TechSpot

Computer encrypted by cryptolock and lots of pop-ups

By lemowill
Aug 4, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
    Ran by Neshaboo (administrator) on NESHABOO-HP (04-08-2015 11:03:42)
    Running from C:\Users\Neshaboo\Desktop
    Loaded Profiles: Neshaboo (Available Profiles: Neshaboo & Guest)
    Platform: Windows 7[​IMG] Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    () C:\Program Files\005\cyycfhtzro64.exe
    Hewlett-Packard Company[​IMG]) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard HP Quick Launch[​IMG]\HPWMISVC.exe
    Hewlett-Packard Company[​IMG]) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    McAfee[​IMG], Inc.) C:\Windows\System32\mfevtps.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    () C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    Hewlett-Packard Company[​IMG]) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    (Hewlett-Packard Co.) C:\Program Files\HP HP Deskjet[​IMG] 3510 series\Bin\ScanToPCActivationApp.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard HP Quick Launch[​IMG]\HPMSGSVC.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP HP Software[​IMG] Update\hpwuschd2.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard HP Support Framework[​IMG]\HPSA_Service.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard HP Wireless Assistant[​IMG]\HPWA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard HP Wireless Assistant[​IMG]\HPWA_Main.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-06-10] (Synaptics Incorporated)
    HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-06-10] (IDT, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 32-bit] => C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator.exe
    HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 64-bit] => C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-19\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
    HKU\S-1-5-20\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
    HKU\S-1-5-18\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-02-20]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-02-20]
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-03-27] ()
    Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-03-27] ()
    InternetURL: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.optionstopaytos.com/RUzQtU
    Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-05-17]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
    ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
    ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
    ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
    ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}
    URLSearchHook: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
    SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXLQ,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXLQ,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
    SearchScopes: HKU\.DEFAULT -> {5F2A9A3B-630C-4E1F-9785-313E87C386F6} URL = http://websearch.ask.com/redirect?c...pn_sauid=D59ECCFE-7C17-4A34-8BA4-B77722EE0ABD
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?g...754D09D9&q={searchTerms}&SSPV=NewSP218B_sp_ie
    SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?g...754D09D9&q={searchTerms}&SSPV=NewSP218B_sp_ie
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
    BHO: No Name -> {4F564F32-5637-5341-5443-7A786E7484D7} -> No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-08-04] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-04] (Microsoft Corporation)
    BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-08-04] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/Web...n&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Winsock: Catalog9 01 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
    Winsock: Catalog9 16 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
    Winsock: Catalog9-x64 01 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
    Winsock: Catalog9-x64 02 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
    Winsock: Catalog9-x64 03 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
    Winsock: Catalog9-x64 04 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
    Winsock: Catalog9-x64 16 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
    Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
    Tcpip\Parameters: [DhcpNameServer] 71.252.0.12 71.242.0.12
    Tcpip\..\Interfaces\{24A37B02-85F7-46A1-B9B5-AC8490AD0C15}: [DhcpNameServer] 71.252.0.12 71.242.0.12

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll [2013-11-23] ()
    FF Extension: ArcadeParlor - C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-09-18]

    Chrome:
    =======
    CHR Profile: C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Simple Dictation) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\diondlbenfmpcapnbegmodfdgmnnpgln [2014-09-23]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-15]
    CHR Extension: (nbglmejghppifhhbdhbaijiagbaedeec) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbglmejghppifhhbdhbaijiagbaedeec [2014-10-04]
    CHR Extension: (Google Wallet) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AllDaySavingsService64; C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
    S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-12-06] (CyberLink)
    R2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe [709120 2014-09-01] () [File not signed]
    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-17] (WildTangent)
    S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
    S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
    R2 Verifies and fixes application compatibility issues; C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2013-11-27] (Belcarra Technologies) [File not signed]
    S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-22] ()
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
    S1 tlsvjnyh; C:\Windows\system32\drivers\tlsvjnyh.sys [55168 2015-08-04] (Microsoft Corporation)
    R2 X5XSEx_Pr135; C:\Program Files (x86)\Verizon Games Player\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  2. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-04 10:58 - 2015-08-04 10:58 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tlsvjnyh.sys
    2015-08-04 10:53 - 2015-08-04 11:03 - 00047877 _____ C:\Users\Neshaboo\Desktop\Addition.txt
    2015-08-04 10:50 - 2015-08-04 11:03 - 00026752 _____ C:\Users\Neshaboo\Desktop\FRST.txt
    2015-08-04 10:50 - 2015-08-04 11:03 - 00000000 ____D C:\FRST
    2015-08-04 10:43 - 2015-08-04 10:43 - 00001945 _____ C:\Windows\epplauncher.mif
    2015-08-04 10:42 - 2015-08-04 10:42 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-08-04 10:42 - 2015-08-04 10:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2015-08-04 10:42 - 2015-08-04 10:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2015-08-04 10:38 - 2015-08-04 10:38 - 14243008 _____ (Microsoft Corporation) C:\Users\Neshaboo\Downloads\mseinstall64.exe
    2015-08-04 10:37 - 2015-08-04 10:37 - 02169856 _____ (Farbar) C:\Users\Neshaboo\Desktop\FRST64.exe
    2015-08-04 10:29 - 2015-08-04 10:30 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Neshaboo\Downloads\mbam-setup-2.1.8.1057.exe
    2015-07-15 20:13 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-07-15 20:13 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-07-15 19:44 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2015-07-15 19:44 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
    2015-07-15 19:44 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-07-15 19:44 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-07-15 19:44 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-07-15 19:44 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-07-15 19:43 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-07-15 19:43 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-07-15 19:43 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-07-15 19:43 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-07-15 19:43 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-07-15 19:43 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-07-15 19:43 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-07-15 19:43 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-07-15 19:43 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-07-15 19:42 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-07-15 19:42 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-07-15 19:42 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-07-15 19:42 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-07-15 19:42 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-07-15 19:42 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-07-15 19:42 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-07-15 19:42 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-07-15 19:42 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-07-15 19:42 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-07-15 19:42 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-07-15 19:42 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-07-15 19:42 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-07-15 19:42 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-07-15 19:42 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-07-15 19:42 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-07-15 19:42 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-07-15 19:42 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-07-15 19:42 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-07-15 19:42 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-07-15 19:42 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-07-15 19:42 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-07-15 19:42 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-07-15 19:42 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-07-15 19:42 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-07-15 19:42 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-07-15 19:42 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-07-15 19:42 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-07-15 19:42 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-07-15 19:42 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-07-15 19:42 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-07-15 19:42 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-07-15 19:42 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-07-15 19:42 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-07-15 19:42 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-07-15 19:42 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-07-15 19:41 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-07-15 19:41 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-07-15 19:41 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-07-15 19:41 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-07-15 19:41 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-07-15 19:41 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-07-15 19:41 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-07-15 19:41 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-07-15 19:41 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-07-15 19:41 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-07-15 19:41 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-07-15 19:41 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-07-15 19:41 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-07-15 19:41 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-07-15 19:41 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-07-15 19:41 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-07-15 19:41 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-07-15 19:41 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-07-15 19:41 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-07-15 19:41 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-07-15 19:41 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-07-15 19:41 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-07-15 19:41 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-07-15 19:41 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-07-15 19:41 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-07-15 19:41 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-07-15 19:41 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-07-15 19:41 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-07-15 19:41 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-07-15 19:41 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-07-15 19:41 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-07-15 19:41 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-07-15 19:41 - 2015-06-20 15:13 - 00077824 _____ Microsoft Corporation) C: Windows\system32\JavaScriptCollectionAgent.dll
    2015-07-15 19:41 - 2015-06-20 15:08 - 00199680 _____ Microsoft Corporation) C: Windows\system32\msrating.dll
    2015-07-15 19:41 - 2015-06-20 15:07 - 00092160 _____ Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-07-15 19:41 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-07-15 19:41 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-07-15 19:41 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-07-15 19:41 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-07-15 19:41 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-07-15 19:41 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-07-15 19:41 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-07-15 19:41 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-07-15 19:41 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-07-15 19:41 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-07-15 19:41 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-07-15 19:41 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-07-15 19:41 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-07-15 19:41 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-07-15 19:41 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-07-15 19:41 - 2015-06-19 14:13 - 00115712 _____ Microsoft Corporation) C: Windows\SysWOW64\ieUnatt.exe
    2015-07-15 19:41 - 2015-06-19 14:03 - 00418304 _____ Microsoft Corporation) C: Windows\SysWOW64\dxtmsft.dll
    2015-07-15 19:41 - 2015-06-19 13:57 - 00060416 _____ Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-07-15 19:41 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-07-15 19:41 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-07-15 19:41 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-07-15 19:41 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-07-15 19:41 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-07-15 19:41 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-07-15 19:41 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-07-15 19:41 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-07-15 19:41 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-07-15 19:41 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-07-15 19:41 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32 InkEd.dll
    2015-07-15 19:41 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-07-15 19:41 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-07-15 19:41 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-07-15 19:40 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2015-07-15 19:40 - 2015-07-04 13:48 - 01414656 _____ Microsoft Corporation) C: Windows\SysWOW64\ole32.dll
    2015-07-15 19:40 - 2015-04-27 15:23 - 01480192 _____ Microsoft Corporation) C: Windows\system32\crypt32.dll
    2015-07-15 19:40 - 2015-04-27 15:23 - 00229376 _____ Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-07-15 19:40 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-07-15 19:40 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-07-15 19:40 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-07-15 19:40 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-07-15 19:40 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-07-15 19:40 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-07-15 19:40 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-07-15 19:40 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2015-07-15 19:39 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32 Drivers\ksecpkg.sys
    2015-07-15 19:39 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-07-15 19:39 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00210944 _____ Microsoft Corporation) C: Windows\system32\wdigest.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00136192 _____ Microsoft Corporation) C: Windows\system32\sspicli.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00086528 _____ Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-07-15 19:39 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-07-15 19:39 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-07-15 19:39 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-07-15 19:39 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-07-15 19:39 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-07-15 19:39 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-07-15 19:39 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-07-15 19:39 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-07-15 19:39 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-07-15 19:39 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-07-15 19:39 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-07-15 19:39 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-07-15 19:39 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-07-15 19:39 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-07-15 19:39 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-07-15 19:39 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-07-15 19:39 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-07-15 19:39 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-07-15 19:39 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-07-15 19:39 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2015-07-15 19:39 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2015-07-15 19:39 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2015-07-15 19:39 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2015-07-15 19:39 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-07-15 19:39 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2015-07-15 19:39 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2015-07-15 19:39 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2015-07-15 19:39 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2015-07-15 19:39 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-07-15 19:39 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-07-15 19:39 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-07-15 19:39 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-07-15 19:38 - 2015-07-09 13:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-07-15 19:38 - 2015-07-09 13:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-07-15 19:38 - 2015-07-09 13:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-07-15 19:38 - 2015-07-09 13:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-07-15 19:38 - 2015-07-09 13:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-07-15 19:38 - 2015-07-09 13:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-07-15 19:38 - 2015-07-09 13:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-07-15 19:38 - 2015-07-09 13:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-07-15 19:38 - 2015-07-03 14:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-07-15 19:38 - 2015-07-03 14:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-07-15 19:38 - 2015-07-03 14:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-07-15 19:38 - 2015-07-03 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-07-15 19:38 - 2015-07-03 13:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-07-15 19:38 - 2015-07-03 13:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-07-15 19:38 - 2015-07-03 13:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-07-15 19:38 - 2015-07-03 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-07-15 19:38 - 2015-07-03 12:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-07-15 19:38 - 2015-07-03 12:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-07-15 19:38 - 2015-06-03 16:17 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-07-15 19:38 - 2015-06-03 16:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-07-15 19:38 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
    2015-07-15 19:38 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-07-15 19:38 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-07-15 19:38 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-07-15 19:37 - 2015-07-15 19:37 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2015-07-15 19:37 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-07-15 19:37 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-07-15 19:37 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-07-15 19:37 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-07-15 19:37 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-07-15 19:37 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-07-15 19:37 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-07-15 19:21 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-07-15 19:21 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-07-15 19:21 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-07-15 19:15 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-07-15 19:15 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-07-15 19:01 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-07-15 19:01 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-07-15 19:01 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-07-15 19:01 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-07-15 19:00 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-07-15 19:00 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-07-15 19:00 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-07-15 19:00 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-07-15 19:00 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-07-15 19:00 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-07-15 19:00 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-07-15 19:00 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-07-15 19:00 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-07-15 19:00 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-07-15 19:00 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-07-15 19:00 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-07-15 18:59 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-07-15 18:59 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-07-15 18:59 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-07-15 18:59 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-07-15 18:59 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-07-15 18:59 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-07-15 18:59 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-07-15 18:59 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-07-15 18:59 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-07-15 18:58 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-07-15 18:58 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-07-15 18:51 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-07-15 18:51 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-07-15 18:39 - 2015-07-15 18:39 - 00000000 ____D C:\Program Files (x86)\GUM25DC.tmp
    2015-07-15 18:39 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-07-15 18:39 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-07-15 18:39 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-07-15 18:39 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
     
