C:\Users\Neshaboo\Desktop\HELP_DECRYPT.URL, Quarantined, [97088b7abecd0333803acccbe51f12ee],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect64.dll, Delete-on-Reboot, [19869e67c7c449edea4d0e8a11f3e719],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\libeay32.dll, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\nfapi.dll, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\ProtocolFilters.dll, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\ssleay32.dll, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\ignores.dat, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\HELP_DECRYPT.PNG, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\HELP_DECRYPT.TXT, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\HELP_DECRYPT.URL, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\rupdates.db, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\supdates.db, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2014-10-22 19-44-09 0.log, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2014-10-22 19-44-56 0.log, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\HELP_DECRYPT.PNG, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\HELP_DECRYPT.TXT, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\HELP_DECRYPT.URL, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\Installers\SD-130584950574575733.log, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\cookiefilter.db, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\HELP_DECRYPT.PNG, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\HELP_DECRYPT.TXT, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\HELP_DECRYPT.URL, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\settings, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Cookies, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Cookies-journal, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\data_0, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\data_1, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\data_2, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\data_3, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\index, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage-journal, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Logs\2014-10-23 00;05;20,794.log, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Logs\2014-10-23 00;05;20.log, Quarantined, [118eb5502467e452cd1203a1de261ee2],
PUP.Optional.MultiPlug.F, C:\ProgramData\293ee2eae6b2ad75\{A2616871-3463-BCEE-5AFA-73773317A381}.20140929230952, Quarantined, [554a8a7b4843f34314e83c70a361a65a],
PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\icon.png, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\install.rdf, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content\browser.xul, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin\style.css, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
PUP.Optional.GlobalUpdate.A, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\GoogleUpdateHelper.msi, Quarantined, [237c5baa3d4e78be65e4b9391fe3946c],
PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor\Play ArcadeParlor Online.url, Quarantined, [3c63d530602b1a1cc9bb2dd83bc8f709],

Physical Sectors: 0
(No malicious items detected)


(end)
 
# AdwCleaner v4.208 - Logfile created 08/08/2015 at 12:37:29
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Neshaboo - NESHABOO-HP
# Running from : C:\Users\Neshaboo\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : netfilter64
[#] Service Deleted : swdumon

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Performance Optimizer
Folder Deleted : C:\ProgramData\slimware utilities inc
Folder Deleted : C:\ProgramData\SuavingttOYou
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Web Protect
Folder Deleted : C:\Program Files (x86)\Super Optimizer
Folder Deleted : C:\Program Files (x86)\driverupdate
Folder Deleted : C:\Program Files (x86)\SuavingttOYou
Folder Deleted : C:\Program Files (x86)\VideoBuzz
Folder Deleted : C:\Users\Neshaboo\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Neshaboo\AppData\Local\Temp\apn
Folder Deleted : C:\Program Files\slimcleaner plus
Folder Deleted : C:\Users\Neshaboo\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Neshaboo\AppData\Local\iac
Folder Deleted : C:\Users\Neshaboo\AppData\LocalLow\iac
Folder Deleted : C:\Users\Neshaboo\AppData\LocalLow\visi_coupon
Folder Deleted : C:\Users\Neshaboo\AppData\LocalLow\YahooCouponAddOn
Folder Deleted : C:\Users\Neshaboo\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Neshaboo\AppData\Roaming\VideoBuzz
File Deleted : C:\HELP_DECRYPT.PNG
File Deleted : C:\HELP_DECRYPT.TXT
File Deleted : C:\HELP_DECRYPT.URL
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Documents\HELP_DECRYPT.PNG
File Deleted : C:\Users\Public\Documents\HELP_DECRYPT.TXT
File Deleted : C:\Users\Public\Documents\HELP_DECRYPT.URL
File Deleted : C:\Windows\System32\drivers\swdumon.sys
File Deleted : C:\Users\Guest\HELP_DECRYPT.PNG
File Deleted : C:\Users\Guest\HELP_DECRYPT.TXT
File Deleted : C:\Users\Guest\HELP_DECRYPT.URL
File Deleted : C:\Users\Guest\AppData\Local\HELP_DECRYPT.PNG
File Deleted : C:\Users\Guest\AppData\Local\HELP_DECRYPT.TXT
File Deleted : C:\Users\Guest\AppData\Local\HELP_DECRYPT.URL
File Deleted : C:\Users\Guest\AppData\LocalLow\HELP_DECRYPT.PNG
File Deleted : C:\Users\Guest\AppData\LocalLow\HELP_DECRYPT.TXT
File Deleted : C:\Users\Guest\AppData\LocalLow\HELP_DECRYPT.URL
File Deleted : C:\Users\Guest\AppData\Roaming\HELP_DECRYPT.PNG
File Deleted : C:\Users\Guest\AppData\Roaming\HELP_DECRYPT.TXT
File Deleted : C:\Users\Guest\AppData\Roaming\HELP_DECRYPT.URL
File Deleted : C:\Users\Guest\Documents\HELP_DECRYPT.PNG