  3. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-04 11:00 - 2012-03-09 09:27 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{56CD31B4-BB90-4A70-A0F1-FA3D0FBFD449}
    2015-08-04 10:58 - 2014-01-26 14:31 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-08-04 10:57 - 2015-01-11 00:39 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier
    2015-08-04 10:57 - 2014-01-26 14:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-08-04 10:54 - 2014-03-11 15:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2015-08-04 10:53 - 2015-01-13 00:52 - 00000112 _____ C:\ProgramData\3550uus0.dat
    2015-08-04 10:53 - 2011-02-20 05:38 - 01455146 _____ C:\Windows\WindowsUpdate.log
    2015-08-04 10:41 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-08-04 10:41 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-08-04 10:39 - 2012-11-14 15:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-08-04 10:24 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-08-04 10:21 - 2014-10-22 20:05 - 00000372 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Neshaboo).job
    2015-08-04 10:21 - 2014-01-26 14:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-08-03 11:28 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-08-03 11:28 - 2009-07-14 00:51 - 00073906 _____ C:\Windows\setupact.log
    2015-08-01 10:19 - 2014-11-13 04:09 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieBrowserModeList
    2015-08-01 10:19 - 2014-04-14 21:59 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieUserList
    2015-08-01 10:19 - 2014-04-14 21:59 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieSiteList
    2015-08-01 10:19 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2015-08-01 10:08 - 2009-07-14 00:45 - 00442664 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
    2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
    2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-08-01 10:04 - 2014-12-14 04:15 - 00000000 ____D C:\Windows\system32\appraiser
    2015-08-01 10:04 - 2014-05-07 15:43 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-08-01 10:04 - 2011-02-20 05:43 - 00282088 _____ C:\Windows\PFRO.log
    2015-08-01 10:03 - 2014-01-26 14:31 - 00000000 ____D C:\Program Files\Google
    2015-08-01 10:03 - 2014-01-26 14:30 - 00000000 ____D C:\Program Files (x86)\Google
    2015-07-15 20:28 - 2011-04-28 18:49 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-07-15 20:12 - 2013-03-16 03:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-07-15 20:11 - 2013-03-16 03:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-07-15 20:11 - 2013-03-16 03:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-07-15 20:10 - 2013-07-17 23:16 - 00000000 ____D C:\Windows\system32\MRT
    2015-07-15 19:37 - 2012-11-14 15:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-07-15 19:37 - 2012-11-14 15:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-07-15 19:37 - 2011-08-07 12:36 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-07-15 19:24 - 2014-01-26 14:30 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\Google
    2015-07-15 19:06 - 2014-01-26 14:31 - 00000000 ____D C:\ProgramData\Google
    2015-07-15 19:03 - 2011-01-09 05:55 - 00000000 ____D C:\Program Files (x86)\Windows Live
    2015-07-15 18:45 - 2014-01-26 14:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-07-15 18:45 - 2014-01-26 14:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-07-05 06:08 - 2014-09-30 01:48 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Neshaboo\AppData\Roaming\CXJVL
    2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Neshaboo\AppData\Roaming\FFBRK
    2011-06-04 15:49 - 2011-06-24 13:08 - 0001854 _____ () C:\Users\Neshaboo\AppData\Roaming\GhostObjGAFix.xml
    2015-03-19 00:22 - 2015-03-19 00:22 - 0045711 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.PNG
    2015-03-19 00:22 - 2015-03-19 00:22 - 0004280 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.TXT
    2015-03-19 00:22 - 2015-03-19 00:22 - 0000300 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.URL
    2014-10-22 18:50 - 2014-10-22 18:51 - 0118784 _____ () C:\Users\Neshaboo\AppData\Local\ChromeHitoryDB
    2012-05-08 20:30 - 2012-05-08 20:58 - 0000581 _____ () C:\Users\Neshaboo\AppData\Local\cookies.ini
    2015-03-19 00:21 - 2015-03-19 00:21 - 0045711 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.PNG
    2015-03-19 00:21 - 2015-03-19 00:21 - 0004280 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.TXT
    2015-03-19 00:21 - 2015-03-19 00:21 - 0000300 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.URL
    2011-07-14 10:10 - 2011-07-14 10:18 - 0010924 ___SH () C:\Users\Neshaboo\AppData\Local\p800dh7g330a2tcht155xte60kn03vi76
    2015-01-13 00:52 - 2015-08-04 10:53 - 0000112 _____ () C:\ProgramData\3550uus0.dat
    2013-03-09 23:17 - 2013-03-09 23:17 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-03-19 00:18 - 2015-03-19 00:18 - 0045711 _____ () C:\ProgramData\HELP_DECRYPT.PNG
    2015-03-19 00:18 - 2015-03-19 00:18 - 0004280 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-03-19 00:18 - 2015-03-19 00:18 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
    2011-07-14 10:10 - 2011-07-14 10:12 - 0010908 ___SH () C:\ProgramData\p800dh7g330a2tcht155xte60kn03vi76
    2011-02-20 05:47 - 2011-02-20 05:47 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2011-01-09 06:02 - 2011-01-09 06:02 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2011-02-20 05:47 - 2011-02-20 05:47 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2011-01-09 06:01 - 2011-01-09 06:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2011-02-20 05:46 - 2011-02-20 05:46 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2011-01-09 06:00 - 2011-01-09 06:00 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Files to move or delete:
    ====================
    C:\ProgramData\3550uus0.dat


    Some files in TEMP:
    ====================
    C:\Users\Neshaboo\AppData\Local\Temp\.exe
    C:\Users\Neshaboo\AppData\Local\Temp\212F.exe
    C:\Users\Neshaboo\AppData\Local\Temp\932E.exe
    C:\Users\Neshaboo\AppData\Local\Temp\AAAF.exe
    C:\Users\Neshaboo\AppData\Local\Temp\AllDaySavings.exe
    C:\Users\Neshaboo\AppData\Local\Temp\CFA.exe
    C:\Users\Neshaboo\AppData\Local\Temp\contentDATs.exe
    C:\Users\Neshaboo\AppData\Local\Temp\D8A.exe
    C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginROW.exe
    C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginUS.exe
    C:\Users\Neshaboo\AppData\Local\Temp\Extract.exe
    C:\Users\Neshaboo\AppData\Local\Temp\HPHelpUpdater.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-8u31-windows-au.exe
    C:\Users\Neshaboo\AppData\Local\Temp\Launcher.exe
    C:\Users\Neshaboo\AppData\Local\Temp\mssinstaller.exe
    C:\Users\Neshaboo\AppData\Local\Temp\NEW21A1.tmp.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nse3A24.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nso6F1C.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nso73FD.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nsrE679.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nst3EC6.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nsw55CC.tmp.exe
    C:\Users\Neshaboo\AppData\Local\Temp\ochelper.exe
    C:\Users\Neshaboo\AppData\Local\Temp\offercast.exe
    C:\Users\Neshaboo\AppData\Local\Temp\OptimizerPro.exe
    C:\Users\Neshaboo\AppData\Local\Temp\optprosetup.exe
    C:\Users\Neshaboo\AppData\Local\Temp\rcpsetup_26034.exe
    C:\Users\Neshaboo\AppData\Local\Temp\Resource.exe
    C:\Users\Neshaboo\AppData\Local\Temp\scp73BA.tmp.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\Neshaboo\AppData\Local\Temp\setup.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SHelp2.exe
    C:\Users\Neshaboo\AppData\Local\Temp\sNwrWt21.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52093.exe
    C:\Users\Neshaboo\AppData\Local\Temp\sp52110.exe.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52264.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52407.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52469.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52509.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52615.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52796.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52799.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52956.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP53133.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP53546.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP53663.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP53851.exe
    C:\Users\Neshaboo\AppData\Local\Temp\sp54620.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP54714.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP55026.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP55029.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP55031.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP55152.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP56215.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP56874.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP56878.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP56929.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP57398.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP57698.exe
    C:\Users\Neshaboo\AppData\Local\Temp\sp58915.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP59202.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP60864.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP61152.exe
    C:\Users\Neshaboo\AppData\Local\Temp\sp64126.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SpOrder.dll
    C:\Users\Neshaboo\AppData\Local\Temp\SymCCIS.dll
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite.dll
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite44837.dll
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite46318.dll
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite74679.dll
    C:\Users\Neshaboo\AppData\Local\Temp\The_Weather_Channel_Application.exe
    C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPTCA.exe
    C:\Users\Neshaboo\AppData\Local\Temp\wejtzk5q.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
  4. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
    Ran by Neshaboo (2015-08-04 11:04:21)
    Running from C:\Users\Neshaboo\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-720022467-1087662642-2550357224-500 - Administrator - Disabled)
    Guest (S-1-5-21-720022467-1087662642-2550357224-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-720022467-1087662642-2550357224-1002 - Limited - Enabled)
    Neshaboo (S-1-5-21-720022467-1087662642-2550357224-1000 - Administrator - Enabled) => C:\Users\Neshaboo

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
    Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Burger Shop 2™ (HKLM-x32\...\exent_645450) (Version: - )
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cases of Stolen Beauty (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Christmas Wonderland (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3525 - CyberLink Corp.)
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4814 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3609 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Department 42: The Mystery of the Nine (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    Family Vacation: California (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version: - Zecter Inc.)
    HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
    HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Documentation (HKLM-x32\...\{0C107330-16DF-4D39-AA74-0E5448AED9E8}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    I SPY Treasure Hunt (x32 Version: 2.2.0.97 - WildTangent) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
    Inbetween Land (x32 Version: 3.0.2.51 - WildTangent) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
    Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3429 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3429 - CyberLink Corp.) Hidden
    LeapFrog LeapReader Plugin (x32 Version: 5.2.4.18512 - LeapFrog) Hidden
    LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Nancy Drew: Secrets Can Kill Remastered (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.35 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4725 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4725 - CyberLink Corp.) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    Snark Busters 3: High Society (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
    The Fog (x32 Version: 3.0.2.59 - WildTangent) Hidden
    The Lost Cases of Sherlock Holmes 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version: - LeapFrog)
    Verizon Games Player (HKLM-x32\...\{A7DDBA41-E56C-4654-9AB2-C8187E3F2C27}) (Version: - )
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
    WebIQ Technology Engine (HKLM-x32\...\{31F039C7-DF16-4FCC-85AE-68E68352D2B2}) (Version: 1.7.1114 - Usability Sciences Corporation)
    Weird Park: Broken Tune (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    27-03-2015 00:41:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    27-03-2015 00:41:33 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    27-03-2015 00:45:25 Restore Operation
    15-07-2015 19:02:19 Removed Windows Live Mesh ActiveX Control for Remote Connections
    15-07-2015 19:21:02 Windows Update
    15-07-2015 19:26:00 HPSF Restore Point
    15-07-2015 20:03:41 Windows Update
    04-08-2015 10:23:35 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2014-09-30 08:54 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 d3oxij66pru1i3.cloudfront.net