File Deleted : C:\Users\Guest\Documents\HELP_DECRYPT.TXT
File Deleted : C:\Users\Guest\Documents\HELP_DECRYPT.URL
File Deleted : C:\Users\Neshaboo\HELP_DECRYPT.PNG
File Deleted : C:\Users\Neshaboo\HELP_DECRYPT.TXT
File Deleted : C:\Users\Neshaboo\HELP_DECRYPT.URL
File Deleted : C:\Users\Neshaboo\AppData\LocalLow\HELP_DECRYPT.PNG
File Deleted : C:\Users\Neshaboo\AppData\LocalLow\HELP_DECRYPT.TXT
File Deleted : C:\Users\Neshaboo\AppData\LocalLow\HELP_DECRYPT.URL
File Deleted : C:\Users\Neshaboo\Documents\HELP_DECRYPT.PNG
File Deleted : C:\Users\Neshaboo\Documents\HELP_DECRYPT.TXT
File Deleted : C:\Users\Neshaboo\Documents\HELP_DECRYPT.URL

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\apnwidgets.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\WebProtect
Key Deleted : HKCU\Software\UpdateFiles
Key Deleted : HKCU\Software\SlimWare Utilities Inc
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\WebProtect
Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\007go.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\26650.click.007go.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adbabylon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\click.007go.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safefinder.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.safefinder.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.snapdo.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\snapdo.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.driverupdate.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.reimageplus.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.trovi.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Google Chrome v44.0.2403.130

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M5CC554CF-7DB1-4D01-BEA3-36395C1D2258&SearchSource=55&CUI=&UM=6&UP=SPD36F09A5-D122-4037-9773-A3B1E0B9446E&SSPV=NewSP218B_sp_ch
[C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 7EC7BDC3FE3189380E34A1F77128C05A18FF6FC019AC8C107C4F07B8C82181BA"},"software_reporter":{"prompt_reason":"AC844712A2A4A6DAF9822EA39757EB9A41CCAC86D4E45E71BA7B387D848C6C8B","prompt_seed":"BAE1E94C930B0A813850EDC2F6A4ACCE877CB9510D3B84CBE1ED5FF4624CC969","prompt_version":"9B21ED82A97ED513C4B8D5E2D31793D75BEE3AE0138EBC0B9757ADE289DADD94"},"sync":{"remaining_rollback_tries":"254A3397CB49B936A78771AD04FD0D58C68D54A9DE1574EF269E0ABC68F6439D"}},"super_mac":"0A6AC91B2030D99B3F8B3D561D4A90D97E1255C4F166C63E3CF0455C74B1C039"},"session":{"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M5CC554CF-7DB1-4D01-BEA3-36395C1D2258&SearchSource=55&CUI=&UM=6&UP=SPD36F09A5-D122-4037-9773-A3B1E0B9446E&SSPV=NewSP218B_sp_ch

*************************

AdwCleaner[R0].txt - [14933 bytes] - [08/08/2015 12:35:29]
AdwCleaner[S0].txt - [14297 bytes] - [08/08/2015 12:37:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14357 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Home Premium x64
Ran by Neshaboo on Sat 08/08/2015 at 19:38:46.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\SlimCleaner Plus (Scheduled Scan - Neshaboo)
Successfully deleted: [Task] C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Neshaboo).job



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\slimcleaner plus
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\SysWOW64\sho6321.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{15296B59-862B-43D4-B865-56D525C9DB91}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{29CC966B-9178-425E-8364-E0CF5082F4BF}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{368EAA7F-EAD8-4641-998E-F14279F78798}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{3BB452C9-D6A1-45A4-818A-483C95EF8976}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{3D80A55A-CEA0-4545-A174-1A624ED146A2}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{41F3A1F2-3329-406C-8ED7-2389EB041DB7}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{462F833D-9B1C-4118-881C-88C0276AC055}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{4A168880-BC00-43CF-A59C-E00B84F56419}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{581970CC-68FD-442B-B74C-D9A5CAD7A6AF}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{80374CF5-F8EE-4607-BAAC-8B706A0A7CBC}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{889B37F7-FDD4-4D56-B602-FECFD72430BA}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{9BAD7920-83FD-4D64-BDB8-6665CE428D16}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{9F114602-EAD8-405D-AE5A-1FC044D1FE3B}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{A11B144C-F7F1-4CA0-A76D-E9B3D5C06A9A}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{D7911230-46E5-4A79-B45C-51E78B4029EC}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{D799EE62-29D8-4332-8291-FD2875516D12}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{DA3FB2EB-501D-4B92-B74C-005E682D1ABA}
Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{F9A4FAD4-174D-4740-A50B-A916179B361E}
Successfully deleted: [Folder] C:\Program Files\005
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Neshaboo\Appdata\Local\downloaded installers
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin



~~~ Chrome


[C:\Users\Neshaboo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Neshaboo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Neshaboo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Neshaboo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/08/2015 at 19:42:44.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
So no matter what I do, I am getting the message "incompatible OS" wheneveri try to run combofix :(. Is that normal?
 
Hmmm... it shouldn't be happening.