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {15217754-BF21-497A-AF48-25CCC4EBD9B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
    Task: {153B3946-3819-4C13-9075-6DA98BF9EF92} - System32\Tasks\{3B14636D-5FDA-48FF-8FB3-E97C22CB0F7E} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    Task: {171F9109-F9DA-42BA-A15C-E8A2468D8CCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
    Task: {44012427-6770-48F9-B81C-77E1BBC077F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
    Task: {56D17EA8-0591-4E56-B700-504255195064} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Neshaboo) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {578D75BC-05E9-4212-A0A1-3AB5F3139BD1} - System32\Tasks\HP AR Program Upload - baf9a344280e45d08081662302573919bc7c06020fab43629b1abf48c628606d => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {6666C4D7-04E6-4262-B536-492F7CA75125} - System32\Tasks\HP AR Program Upload - e7686d6754a54044ac830d08a6c86ab8a8594926fded4dfca8f7303591da2bf7 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {73D1BF56-F620-4D74-AD38-10B94C9CD917} - System32\Tasks\HP AR Program Upload - 7e18934b81cb4b93b008770d06d1629824b5c61632e24ae6aeba3948b76d49f8 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {77A744A8-7F99-42DD-918E-904ACDEC2F02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
    Task: {7C864BDD-2135-4A59-AB67-55DFA5BE0126} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {7D6F2967-4CC1-42C1-96AF-4DFCB24F8812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
    Task: {8845D76B-BCF3-4C82-AFC8-4D1A6C28C9F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {8A356F31-450B-4646-AD62-91D06892EFF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {8D97317C-AE08-49D8-B23A-6B930C2E0A57} - System32\Tasks\HP AR Program Upload - 7e6a3e70bd4242cda7017a70eed11a1a1a66478c86134afe952181005e18c563 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {944FF85D-A193-4195-88FE-49BF80A6B762} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
    Task: {A6FC653D-E61B-4AAE-A0B9-FC5BB471AAB4} - System32\Tasks\HP AR Program Upload - 1ac898481ec845ddb78da7e6335898d398451f13e90b4f64b1ffed57ad5eadfe => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {B23102A2-E0E8-4074-A78B-8377CC64D47F} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {B28CFF47-1E15-4022-9A47-1406169E9ADF} - System32\Tasks\{E7B58D99-4F3C-49AA-BB2E-135811BE89F0} => pcalua.exe -a "C:\Program Files (x86)\Verizon Games Player\Uninstall.exe"
    Task: {B55D2396-49EA-4EAD-B40E-ECCEF88D8BFB} - System32\Tasks\{D4B7C16E-2B81-4288-8611-82DB39965C64} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    Task: {D2D33CF4-ED3E-481F-B6B7-49ECE8D58817} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-12-11] (CyberLink)
    Task: {DE73B2F0-FB23-46FD-B26D-1F378267A77F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {EA1CC361-C3E0-473C-BF23-6699CBC219F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {ED260611-6F26-45D2-9C05-F3B3733B2152} - System32\Tasks\{ED962435-FD06-416F-9C70-1159E0F3E9C0} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    Task: {F65997B1-6EC4-4998-828B-F03FA3BC900C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-08-04] (Microsoft Corporation)
    Task: {F8F3DE14-AD82-4C94-9472-F15F701D1C51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Neshaboo).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

    ==================== Loaded Modules (Whitelisted) ==============
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    We can remove Cryptolocker itself but encrypted files are not recoverable.
    If that's OK with you let me know and we'll proceed.
     
  6. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    Yes that's ok. Help!
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Addition log is incomplete.
    There is more below this line:

    ==================== Loaded Modules (Whitelisted) ==============
     
  8. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    ==================== Loaded Modules (Whitelisted) ==============

    2014-09-01 00:26 - 2014-09-01 00:26 - 00709120 _____ () C:\Program Files\005\cyycfhtzro64.exe
    2015-01-11 00:39 - 2015-01-12 14:55 - 00091304 _____ () C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
    2014-11-19 00:12 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2010-12-08 14:55 - 2010-12-08 14:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2010-07-29 23:39 - 2010-07-29 23:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
    2010-07-21 18:33 - 2010-07-21 18:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
    2010-07-21 18:33 - 2010-07-21 18:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
    2010-07-21 18:33 - 2010-07-21 18:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
    2014-03-11 15:18 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2010-11-22 18:00 - 2010-11-22 18:00 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    2010-11-22 18:00 - 2010-11-22 18:00 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    2010-11-22 18:00 - 2010-11-22 18:00 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2014-10-22 19:33 - 2014-10-22 19:33 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
    2011-02-20 05:35 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2015-08-04 10:48 - 2015-07-25 04:46 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll
    2015-08-04 10:47 - 2015-07-25 04:46 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll
    2015-08-04 10:49 - 2015-07-25 04:46 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\system32\Drivers\tlsvjnyh.sys:changelist
    AlternateDataStreams: C:\ProgramData\Temp:373E1720

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 71.252.0.12 - 71.242.0.12
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D6D334A1-795D-4D28-9E95-5BB4AB6A9FDB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{DD0BB6D1-83CC-4CFF-AEDB-D7827BC946B1}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{8E526251-143C-4534-89BC-4CAD045FA589}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{7F45E489-EEBA-4E82-9A82-2EBEA63E61EE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{96B0D824-04F5-47B1-9DC8-F1CFA71E0461}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{C86EBE37-B6DF-4FE5-9223-D6B476A23436}] => (Allow) LPort=2869
    FirewallRules: [{5AF2DF68-743D-43B3-87AE-6814D15DCA52}] => (Allow) LPort=1900
    FirewallRules: [{7C9C6D48-825D-423A-B138-34DA1695DB97}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{9FB0E4CB-CAFC-4354-ACBE-8D386E075A97}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{29EDA64A-5A0B-4AB3-B01B-3897977B7BA2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    FirewallRules: [{EF959CFD-3727-480E-9ED3-93C5CC0F4107}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    FirewallRules: [{2D26D779-C688-4FC8-8DC1-CECD444AD4F2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
    FirewallRules: [TCP Query User{89A3BEEA-7323-4B0C-B086-61590CE8E2E9}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [UDP Query User{B4BD1E27-AC5D-47F3-9245-6EAC6CA5D4E8}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [{E4E4E7F1-4496-481B-B430-584953D470AF}] => (Allow) LPort=443
    FirewallRules: [{216AA462-61AD-4421-AE98-2E6B0B192C50}] => (Allow) LPort=443
    FirewallRules: [{39FE1071-A14E-4E22-8584-25712ED26017}] => (Allow) LPort=37674
    FirewallRules: [{8F189678-5155-489B-B4AB-258315C094E3}] => (Allow) LPort=37674
    FirewallRules: [{45349DEB-7CDF-4BC5-BDE9-A3E62220FFF6}] => (Allow) LPort=37675
    FirewallRules: [TCP Query User{139DFFBC-1CC8-4513-B65D-FA5A0C6D8B12}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [UDP Query User{E44FBF13-9DCD-445D-A5FE-C6E07FA2B4BF}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [{8DDEE566-636C-4E66-B0A5-74C18C86FBDA}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
    FirewallRules: [{3C9A2EB5-0699-47C2-ADEA-D6EF8EC13C3C}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
    FirewallRules: [TCP Query User{E5D3A398-A13C-444A-94D6-A92C2EBA8648}C:\program files (x86)\tango\tango.exe] => (Block) C:\program files (x86)\tango\tango.exe
    FirewallRules: [UDP Query User{EC433D7C-FF32-4D0A-BD5B-961082A2A499}C:\program files (x86)\tango\tango.exe] => (Block) C:\program files (x86)\tango\tango.exe
    FirewallRules: [{91AE8FC2-5E12-49A2-AC94-ECF1D7991B4A}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
    FirewallRules: [{1B942E25-0E89-420D-9657-B276A65120EB}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{EEB6CA6F-4C12-4480-A3D4-4D4FF72430EA}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{F09BC73F-5A49-49B2-B7D3-20871A9F9984}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{23F8B979-D326-4F20-BB5D-FD45668514C5}] => (Allow) C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{29133CE9-206E-4278-97B3-E82EB52D90DA}] => (Allow) C:\Users\Neshaboo\AppData\Local\Temp\7zS2156.tmp\SymNRT.exe
    FirewallRules: [{E3175C05-A110-4118-9F0B-BE134694C8EB}] => (Allow) C:\Users\Neshaboo\AppData\Local\Temp\7zS2156.tmp\SymNRT.exe
    FirewallRules: [{4EEAE3D9-9677-4E48-81BD-CCE3AA2BF523}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{D0585044-54FE-4001-AC3E-B2D6A6B8AE79}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{2609BBB3-26FE-4C9F-BC4E-38047A21B3C7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{E03A776E-E979-441D-B6AF-4F7CA37110C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/04/2015 10:43:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936

    Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

    Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

    Error: (08/01/2015 10:14:07 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: compatibilitycheck.exe, version: 0.0.0.0, time stamp: 0x54bd82c9
    Faulting module name: compatibilitycheck.exe, version: 0.0.0.0, time stamp: 0x54bd82c9
    Exception code: 0xc0000005
    Fault offset: 0x0009587e
    Faulting process id: 0x200
    Faulting application start time: 0xcompatibilitycheck.exe0
    Faulting application path: compatibilitycheck.exe1
    Faulting module path: compatibilitycheck.exe2
    Report Id: compatibilitycheck.exe3

    Error: (07/15/2015 07:52:48 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
    Description: Microsoft Word: Accepted Safe Mode action : Word couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

    Do you want to start in safe mode?.
    Accepted Safe Mode action : Microsoft Word.

    Error: (07/15/2015 06:45:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program WINWORD.EXE version 15.0.4701.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1684

    Start Time: 01d0bf4fbf0ac110

    Termination Time: 0

    Application Path: C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE

    Report Id: 2545557e-2b43-11e5-bd28-cc52af6b1fdb

    Error: (07/15/2015 06:38:21 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (03/27/2015 12:42:52 AM) (Source: VSS) (EventID: 12344) (User: )
    Description: Volume Shadow Copy Error: An error 0x00000000c000014d was encountered while Registry Writer was preparing the registry for a shadow
    copy. Check the Application and System event logs for any related errors.


    Operation:
    OnFreeze event
    Freeze Event

    Context:
    Execution Context: Registry Writer
    Execution Context: Writer
    Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
    Writer Name: Registry Writer
    Writer Instance ID: {4e63d4e7-31c0-4148-a7e3-8d2ae924031b}

    Error: (03/27/2015 12:41:44 AM) (Source: VSS) (EventID: 12344) (User: )
    Description: Volume Shadow Copy Error: An error 0x00000000c000014d was encountered while Registry Writer was preparing the registry for a shadow
    copy. Check the Application and System event logs for any related errors.


    Operation:
    OnFreeze event
    Freeze Event

    Context:
    Execution Context: Registry Writer
    Execution Context: Writer
    Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
    Writer Name: Registry Writer
    Writer Instance ID: {4e63d4e7-31c0-4148-a7e3-8d2ae924031b}

    Error: (03/27/2015 12:04:14 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Neshaboo-HP)
    Description: Application or service 'Microsoft PowerPoint' could not be shut down.


    System errors:
    =============
    Error: (08/04/2015 10:43:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (08/04/2015 10:43:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (08/04/2015 10:43:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (08/04/2015 10:43:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (08/04/2015 10:43:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (08/04/2015 10:43:44 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

    Error: (08/04/2015 10:43:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %Neshaboo-HP60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %Neshaboo-HP51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %Neshaboo-HP602

    Update Type: %Neshaboo-HP604

    User: Neshaboo-HP\Neshaboo

    Current Engine Version: %Neshaboo-HP605

    Previous Engine Version: %Neshaboo-HP606

    Error code: %Neshaboo-HP607

    Error description: %Neshaboo-HP608

    Error: (08/04/2015 10:43:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %Neshaboo-HP60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %Neshaboo-HP51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %Neshaboo-HP602

    Update Type: %Neshaboo-HP604

    User: Neshaboo-HP\Neshaboo

    Current Engine Version: %Neshaboo-HP605

    Previous Engine Version: %Neshaboo-HP606

    Error code: %Neshaboo-HP607

    Error description: %Neshaboo-HP608

    Error: (08/04/2015 10:43:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %Neshaboo-HP60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %Neshaboo-HP51

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %Neshaboo-HP602

    Update Type: %Neshaboo-HP604

    User: Neshaboo-HP\Neshaboo

    Current Engine Version: %Neshaboo-HP605

    Previous Engine Version: %Neshaboo-HP606

    Error code: %Neshaboo-HP607

    Error description: %Neshaboo-HP608

    Error: (08/04/2015 10:43:11 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
    Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


    Microsoft Office:
    =========================
    Error: (08/04/2015 10:43:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936

    Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

    Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

    Error: (08/01/2015 10:14:07 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e20001d0cc63f9cddd51C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe91a647ea-3857-11e5-b9cb-cc52af6b1fdb

    Error: (07/15/2015 07:52:48 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
    Description: Microsoft WordWord couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

    Do you want to start in safe mode?

    Error: (07/15/2015 06:45:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: WINWORD.EXE15.0.4701.1000168401d0bf4fbf0ac1100C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE2545557e-2b43-11e5-bd28-cc52af6b1fdb

    Error: (07/15/2015 06:38:21 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161

    Error: (03/27/2015 12:42:52 AM) (Source: VSS) (EventID: 12344) (User: )
    Description: 0x00000000c000014d

    Operation:
    OnFreeze event
    Freeze Event

    Context:
    Execution Context: Registry Writer
    Execution Context: Writer
    Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
    Writer Name: Registry Writer
    Writer Instance ID: {4e63d4e7-31c0-4148-a7e3-8d2ae924031b}

    Error: (03/27/2015 12:41:44 AM) (Source: VSS) (EventID: 12344) (User: )
    Description: 0x00000000c000014d

    Operation:
    OnFreeze event
    Freeze Event

    Context:
    Execution Context: Registry Writer
    Execution Context: Writer
    Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
    Writer Name: Registry Writer
    Writer Instance ID: {4e63d4e7-31c0-4148-a7e3-8d2ae924031b}

    Error: (03/27/2015 12:04:14 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Neshaboo-HP)
    Description: 1C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exeMicrosoft PowerPoint021173960243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C006F0066006600690063006500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000