In any case...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by Neshaboo (administrator) on NESHABOO-HP (11-08-2015 07:44:43)
Running from C:\Users\Neshaboo\Desktop
Loaded Profiles: Neshaboo & (Available Profiles: Neshaboo & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-06-10] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-06-10] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-720022467-1087662642-2550357224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\S-1-5-21-720022467-1087662642-2550357224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
HKU\S-1-5-21-720022467-1087662642-2550357224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-18\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-02-20]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-02-20]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-05-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {762BF16C-D3AA-4FFD-843B-EA6633F99B61} URL = http://websearch.ask.com/redirect?c...pn_sauid=D59ECCFE-7C17-4A34-8BA4-B77722EE0ABD
SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-08-04] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-04] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-08-04] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/Web...n&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{24A37B02-85F7-46A1-B9B5-AC8490AD0C15}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll [2013-11-23] ()

Chrome:
=======
CHR Profile: C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-12-06] (CyberLink)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-17] (WildTangent)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2013-11-27] (Belcarra Technologies) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-06] ()
R2 X5XSEx_Pr135; C:\Program Files (x86)\Verizon Games Player\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 07:44 - 2015-08-11 07:44 - 00000000 ____D C:\Users\Neshaboo\Desktop\FRST-OlderVersion
2015-08-09 22:56 - 2015-08-09 22:57 - 05634368 ____R (Swearware) C:\Users\Neshaboo\Desktop\ComboFix.exe
2015-08-09 22:49 - 2015-08-09 22:55 - 00001444 _____ C:\Users\Neshaboo\Desktop\Rkill.txt
2015-08-09 22:43 - 2015-08-09 22:43 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Neshaboo\Desktop\rkill.exe
2015-08-09 22:41 - 2015-08-09 22:58 - 00000000 ___SD C:\32788R22FWJFW
2015-08-09 22:41 - 2015-08-09 22:41 - 00000000 ____D C:\Windows\erdnt
2015-08-08 19:42 - 2015-08-08 19:42 - 00004005 _____ C:\Users\Neshaboo\Desktop\JRT.txt
2015-08-08 12:49 - 2015-08-09 22:59 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForNeshaboo.job
2015-08-08 12:49 - 2015-08-08 12:49 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNeshaboo
2015-08-08 12:35 - 2015-08-08 12:37 - 00000000 ____D C:\AdwCleaner
2015-08-08 12:34 - 2015-08-08 12:34 - 00030977 _____ C:\Users\Neshaboo\Desktop\malware.txt
2015-08-08 12:12 - 2015-08-08 12:12 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\GWX
2015-08-06 22:41 - 2015-08-07 09:41 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-06 22:41 - 2015-08-06 22:41 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-08-06 22:37 - 2015-08-08 12:38 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-08-06 22:37 - 2015-08-06 22:37 - 00001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-08-06 22:37 - 2015-08-06 22:37 - 00000991 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-08-06 22:37 - 2015-08-06 22:37 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\TeamViewer
2015-08-06 21:45 - 2015-08-06 21:46 - 08096648 _____ (TeamViewer GmbH) C:\Users\Neshaboo\Downloads\TeamViewer_Setup_en.exe
2015-08-06 21:29 - 2015-08-06 21:29 - 00010280 _____ C:\Users\Neshaboo\Desktop\RKreport.txt
2015-08-06 21:25 - 2015-08-10 06:09 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-06 21:25 - 2015-08-06 21:25 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-06 21:25 - 2015-08-06 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-06 21:24 - 2015-08-06 21:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-06 21:24 - 2015-08-06 21:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-06 21:24 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-06 21:24 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-06 21:24 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-06 21:17 - 2015-08-06 21:31 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-06 21:17 - 2015-08-06 21:17 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-06 21:16 - 2015-08-06 21:16 - 18718280 _____ C:\Users\Neshaboo\Desktop\RogueKiller.exe
2015-08-06 21:16 - 2015-08-06 21:16 - 02248704 _____ C:\Users\Neshaboo\Desktop\adwcleaner_4.208.exe
2015-08-06 21:16 - 2015-08-06 21:16 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Neshaboo\Desktop\JRT.exe
2015-08-04 15:39 - 2015-07-25 14:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-04 15:39 - 2015-07-25 14:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-04 15:39 - 2015-07-25 14:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-04 15:39 - 2015-07-25 14:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-04 15:39 - 2015-07-25 14:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-04 15:39 - 2015-07-25 14:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-04 15:39 - 2015-07-25 14:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-04 15:39 - 2015-07-25 13:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-04 10:53 - 2015-08-04 11:06 - 00047877 _____ C:\Users\Neshaboo\Desktop\Addition.txt
2015-08-04 10:50 - 2015-08-11 07:44 - 00022735 _____ C:\Users\Neshaboo\Desktop\FRST.txt
2015-08-04 10:50 - 2015-08-11 07:44 - 00000000 ____D C:\FRST
2015-08-04 10:43 - 2015-08-04 10:43 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-04 10:42 - 2015-08-04 10:42 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-04 10:42 - 2015-08-04 10:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-04 10:42 - 2015-08-04 10:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-04 10:38 - 2015-08-04 10:38 - 14243008 _____ (Microsoft Corporation) C:\Users\Neshaboo\Downloads\mseinstall64.exe
2015-08-04 10:37 - 2015-08-11 07:44 - 02171392 _____ (Farbar) C:\Users\Neshaboo\Desktop\FRST64.exe
2015-08-04 10:35 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-04 10:35 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-04 10:35 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-04 10:35 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-04 10:35 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-04 10:35 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-04 10:35 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-04 10:35 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-04 10:35 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-04 10:35 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-04 10:29 - 2015-08-04 10:30 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Neshaboo\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-15 20:13 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 20:13 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 19:44 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 19:44 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 19:44 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-15 19:44 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 19:44 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 19:44 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-15 19:43 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-15 19:43 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-15 19:43 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-15 19:43 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-15 19:43 