    CodeIntegrity:
    ===================================
    Date: 2015-02-19 14:19:28.804
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-19 14:18:51.239
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-15 02:31:02.362
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-15 02:29:56.921
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-14 22:57:52.201
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-14 22:57:51.601
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-14 22:57:20.669
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-14 10:33:51.800
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-14 10:33:51.120
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-14 10:33:20.339
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
    Percentage of memory in use: 72%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 1082.11 MB
    Total Virtual: 7785.93 MB
    Available Virtual: 4124.21 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:450.82 GB) (Free:367.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.64 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F4AEA3A7)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=450.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End of log ============================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  10. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
    Ran by Neshaboo (2015-08-06 00:51:46) Run:1
    Running from C:\Users\Neshaboo\Desktop
    Loaded Profiles: Neshaboo (Available Profiles: Neshaboo & Guest)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    () C:\Program Files\005\cyycfhtzro64.exe
    C:\Program Files\005\cyycfhtzro64.exe
    HKLM-x32\...\Run: [] => [X]
    Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-03-27] ()
    Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-03-27] ()
    InternetURL: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.optionstopaytos.com/RUzQtU
    C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG
    C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT
    C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    URLSearchHook: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
    SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXLQ,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXLQ,,&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
    SearchScopes: HKU\.DEFAULT -> {5F2A9A3B-630C-4E1F-9785-313E87C386F6} URL = http://websearch.ask.com/redirect?c...pn_sauid=D59ECCFE-7C17-4A34-8BA4-B77722EE0ABD
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?g...754D09D9&q={searchTerms}&SSPV=NewSP218B_sp_ie
    SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?g...754D09D9&q={searchTerms}&SSPV=NewSP218B_sp_ie
    BHO: No Name -> {4F564F32-5637-5341-5443-7A786E7484D7} -> No File
    BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
    BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-720022467-1087662642-2550357224-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Winsock: Catalog9 01 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
    Winsock: Catalog9 16 C:\Windows\SysWOW64\MyOSProtect.dll [304776 2014-09-30] (MyOSCompany)
    Winsock: Catalog9-x64 01 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
    Winsock: Catalog9-x64 02 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
    Winsock: Catalog9-x64 03 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
    Winsock: Catalog9-x64 04 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
    Winsock: Catalog9-x64 16 C:\Windows\system32\MyOSProtect64.dll [350768 2014-09-30] (MyOSCompany)
    Hosts:
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
    CHR Extension: (nbglmejghppifhhbdhbaijiagbaedeec) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbglmejghppifhhbdhbaijiagbaedeec [2014-10-04]
    C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbglmejghppifhhbdhbaijiagbaedeec
    R2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe [709120 2014-09-01] () [File not signed]
    S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
    C:\monitorsvc.exe
    2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\Neshaboo\AppData\Roaming\CXJVL
    2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Neshaboo\AppData\Roaming\FFBRK
    2011-06-04 15:49 - 2011-06-24 13:08 - 0001854 _____ () C:\Users\Neshaboo\AppData\Roaming\GhostObjGAFix.xml
    2015-03-19 00:22 - 2015-03-19 00:22 - 0045711 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.PNG
    2015-03-19 00:22 - 2015-03-19 00:22 - 0004280 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.TXT
    2015-03-19 00:22 - 2015-03-19 00:22 - 0000300 _____ () C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.URL
    2014-10-22 18:50 - 2014-10-22 18:51 - 0118784 _____ () C:\Users\Neshaboo\AppData\Local\ChromeHitoryDB
    2012-05-08 20:30 - 2012-05-08 20:58 - 0000581 _____ () C:\Users\Neshaboo\AppData\Local\cookies.ini
    2015-03-19 00:21 - 2015-03-19 00:21 - 0045711 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.PNG
    2015-03-19 00:21 - 2015-03-19 00:21 - 0004280 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.TXT
    2015-03-19 00:21 - 2015-03-19 00:21 - 0000300 _____ () C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.URL
    2011-07-14 10:10 - 2011-07-14 10:18 - 0010924 ___SH () C:\Users\Neshaboo\AppData\Local\p800dh7g330a2tcht155xte60kn03vi76
    2015-01-13 00:52 - 2015-08-04 10:53 - 0000112 _____ () C:\ProgramData\3550uus0.dat
    2013-03-09 23:17 - 2013-03-09 23:17 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-03-19 00:18 - 2015-03-19 00:18 - 0045711 _____ () C:\ProgramData\HELP_DECRYPT.PNG
    2015-03-19 00:18 - 2015-03-19 00:18 - 0004280 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-03-19 00:18 - 2015-03-19 00:18 - 0000300 _____ () C:\ProgramData\HELP_DECRYPT.URL
    2011-07-14 10:10 - 2011-07-14 10:12 - 0010908 ___SH () C:\ProgramData\p800dh7g330a2tcht155xte60kn03vi76
    2011-02-20 05:47 - 2011-02-20 05:47 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2011-01-09 06:02 - 2011-01-09 06:02 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2011-02-20 05:47 - 2011-02-20 05:47 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2011-01-09 06:01 - 2011-01-09 06:02 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2011-02-20 05:46 - 2011-02-20 05:46 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2011-01-09 06:00 - 2011-01-09 06:00 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    C:\ProgramData\3550uus0.dat
    C:\Users\Neshaboo\AppData\Local\Temp\.exe
    C:\Users\Neshaboo\AppData\Local\Temp\212F.exe
    C:\Users\Neshaboo\AppData\Local\Temp\932E.exe
    C:\Users\Neshaboo\AppData\Local\Temp\AAAF.exe
    C:\Users\Neshaboo\AppData\Local\Temp\AllDaySavings.exe
    C:\Users\Neshaboo\AppData\Local\Temp\CFA.exe
    C:\Users\Neshaboo\AppData\Local\Temp\contentDATs.exe
    C:\Users\Neshaboo\AppData\Local\Temp\D8A.exe
    C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginROW.exe
    C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginUS.exe
    C:\Users\Neshaboo\AppData\Local\Temp\Extract.exe
    C:\Users\Neshaboo\AppData\Local\Temp\HPHelpUpdater.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Neshaboo\AppData\Local\Temp\jre-8u31-windows-au.exe
    C:\Users\Neshaboo\AppData\Local\Temp\Launcher.exe
    C:\Users\Neshaboo\AppData\Local\Temp\mssinstaller.exe
    C:\Users\Neshaboo\AppData\Local\Temp\NEW21A1.tmp.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nse3A24.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nso6F1C.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nso73FD.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nsrE679.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nst3EC6.exe
    C:\Users\Neshaboo\AppData\Local\Temp\nsw55CC.tmp.exe
    C:\Users\Neshaboo\AppData\Local\Temp\ochelper.exe
    C:\Users\Neshaboo\AppData\Local\Temp\offercast.exe
    C:\Users\Neshaboo\AppData\Local\Temp\OptimizerPro.exe
    C:\Users\Neshaboo\AppData\Local\Temp\optprosetup.exe
    C:\Users\Neshaboo\AppData\Local\Temp\rcpsetup_26034.exe
    C:\Users\Neshaboo\AppData\Local\Temp\Resource.exe
    C:\Users\Neshaboo\AppData\Local\Temp\scp73BA.tmp.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\Neshaboo\AppData\Local\Temp\setup.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SHelp2.exe
    C:\Users\Neshaboo\AppData\Local\Temp\sNwrWt21.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52093.exe
    C:\Users\Neshaboo\AppData\Local\Temp\sp52110.exe.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52264.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52407.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52469.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52509.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52615.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52796.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52799.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP52956.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP53133.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP53546.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP53663.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP53851.exe
    C:\Users\Neshaboo\AppData\Local\Temp\sp54620.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP54714.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP55026.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP55029.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP55031.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP55152.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP56215.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP56874.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP56878.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP56929.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP57398.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP57698.exe
    C:\Users\Neshaboo\AppData\Local\Temp\sp58915.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP59202.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP60864.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SP61152.exe
    C:\Users\Neshaboo\AppData\Local\Temp\sp64126.exe
    C:\Users\Neshaboo\AppData\Local\Temp\SpOrder.dll
    C:\Users\Neshaboo\AppData\Local\Temp\SymCCIS.dll
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite.dll
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite44837.dll
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite46318.dll
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite74679.dll
    C:\Users\Neshaboo\AppData\Local\Temp\The_Weather_Channel_Application.exe
    C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPTCA.exe
    C:\Users\Neshaboo\AppData\Local\Temp\wejtzk5q.dll
    AlternateDataStreams: C:\Windows\system32\Drivers\tlsvjnyh.sys:changelist
    AlternateDataStreams: C:\ProgramData\Temp:373E1720

    *****************

    [1988] C:\Program Files\005\cyycfhtzro64.exe => process closed successfully.
    C:\Program Files\005\cyycfhtzro64.exe => moved successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG => moved successfully.
    C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT => moved successfully.
    C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL => moved successfully.
    "C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG" => File/Folder not found.
    "C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT" => File/Folder not found.
    "C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL" => File/Folder not found.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    "HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Google" => key removed successfully
    "HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
    HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
    HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F2A9A3B-630C-4E1F-9785-313E87C386F6}" => key removed successfully
    HKCR\CLSID\{5F2A9A3B-630C-4E1F-9785-313E87C386F6} => key not found.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
    HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
    HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
    HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found.
    "HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
    HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F564F32-5637-5341-5443-7A786E7484D7}" => key removed successfully
    HKCR\CLSID\{4F564F32-5637-5341-5443-7A786E7484D7} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfully
    "HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
    "HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
    "HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
    Winsock: Catalog entry 000000000001 => removed successfully
    Winsock: Catalog entry 000000000002 => removed successfully
    Winsock: Catalog entry 000000000003 => removed successfully
    Winsock: Catalog entry 000000000004 => removed successfully
    Winsock: Catalog entry 000000000016 => removed successfully
    Winsock: Catalog entry 000000000001 => removed successfully
    Winsock: Catalog entry 000000000002 => removed successfully
    Winsock: Catalog entry 000000000003 => removed successfully
    Winsock: Catalog entry 000000000004 => removed successfully
    Winsock: Catalog entry 000000000016 => removed successfully
    C:\Windows\System32\Drivers\etc\hosts => moved successfully.
    Hosts restored successfully.
    "HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully
    C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbglmejghppifhhbdhbaijiagbaedeec => moved successfully.
    "C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbglmejghppifhhbdhbaijiagbaedeec" => File/Folder not found.
    cyycfhtzro64 => service removed successfully
    ProtectMonitor => service removed successfully
    C:\monitorsvc.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Roaming\CXJVL => moved successfully.
    C:\Users\Neshaboo\AppData\Roaming\FFBRK => moved successfully.
    C:\Users\Neshaboo\AppData\Roaming\GhostObjGAFix.xml => moved successfully.
    C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.PNG => moved successfully.
    C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.TXT => moved successfully.
    C:\Users\Neshaboo\AppData\Roaming\HELP_DECRYPT.URL => moved successfully.
    C:\Users\Neshaboo\AppData\Local\ChromeHitoryDB => moved successfully.
    C:\Users\Neshaboo\AppData\Local\cookies.ini => moved successfully.
    C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.PNG => moved successfully.
    C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.TXT => moved successfully.
    C:\Users\Neshaboo\AppData\Local\HELP_DECRYPT.URL => moved successfully.
    C:\Users\Neshaboo\AppData\Local\p800dh7g330a2tcht155xte60kn03vi76 => moved successfully.
    C:\ProgramData\3550uus0.dat => moved successfully.
    C:\ProgramData\Ament.ini => moved successfully.
    C:\ProgramData\HELP_DECRYPT.PNG => moved successfully.
    C:\ProgramData\HELP_DECRYPT.TXT => moved successfully.
    C:\ProgramData\HELP_DECRYPT.URL => moved successfully.
    C:\ProgramData\p800dh7g330a2tcht155xte60kn03vi76 => moved successfully.
    C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log => moved successfully.
    C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully.
    C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log => moved successfully.
    C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully.
    C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log => moved successfully.
    C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully.
    "C:\ProgramData\3550uus0.dat" => File/Folder not found.
    C:\Users\Neshaboo\AppData\Local\Temp\.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\212F.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\932E.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\AAAF.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\AllDaySavings.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\CFA.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\contentDATs.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\D8A.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginROW.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\DealsPluginUS.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\Extract.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\HPHelpUpdater.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\jre-8u31-windows-au.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\Launcher.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\mssinstaller.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\NEW21A1.tmp.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\nse3A24.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\nso6F1C.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\nso73FD.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\nsrE679.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\nst3EC6.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\nsw55CC.tmp.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\ochelper.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\offercast.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\OptimizerPro.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\optprosetup.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\rcpsetup_26034.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\Resource.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\scp73BA.tmp.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SecurityScan_Release.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\setup.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SHelp2.exe => moved successfully.
    "C:\Users\Neshaboo\AppData\Local\Temp\sNwrWt21.exe" => File/Folder not found.
    C:\Users\Neshaboo\AppData\Local\Temp\SP52093.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\sp52110.exe.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP52264.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP52407.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP52469.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP52509.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP52615.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP52796.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP52799.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP52956.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP53133.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP53546.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP53663.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP53851.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\sp54620.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP54714.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP55026.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP55029.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP55031.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP55152.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP56215.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP56874.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP56878.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP56929.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP57398.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP57698.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\sp58915.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP59202.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP60864.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SP61152.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\sp64126.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SpOrder.dll => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\SymCCIS.dll => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite.dll => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite44837.dll => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite46318.dll => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\System.Data.SQLite74679.dll => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\The_Weather_Channel_Application.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPSA.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\UninstallHPTCA.exe => moved successfully.
    C:\Users\Neshaboo\AppData\Local\Temp\wejtzk5q.dll => moved successfully.
    "C:\Windows\system32\Drivers\tlsvjnyh.sys" => ":changelist" ADS not found.
    C:\ProgramData\Temp => ":373E1720" ADS removed successfully.

    ==== End of Fixlog 00:52:09 ====
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  12. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    RogueKiller V10.9.4.0 [Jul 30 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Neshaboo [Administrator]
    Started from : C:\Users\Neshaboo\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 08/06/2015 21:28:58

    ¤¤¤ Processes : 2 ¤¤¤
    [Suspicious.Path|VT.Trojan.Win32.AdSuproot.a] compatibilitychecksvc.exe(2432) -- C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe[7] -> Killed [TermProc]
    [Suspicious.Path] DismHost.exe(1632) -- C:\Windows\Temp\B9E447E4-EB8C-4232-B584-0EBEA326F025\DismHost.exe[x] -> Killed [TermThr]

    ¤¤¤ Registry : 14 ¤¤¤
    [PUP|VT.Generic_r.RS] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AllDaySavingsService64 (C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Not selected
    [PUP|Suspicious.Path|VT.Trojan.Win32.AdSuproot.a] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Verifies and fixes application compatibility issues (C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe) -> Deleted
    [PUP|VT.Generic_r.RS] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AllDaySavingsService64 (C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Not selected
    [PUP|Suspicious.Path|VT.Trojan.Win32.AdSuproot.a] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Verifies and fixes application compatibility issues (C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe) -> Deleted
    [PUP|VT.Generic_r.RS] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AllDaySavingsService64 (C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ProtectMonitor (C:\monitorsvc.exe) -> Not selected
    [PUP|Suspicious.Path|VT.Trojan.Win32.AdSuproot.a] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Verifies and fixes application compatibility issues (C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe) -> Deleted
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms} -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms} -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms} -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-720022467-1087662642-2550357224-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms} -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
    --- User ---
    [MBR] d899a7f5473cbe5689f82e1e04583e99
    [BSP] b27509906ed6353760ff27ab2267a1ef : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 461641 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 945850368 | Size: 14995 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Go on...
     
  14. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 8/6/2015
    Scan Time: 9:30 PM
    Logfile: malware.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.08.06.07
    Rootkit Database: v2015.08.06.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Neshaboo

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 417375
    Time Elapsed: 45 min, 33 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 23
    PUP.Optional.ModGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [acf37b8a99f2b086db7c0788a45d9a66],
    PUP.Optional.ModGoog, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [acf37b8a99f2b086db7c0788a45d9a66],
    PUP.Optional.Adpeak.A, HKLM\SOFTWARE\AllDaySavings, Quarantined, [3867ce372b601c1ad92a3a07f310a45c],
    PUP.Optional.StormWatch.C, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASAPI32, Quarantined, [b7e8ff068407c37396d414971be9ab55],
    PUP.Optional.StormWatch.C, HKLM\SOFTWARE\MICROSOFT\TRACING\StormWatch_RASMANCS, Quarantined, [544b27defd8e72c4b6b47f2ca95b41bf],
    PUP.Optional.Adpeak.A, HKLM\SOFTWARE\WOW6432NODE\AllDaySavings, Quarantined, [ecb3ca3bc7c47bbb798a3e0319eaa15f],
    PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [f4abeb1a2962ce686492871d7a8a55ab],
    PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [f0af15f002893bfbd522782c3cc8d62a],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36B445BF-1B84-466A-A623-A360A8CFF8C3}, Quarantined, [d2cd71945a3181b5f5d087176d9737c9],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E1035F55-4C0C-4EFC-9AAE-38F421FCE726}, Quarantined, [455ac04523685dd9ecd9a2fc49bbf50b],
    PUP.Optional.DriverUpdate.A, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\DriverUpdate, Quarantined, [c0df7491ef9cc07629bbf0b421e3827e],
    PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [940b996cd6b593a317dedcc88282c838],
    PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\HQVPlus-3.5V30.09, Quarantined, [0d928f767a113bfb69022b09c2413dc3],
    PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [702fd92c1477b77f7f602776cd3702fe],
    PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\StormWatchApp, Quarantined, [ccd382834249b6801b93e64d36cd926e],
    PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [871834d1800b6acc55a0b9eb28dce21e],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [f9a64db8404bb2844c11107526de867a],
    PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [9906709598f34de9e33620fbb350f010],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{673D04B7-DA91-4A6C-9231-F75EBE815977}, Quarantined, [b1ee17ee8efda88e55eab5eb3cc8dc24],
    PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\OPTIMIZER PRO, Quarantined, [6a3536cfa7e436008045b4ee3cc86d93],
    PUP.Optional.DriverUpdate.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\SLIMWARE UTILITIES INC\DriverUpdate, Quarantined, [abf4c93cf9920e28d111792bdb29b848],
    PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\SMARTBAR, Quarantined, [9708689d4b40d95dbae0d0bd34d046ba],
    PUP.Optional.Mindspark.A, HKU\S-1-5-21-720022467-1087662642-2550357224-501\SOFTWARE\APPDATALOW\SOFTWARE\FromDocToPDF_65, Quarantined, [0897c93c315aa195f8b491ba7d8608f8],

    Registry Values: 8
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36b445bf-1b84-466a-a623-a360a8cff8c3}|AppPath, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin, Quarantined, [d2cd71945a3181b5f5d087176d9737c9]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e1035f55-4c0c-4efc-9aae-38f421fce726}|AppPath, C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin, Quarantined, [455ac04523685dd9ecd9a2fc49bbf50b]
    PUP.Optional.Mindspark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FromDocToPDF AppIntegrator 32-bit, C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator.exe, Quarantined, [9f00c540c5c671c5745a4ee7649f7c84]
    PUP.Optional.Mindspark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FromDocToPDF AppIntegrator 64-bit, C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe, Quarantined, [217e679e4744f343824c87ae5aa9f10f]
    PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, auto, Quarantined, [9906709598f34de9e33620fbb350f010]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{673D04B7-DA91-4A6C-9231-F75EBE815977}|AppName, cd4f07ce-597e-4b3d-a34a-324809336540-2.exe-buttonutil.exe, Quarantined, [b1ee17ee8efda88e55eab5eb3cc8dc24]
    PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\OPTIMIZER PRO|AdsBuyNowURL, http://www.safeshopgate.com/r?s=121001231&g=C8A7BFE2-D55C-14A0-FE36-44A1AF192EED, Quarantined, [6a3536cfa7e436008045b4ee3cc86d93]
    PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\SMARTBAR|publisher, ShoppingHelper, Quarantined, [9708689d4b40d95dbae0d0bd34d046ba]