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-07-15 19:43 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-07-15 19:43 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-07-15 19:43 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-07-15 19:43 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-07-15 19:42 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 19:42 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 19:42 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 19:42 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 19:42 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 19:42 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 19:42 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 19:42 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 19:42 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 19:42 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-15 19:42 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-07-15 19:42 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-07-15 19:42 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 19:42 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-15 19:42 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-07-15 19:42 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-07-15 19:42 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-15 19:42 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-15 19:42 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-07-15 19:42 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-15 19:42 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-07-15 19:42 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-07-15 19:42 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-07-15 19:42 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-07-15 19:42 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-07-15 19:42 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-07-15 19:42 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-07-15 19:42 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-07-15 19:42 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-07-15 19:42 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-07-15 19:42 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-15 19:42 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-15 19:42 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-15 19:42 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-07-15 19:42 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-07-15 19:42 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-15 19:42 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-15 19:42 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-15 19:42 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-15 19:42 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-07-15 19:41 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 19:41 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 19:41 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 19:41 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 19:41 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 19:41 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 19:41 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 19:41 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 19:41 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 19:41 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 19:41 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 19:41 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 19:41 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 19:41 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 19:41 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 19:41 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 19:41 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 19:41 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 19:41 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 19:41 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 19:41 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 19:41 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 19:41 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 19:41 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 19:41 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 19:41 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 19:41 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 19:41 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 19:41 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 19:41 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 19:41 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 19:41 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 19:41 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 19:41 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 19:41 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 19:41 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 19:41 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 19:41 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 19:41 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 19:41 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 19:41 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 19:41 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 19:41 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 19:41 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 19:41 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 19:41 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 19:41 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 19:41 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 19:41 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 19:41 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 19:41 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 19:41 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 19:41 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 19:41 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 19:41 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 19:41 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 19:41 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 19:41 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 19:41 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 19:41 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 19:41 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 19:41 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 19:41 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 19:41 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-07-15 19:41 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-07-15 19:41 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-07-15 19:41 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-07-15 19:40 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 19:40 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 19:40 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 19:40 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 19:40 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 19:40 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 19:40 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 19:40 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 19:40 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 19:40 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 19:40 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-15 19:40 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-15 19:39 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 19:39 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 19:39 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 19:39 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 19:39 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 19:39 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 19:39 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 19:39 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 19:39 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 19:39 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 19:39 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 19:39 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 19:39 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 19:39 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 19:39 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 19:39 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 19:39 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 19:39 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 19:39 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 19:39 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 19:39 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 19:39 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 19:39 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 19:39 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 19:39 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 19:39 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 19:39 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 19:39 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 19:39 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 19:39 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 19:39 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 19:39 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 19:39 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 19:39 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-15 19:39 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-07-15 19:39 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-07-15 19:39 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-07-15 19:38 - 2015-06-03 16:17 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-07-15 19:38 - 2015-06-03 16:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-15 19:38 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-15 19:38 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-07-15 19:38 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-07-15 19:38 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-07-15 19:37 - 2015-07-15 19:37 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-15 19:37 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 19:37 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-07-15 19:37 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-15 19:37 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-07-15 19:37 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-07-15 19:37 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-15 19:37 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-15 19:21 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-15 19:21 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-15 19:21 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-07-15 19:15 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-15 19:15 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-07-15 19:01 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-07-15 19:01 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-07-15 19:01 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-07-15 19:01 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-07-15 19:00 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-07-15 19:00 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-07-15 19:00 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-07-15 19:00 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-07-15 19:00 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-07-15 19:00 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-07-15 19:00 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-07-15 19:00 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-07-15 19:00 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-07-15 19:00 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-07-15 19:00 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-07-15 19:00 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-07-15 19:00 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-07-15 19:00 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-07-15 18:59 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-07-15 18:59 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-07-15 18:59 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-07-15 18:59 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-07-15 18:59 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-07-15 18:59 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-07-15 18:59 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-07-15 18:59 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-07-15 18:59 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-07-15 18:59 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-07-15 18:59 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-07-15 18:59 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-07-15 18:59 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-07-15 18:58 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-07-15 18:58 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-07-15 18:51 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-15 18:51 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-15 18:39 - 2015-07-15 18:39 - 00000000 ____D C:\Program Files (x86)\GUM25DC.tmp
2015-07-15 18:39 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-15 18:39 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-07-15 18:39 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-07-15 18:39 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
 
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 07:44 - 2014-01-26 14:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-11 07:43 - 2014-01-26 14:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-11 07:43 - 2012-11-14 15:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-10 07:12 - 2011-02-20 05:38 - 01273204 _____ C:\Windows\WindowsUpdate.log
2015-08-10 06:46 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-10 06:46 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-09 22:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 22:59 - 2009-07-14 00:51 - 00074242 _____ C:\Windows\setupact.log
2015-08-09 19:51 - 2012-03-09 09:27 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{56CD31B4-BB90-4A70-A0F1-FA3D0FBFD449}
2015-08-08 12:37 - 2014-09-30 09:19 - 00001060 _____ C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-08-08 12:37 - 2012-11-05 23:54 - 00000000 ____D C:\Users\Guest
2015-08-08 12:37 - 2011-04-28 00:52 - 00000000 ____D C:\Users\Neshaboo
2015-08-08 12:10 - 2011-04-28 00:59 - 00113496 _____ C:\Users\Neshaboo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-08 12:10 - 2011-02-20 05:43 - 00326776 _____ C:\Windows\PFRO.log
2015-08-07 20:51 - 2009-09-06 21:57 - 00000000 ____D C:\Windows\Panther
2015-08-07 20:46 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-06 22:45 - 2009-07-14 00:45 - 00443360 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-06 22:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-06 22:41 - 2014-05-07 15:43 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-06 21:58 - 2014-01-26 14:30 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\Google
2015-08-06 21:58 - 2013-03-09 23:04 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\HP
2015-08-06 21:58 - 2011-05-26 04:50 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\Microsoft Games
2015-08-06 21:58 - 2011-04-28 00:53 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\Hewlett-Packard
2015-08-06 21:57 - 2014-04-30 19:04 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2015-08-06 21:57 - 2013-05-16 12:34 - 00000000 ____D C:\Users\Guest\AppData\Local\Microsoft Games
2015-08-06 21:38 - 2014-09-30 22:16 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Blio
2015-08-06 21:38 - 2012-09-07 01:13 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\ooVoo Details
2015-08-06 21:38 - 2012-09-07 01:00 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Skype
2015-08-06 21:38 - 2012-06-28 00:00 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Funlinker
2015-08-06 21:38 - 2012-01-13 19:05 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Casual Arts
2015-08-06 21:38 - 2011-05-24 21:24 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\PlayFirst
2015-08-06 21:38 - 2011-05-10 03:17 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\iWing
2015-08-06 21:38 - 2011-04-28 01:37 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Adobe
2015-08-06 21:37 - 2012-11-06 11:40 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype
2015-08-06 21:35 - 2012-11-06 11:28 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2015-08-06 21:35 - 2011-01-09 05:52 - 00000000 ____D C:\ProgramData\Macrovision
2015-08-06 21:34 - 2013-12-27 19:43 - 00000000 ____D C:\ProgramData\Leapfrog
2015-08-06 21:34 - 2013-03-09 23:21 - 00000000 ____D C:\ProgramData\HP
2015-08-06 21:34 - 2011-04-29 23:04 - 00000000 ____D C:\ProgramData\GoBit Games
2015-08-06 21:34 - 2011-01-09 06:00 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-08-06 21:33 - 2011-07-26 09:09 - 00000000 ____D C:\ProgramData\mpbptm
2015-08-06 21:33 - 2011-07-25 20:42 - 00000000 ____D C:\ProgramData\McAfee
2015-08-06 21:33 - 2011-01-09 05:53 - 00000000 ____D C:\ProgramData\Sonic
2015-08-06 21:32 - 2014-09-18 23:47 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-08-06 21:32 - 2014-01-17 02:59 - 00000000 ____D C:\ProgramData\BlueStacks
2015-08-06 21:16 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-06 21:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2015-08-04 16:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-08-04 15:53 - 2014-01-26 14:31 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-04 11:20 - 2014-06-22 00:14 - 00000000 ____D C:\Users\Neshaboo\Desktop\baby shower games
2015-08-04 11:20 - 2014-04-03 14:39 - 00000000 ____D C:\Users\Neshaboo\Desktop\CAR PAYMENTS
2015-08-04 11:19 - 2013-10-12 22:40 - 00000000 ____D C:\Users\Neshaboo\Desktop\South university Graduate Work
2015-08-04 11:19 - 2013-08-13 13:09 - 00000000 ____D C:\Users\Neshaboo\Desktop\myliyah school payments
2015-08-04 11:19 - 2013-01-13 00:07 - 00000000 ____D C:\Users\Neshaboo\Documents\ASHLEY
2015-08-04 11:06 - 2014-12-18 00:34 - 00000000 ____D C:\Users\Neshaboo\Documents\MARY
2015-08-04 11:06 - 2014-11-17 02:21 - 00000000 ____D C:\Users\Neshaboo\Documents\ELINIDA
2015-08-04 11:06 - 2014-10-04 15:59 - 00000000 ____D C:\Users\Neshaboo\Documents\JAYDEN
2015-08-04 11:06 - 2013-06-28 17:46 - 00000000 ____D C:\Users\Neshaboo\Documents\Malik
2015-08-04 11:06 - 2013-01-07 00:26 - 00000000 ____D C:\Users\Neshaboo\Documents\KATHLEEN
2015-08-04 11:06 - 2012-06-02 03:47 - 00000000 ____D C:\Users\Neshaboo\Documents\KEYPRO DOCS
2015-08-04 11:06 - 2011-10-15 21:31 - 00000000 ____D C:\Users\Neshaboo\Documents\CyberLink
2015-08-04 11:06 - 2011-09-25 13:48 - 00000000 ____D C:\Users\Neshaboo\Documents\JAMIE
2015-08-04 11:06 - 2011-08-02 12:25 - 00000000 ____D C:\Users\Neshaboo\Documents\JASMYNE
2015-08-04 11:06 - 2011-07-03 03:25 - 00000000 ____D C:\Users\Neshaboo\Documents\JOSHUA
2015-08-04 11:06 - 2011-06-09 20:26 - 00000000 ____D C:\Users\Neshaboo\Documents\GREG
2015-08-04 11:06 - 2011-05-12 23:58 - 00000000 ____D C:\Users\Neshaboo\Documents\LISA
2015-08-04 11:06 - 2011-05-12 23:58 - 00000000 ____D C:\Users\Neshaboo\Documents\JUSTINA
2015-08-04 11:06 - 2011-05-12 23:57 - 00000000 ____D C:\Users\Neshaboo\Documents\JASMINE
2015-08-04 11:06 - 2011-05-12 23:57 - 00000000 ____D C:\Users\Neshaboo\Documents\ELLEN
2015-08-04 11:06 - 2011-05-12 23:57 - 00000000 ____D C:\Users\Neshaboo\Documents\DAUNECIA
2015-08-04 11:06 - 2011-05-12 23:56 - 00000000 ____D C:\Users\Neshaboo\Documents\GLORIA
2015-08-04 11:05 - 2014-01-03 00:52 - 00000000 ____D C:\Users\Neshaboo\Documents\NIA
2015-08-04 11:05 - 2013-11-03 13:33 - 00000000 ____D C:\Users\Neshaboo\Documents\NCG group work
2015-08-04 11:05 - 2013-03-18 00:44 - 00000000 ____D C:\Users\Neshaboo\Documents\RANI
2015-08-04 11:05 - 2012-11-11 12:51 - 00000000 ____D C:\Users\Neshaboo\Documents\SHARNEATHE
2015-08-04 11:05 - 2012-09-23 15:54 - 00000000 ____D C:\Users\Neshaboo\Documents\STEPHANIE
2015-08-04 11:05 - 2012-08-11 15:28 - 00000000 ____D C:\Users\Neshaboo\Documents\NICOLE
2015-08-04 11:05 - 2012-05-23 20:16 - 00000000 ____D C:\Users\Neshaboo\Documents\SHAWNTANESE
2015-08-04 11:05 - 2012-04-07 00:14 - 00000000 ____D C:\Users\Neshaboo\Documents\Youcam
2015-08-04 11:05 - 2012-03-21 22:12 - 00000000 ____D C:\Users\Neshaboo\Documents\SHANTA
2015-08-04 11:05 - 2012-03-05 01:12 - 00000000 ____D C:\Users\Neshaboo\Documents\NESHA
2015-08-04 11:05 - 2011-12-20 01:53 - 00000000 ____D C:\Users\Neshaboo\Documents\xmas
2015-08-04 11:05 - 2011-06-17 09:50 - 00000000 ____D C:\Users\Neshaboo\Documents\online bills
2015-08-04 11:05 - 2011-05-12 23:58 - 00000000 ____D C:\Users\Neshaboo\Documents\SHAUNICA
2015-08-04 11:05 - 2011-05-08 04:18 - 00000000 ____D C:\Users\Neshaboo\Documents\projected hrs NCG
2015-08-04 10:54 - 2014-03-11 15:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-01 10:19 - 2014-11-13 04:09 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieBrowserModeList
2015-08-01 10:19 - 2014-04-14 21:59 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieUserList
2015-08-01 10:19 - 2014-04-14 21:59 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieSiteList
2015-08-01 10:19 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-08-01 10:04 - 2014-12-14 04:15 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-01 10:03 - 2014-01-26 14:31 - 00000000 ____D C:\Program Files\Google
2015-08-01 10:03 - 2014-01-26 14:30 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-15 20:28 - 2011-04-28 18:49 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-15 20:12 - 2013-03-16 03:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-15 20:11 - 2013-03-16 03:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-15 20:11 - 2013-03-16 03:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-15 20:10 - 2013-07-17 23:16 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 19:37 - 2012-11-14 15:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 19:37 - 2012-11-14 15:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 19:37 - 2011-08-07 12:36 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 19:03 - 2011-01-09 05:55 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-07-15 18:45 - 2014-01-26 14:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 18:45 - 2014-01-26 14:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some files in TEMP:
====================
C:\Users\Neshaboo\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Neshaboo\AppData\Local\Temp\Quarantine.exe
C:\Users\Neshaboo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-04 16:35

==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by Neshaboo (2015-08-11 21:15:39)
Running from C:\Users\Neshaboo\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-720022467-1087662642-2550357224-500 - Administrator - Disabled)
Guest (S-1-5-21-720022467-1087662642-2550357224-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-720022467-1087662642-2550357224-1002 - Limited - Enabled)
Neshaboo (S-1-5-21-720022467-1087662642-2550357224-1000 - Administrator - Enabled) => C:\Users\Neshaboo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Burger Shop 2™ (HKLM-x32\...\exent_645450) (Version: - )
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cases of Stolen Beauty (x32 Version: 2.2.0.110 - WildTangent) Hidden
Christmas Wonderland (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3525 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4814 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3609 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Department 42: The Mystery of the Nine (x32 Version: 2.2.0.110 - WildTangent) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Family Vacation: California (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version: - Zecter Inc.)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{0C107330-16DF-4D39-AA74-0E5448AED9E8}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I SPY Treasure Hunt (x32 Version: 2.2.0.97 - WildTangent) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Inbetween Land (x32 Version: 3.0.2.51 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3429 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3429 - CyberLink Corp.) Hidden
LeapFrog LeapReader Plugin (x32 Version: 5.2.4.18512 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nancy Drew: Secrets Can Kill Remastered (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.35 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4725 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4725 - CyberLink Corp.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Snark Busters 3: High Society (x32 Version: 2.2.0.110 - WildTangent) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45471 - TeamViewer)
The Fog (x32 Version: 3.0.2.59 - WildTangent) Hidden
The Lost Cases of Sherlock Holmes 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version: - LeapFrog)
Verizon Games Player (HKLM-x32\...\{A7DDBA41-E56C-4654-9AB2-C8187E3F2C27}) (Version: - )
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
WebIQ Technology Engine (HKLM-x32\...\{31F039C7-DF16-4FCC-85AE-68E68352D2B2}) (Version: 1.7.1114 - Usability Sciences Corporation)
Weird Park: Broken Tune (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

04-08-2015 10:23:35 Windows Update
04-08-2015 17:51:56 Software Removal Tool
06-08-2015 22:40:31 Windows Update
08-08-2015 19:38:50 JRT Pre-Junkware Removal
10-08-2015 06:43:35 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-08-06 00:51 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15217754-BF21-497A-AF48-25CCC4EBD9B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {153B3946-3819-4C13-9075-6DA98BF9EF92} - System32\Tasks\{3B14636D-5FDA-48FF-8FB3-E97C22CB0F7E} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {171F9109-F9DA-42BA-A15C-E8A2468D8CCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {44012427-6770-48F9-B81C-77E1BBC077F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {578D75BC-05E9-4212-A0A1-3AB5F3139BD1} - System32\Tasks\HP AR Program Upload - baf9a344280e45d08081662302573919bc7c06020fab43629b1abf48c628606d => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {6666C4D7-04E6-4262-B536-492F7CA75125} - System32\Tasks\HP AR Program Upload - e7686d6754a54044ac830d08a6c86ab8a8594926fded4dfca8f7303591da2bf7 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {73D1BF56-F620-4D74-AD38-10B94C9CD917} - System32\Tasks\HP AR Program Upload - 7e18934b81cb4b93b008770d06d1629824b5c61632e24ae6aeba3948b76d49f8 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {77A744A8-7F99-42DD-918E-904ACDEC2F02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {7C864BDD-2135-4A59-AB67-55DFA5BE0126} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7D6F2967-4CC1-42C1-96AF-4DFCB24F8812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {8845D76B-BCF3-4C82-AFC8-4D1A6C28C9F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8A356F31-450B-4646-AD62-91D06892EFF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8D97317C-AE08-49D8-B23A-6B930C2E0A57} - System32\Tasks\HP AR Program Upload - 7e6a3e70bd4242cda7017a70eed11a1a1a66478c86134afe952181005e18c563 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {944FF85D-A193-4195-88FE-49BF80A6B762} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {A6FC653D-E61B-4AAE-A0B9-FC5BB471AAB4} - System32\Tasks\HP AR Program Upload - 1ac898481ec845ddb78da7e6335898d398451f13e90b4f64b1ffed57ad5eadfe => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {AD258926-8628-4527-B524-B07D50B7A72F} - System32\Tasks\HPCeeScheduleForNeshaboo => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B23102A2-E0E8-4074-A78B-8377CC64D47F} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B28CFF47-1E15-4022-9A47-1406169E9ADF} - System32\Tasks\{E7B58D99-4F3C-49AA-BB2E-135811BE89F0} => pcalua.exe -a "C:\Program Files (x86)\Verizon Games Player\Uninstall.exe"
Task: {B55D2396-49EA-4EAD-B40E-ECCEF88D8BFB} - System32\Tasks\{D4B7C16E-2B81-4288-8611-82DB39965C64} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {D2D33CF4-ED3E-481F-B6B7-49ECE8D58817} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-12-11] (CyberLink)
Task: {DE73B2F0-FB23-46FD-B26D-1F378267A77F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EA1CC361-C3E0-473C-BF23-6699CBC219F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
Task: {ED260611-6F26-45D2-9C05-F3B3733B2152} - System32\Tasks\{ED962435-FD06-416F-9C70-1159E0F3E9C0} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {F65997B1-6EC4-4998-828B-F03FA3BC900C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-08-04] (Microsoft Corporation)
Task: {F8F3DE14-AD82-4C94-9472-F15F701D1C51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForNeshaboo.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-11 15:18 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-07-21 18:33 - 2010-07-21 18:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-11-19 00:12 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-29 23:39 - 2010-07-29 23:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-12-08 14:55 - 2010-12-08 14:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-07-21 18:33 - 2010-07-21 18:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 18:33 - 2010-07-21 18:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-10-22 19:33 - 2014-10-22 19:33 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-02-20 05:35 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-11-22 18:00 - 2010-11-22 18:00 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-11-22 18:00 - 2010-11-22 18:00 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-11-22 18:00 - 2010-11-22 18:00 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-11-19 00:10 - 2014-11-19 00:10 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-08-04 15:52 - 2015-07-31 02:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-04 15:52 - 2015-07-31 02:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
2015-08-04 15:52 - 2015-07-31 02:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D6D334A1-795D-4D28-9E95-5BB4AB6A9FDB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{DD0BB6D1-83CC-4CFF-AEDB-D7827BC946B1}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{8E526251-143C-4534-89BC-4CAD045FA589}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{7F45E489-EEBA-4E82-9A82-2EBEA63E61EE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{96B0D824-04F5-47B1-9DC8-F1CFA71E0461}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C86EBE37-B6DF-4FE5-9223-D6B476A23436}] => (Allow) LPort=2869
FirewallRules: [{5AF2DF68-743D-43B3-87AE-6814D15DCA52}] => (Allow) LPort=1900
FirewallRules: [{7C9C6D48-825D-423A-B138-34DA1695DB97}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9FB0E4CB-CAFC-4354-ACBE-8D386E075A97}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{29EDA64A-5A0B-4AB3-B01B-3897977B7BA2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{EF959CFD-3727-480E-9ED3-93C5CC0F4107}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
FirewallRules: [{2D26D779-C688-4FC8-8DC1-CECD444AD4F2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [TCP Query User{89A3BEEA-7323-4B0C-B086-61590CE8E2E9}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{B4BD1E27-AC5D-47F3-9245-6EAC6CA5D4E8}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{E4E4E7F1-4496-481B-B430-584953D470AF}] => (Allow) LPort=443
FirewallRules: [{216AA462-61AD-4421-AE98-2E6B0B192C50}] => (Allow) LPort=443
FirewallRules: [{39FE1071-A14E-4E22-8584-25712ED26017}] => (Allow) LPort=37674
FirewallRules: [{8F189678-5155-489B-B4AB-258315C094E3}] => (Allow) LPort=37674
FirewallRules: [{45349DEB-7CDF-4BC5-BDE9-A3E62220FFF6}] => (Allow) LPort=37675
FirewallRules: [TCP Query User{139DFFBC-1CC8-4513-B65D-FA5A0C6D8B12}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{E44FBF13-9DCD-445D-A5FE-C6E07FA2B4BF}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{8DDEE566-636C-4E66-B0A5-74C18C86FBDA}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
FirewallRules: [{3C9A2EB5-0699-47C2-ADEA-D6EF8EC13C3C}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
FirewallRules: [TCP Query User{E5D3A398-A13C-444A-94D6-A92C2EBA8648}C:\program files (x86)\tango\tango.exe] => (Block) C:\program files (x86)\tango\tango.exe
FirewallRules: [UDP Query User{EC433D7C-FF32-4D0A-BD5B-961082A2A499}C:\program files (x86)\tango\tango.exe] => (Block) C:\program files (x86)\tango\tango.exe
FirewallRules: [{91AE8FC2-5E12-49A2-AC94-ECF1D7991B4A}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{1B942E25-0E89-420D-9657-B276A65120EB}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{EEB6CA6F-4C12-4480-A3D4-4D4FF72430EA}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F09BC73F-5A49-49B2-B7D3-20871A9F9984}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{23F8B979-D326-4F20-BB5D-FD45668514C5}] => (Allow) C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{29133CE9-206E-4278-97B3-E82EB52D90DA}] => (Allow) C:\Users\Neshaboo\AppData\Local\Temp\7zS2156.tmp\SymNRT.exe
FirewallRules: [{E3175C05-A110-4118-9F0B-BE134694C8EB}] => (Allow) C:\Users\Neshaboo\AppData\Local\Temp\7zS2156.tmp\SymNRT.exe
FirewallRules: [{4EEAE3D9-9677-4E48-81BD-CCE3AA2BF523}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D0585044-54FE-4001-AC3E-B2D6A6B8AE79}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2609BBB3-26FE-4C9F-BC4E-38047A21B3C7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{28553DCA-8084-480C-9AAC-D50967AE26DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{75B0F16A-5C68-4690-B58C-FCB301C9C59A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C984FA22-79E8-42F7-90F3-1B3F91322167}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F7E36CCE-3B75-4381-A117-5643A595077B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C82CB15F-9DB6-40FF-A0B0-1C26CC2C8793}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Compatibility Verify since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Protect Monitor since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service cyycfhtzro64 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service AllDaySavingsService64 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/04/2015 05:56:10 PM) (Source: AllDaySavingsService64) (EventID: 1) (User: )
Description: AllDaySavingsService64SvcInit, failed to connect to driver, status: -1
failed with 2

Error: (08/04/2015 05:52:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary netfilter64.

System Error:
The system cannot find the file specified.
.

Error: (08/04/2015 10:43:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

Error: (08/01/2015 10:14:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: compatibilitycheck.exe, version: 0.0.0.0, time stamp: 0x54bd82c9
Faulting module name: compatibilitycheck.exe, version: 0.0.0.0, time stamp: 0x54bd82c9
Exception code: 0xc0000005
Fault offset: 0x0009587e
Faulting process id: 0x200
Faulting application start time: 0xcompatibilitycheck.exe0
Faulting application path: compatibilitycheck.exe1
Faulting module path: compatibilitycheck.exe2
Report Id: compatibilitycheck.exe3


System errors:
=============
Error: (08/11/2015 07:55:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/10/2015 06:44:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/09/2015 11:01:58 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Home Network service depends the following service: MfeFire. This service might not be installed.

Error: (08/09/2015 10:59:49 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Proxy Service service depends the following service: MfeFire. This service might not be installed.

Error: (08/09/2015 10:56:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/09/2015 10:56:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/09/2015 10:56:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/09/2015 10:56:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/09/2015 10:56:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/09/2015 10:56:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Compatibility Verify since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Protect Monitor since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service cyycfhtzro64 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service AllDaySavingsService64 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/04/2015 05:56:10 PM) (Source: AllDaySavingsService64) (EventID: 1) (User: )
Description: AllDaySavingsService64SvcInit, failed to connect to driver, status: -1
failed with 2

Error: (08/04/2015 05:52:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary netfilter64.

System Error:
The system cannot find the file specified.

Error: (08/04/2015 10:43:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

Error: (08/01/2015 10:14:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e20001d0cc63f9cddd51C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe91a647ea-3857-11e5-b9cb-cc52af6b1fdb


CodeIntegrity:
===================================
Date: 2015-08-08 03:37:00.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-08 03:36:24.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-08 00:24:19.876
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-08 00:23:39.472
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-07 04:54:32.997
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-07 04:54:00.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-07 00:07:23.563
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-07 00:06:38.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-06 23:18:43.222
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-06 23:17:09.996
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 58%
Total physical RAM: 3893.86 MB
Available physical RAM: 1599.75 MB
Total Virtual: 7785.93 MB
Available Virtual: 4878.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.82 GB) (Free:364.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.64 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F4AEA3A7)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.1 KB · Views: 1
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
825
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back