    Registry Data: 4
    PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXLQ,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzX...),Replaced,[316e0cf97f0c1125b6b0f947887db050]
    PUP.Optional.SnapDo.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzX...),Replaced,[8619a26398f3df570c5c112f9e67d62a]
    PUP.Optional.SnapDo.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzX...),Replaced,[504f5ca93f4ca98dda8ea0a05ea74bb5]
    PUP.Optional.SnapDo.A, HKU\S-1-5-21-720022467-1087662642-2550357224-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzX...5Bo6hR0i344PvrYZHxc5RGDwXKg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzX...),Replaced,[c9d6966f4942ba7c590ef54b976ed32d]

    Folders: 34
    PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\locales, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.SoftwareUpdater, C:\Program Files (x86)\Software Updater, Quarantined, [fda2f70e4e3d21159697523e43c18a76],
    PUP.Optional.VisiCoupons.A, C:\Users\Neshaboo\AppData\Local\visi_coupon, Quarantined, [465901047813bd79ab81efa71fe51be5],
    PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\Installers, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\AppCache, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Downloads, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\HookBackups, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Logs, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.MultiPlug.F, C:\ProgramData\293ee2eae6b2ad75, Quarantined, [554a8a7b4843f34314e83c70a361a65a],
    Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [990636cf1e6d53e391867060f50d916f],
    PUP.Optional.Iminent.A, C:\Users\Neshaboo\AppData\Local\Temp\Iminent, Quarantined, [1689b550bdce122476feeff07f8360a0],
    PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Local\ArcadeParlor, Quarantined, [a8f700053f4c8da9bbc07e62d230dc24],
    PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
    PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
    PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
    PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
    PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarantined, [8b140104ed9ecb6b5224a946679b24dc],
    PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [8b140104ed9ecb6b5224a946679b24dc],
    PUP.Optional.GlobalUpdate.A, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897, Quarantined, [237c5baa3d4e78be65e4b9391fe3946c],
    PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings, Quarantined, [c4dbca3b74175ed8939af201fe0424dc],
    PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings\SSL, Quarantined, [c4dbca3b74175ed8939af201fe0424dc],
    PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor, Quarantined, [3c63d530602b1a1cc9bb2dd83bc8f709],
    PUP.Optional.KlipPal.A, C:\Users\Neshaboo\AppData\Local\Temp\Klip Pal, Quarantined, [faa5d82dd5b68fa7558044c7f310c63a],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [faa59273eba041f51e8363ab2dd647b9],

    Files: 105
    PUP.Optional.OSProtect.A, C:\Program Files (x86)\Web Protect\MyOSProtect.exe, Quarantined, [d6c9e025d5b6e1553b18fe40e41d4eb2],
    PUP.Optional.Loadshop, C:\monitor.exe, Quarantined, [16890afba8e3c472aaf59248e61ba55b],
    PUP.Optional.RegCleanPro.C, C:\Windows\System32\roboot64.exe, Quarantined, [5f40c44122690135333b710c47be9b65],
    PUP.Optional.APNToolBar.A, C:\Users\Neshaboo\AppData\Local\Temp\SetF8CF.tmp, Quarantined, [1986f1145437e452935d1d89fa074db3],
    PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\GoogleCrashHandler.exe, Quarantined, [326dec19c4c712242334721dec15a858],
    PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\GoogleUpdate.exe, Quarantined, [acf37b8a99f2b086db7c0788a45d9a66],
    PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\GoogleUpdateBroker.exe, Quarantined, [861972934d3ee4527fd8414e5aa7b14f],
    PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\GoogleUpdateOnDemand.exe, Quarantined, [980709fc6e1d8caabe99642bfa0748b8],
    PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\goopdate.dll, Quarantined, [e4bb2adbe9a292a45afd216e07fa7789],
    PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\goopdateres_en.dll, Quarantined, [920d689d5a31b28492c5296610f18977],
    PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\npGoogleUpdate4.dll, Quarantined, [2e71966f1e6d4de93324444b9b662ed2],
    PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\psmachine.dll, Quarantined, [980735d0d5b68da9c69192fd877a3ec2],
    PUP.Optional.ModGoog, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\psuser.dll, Quarantined, [8817ea1b89020e28d2858b04c33ec33d],
    PUP.Optional.OptimunInstaller, C:\Users\Neshaboo\Downloads\ (1), Quarantined, [356a5da83a510f273d739f99926e24dc],
    PUP.Optional.OptimunInstaller, C:\Users\Neshaboo\Downloads\ (2), Quarantined, [6b3463a259322d09e1cf4eeae7190ef2],
    PUP.Optional.OptimunInstaller, C:\Users\Neshaboo\Downloads\ (3), Quarantined, [ffa0f41158338da93d7367d111ef01ff],
    PUP.Optional.APNToolBar.A, C:\Users\Neshaboo\AppData\Local\Downloaded Installations\{263E1DB9-E7C3-4F3E-AC28-9A519AD52AC8}\The Weather Channel App.msi, Quarantined, [e4bb19ecdfac211538b98620d03131cf],
    PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\bgNova.html, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
    PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\1293297481.mxaddon, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
    PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\1687b8a8-65d4-4ec7-9bc4-ca3801ea4cfc.crx, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
    PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\1687b8a8-65d4-4ec7-9bc4-ca3801ea4cfc.xpi, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
    PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\4fe2876b-779f-421f-bbf9-ee87b9400081.crx, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
    PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\background.html, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
    PUP.Optional.CrossRider.A, C:\Program Files (x86)\HQVP-3.5V17.09\daa902bf-09bc-4522-a4ac-1de0d25bb86c.crx, Quarantined, [900f7590dead1b1b09f40b0c847f8080],
    PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf, Quarantined, [ddc2ba4b018ad5613e152bfd6e950cf4],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\cef.pak, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\icudtl.dat, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\libEGL.dll, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.CompatibilityVerifier.A, C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, Quarantined, [e7b87491e6a55fd78a708d9b22e1ba46],
    PUP.Optional.MyOSProtect.A, C:\Windows\Temp\MyOSProtect.log, Quarantined, [cbd4cb3a0b80191d79f058e0a65d3dc3],
    PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\MyOSProtect.dll, Delete-on-Reboot, [8c1314f13358a393bd9355e4709328d8],
    PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\MyOSProtectOff.ini, Quarantined, [ddc2ad58bbd005310d44aa8fb251b54b],
    PUP.Optional.MyOSProtect.A, C:\Windows\SysWOW64\MyOSProtect.ini, Quarantined, [f1ae6c99abe083b371e185b4f50e12ee],
    PUP.Optional.QuickStart.A, C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, [0d92fa0b73188caacf85dc5fe32053ad],
    PUP.Optional.Iminent.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage, Quarantined, [a3fc4abbbad1a5917df658e3db286898],
    PUP.Optional.Iminent.A, C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage, Quarantined, [920dc63f94f782b403703efd2ed5a65a],
    PUP.Optional.Iminent.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage, Quarantined, [148b9d6855362b0b9ed6c4777390c937],
    PUP.Optional.Iminent.A, C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage, Quarantined, [a5fa62a31d6ebe781f555cdfe0236e92],
    PUP.Optional.Iminent.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage, Quarantined, [abf4a65fa7e44fe7150254ee7291a65a],
    PUP.Optional.Iminent.A, C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage, Quarantined, [346bc540246737ff74a38fb3ed1612ee],
    PUP.Optional.Iminent.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [2f70b451dab1f541536ec8862fd401ff],
    PUP.Optional.Iminent.A, C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [8a158f764e3d5ed8b809c985f11207f9],
    PUP.Optional.SoftwareUpdater, C:\Program Files (x86)\Software Updater\updater.log, Quarantined, [fda2f70e4e3d21159697523e43c18a76],
    PUP.Optional.SoftwareUpdater, C:\Program Files (x86)\Software Updater\unins000.dat, Quarantined, [fda2f70e4e3d21159697523e43c18a76],
    PUP.Optional.Vitruvian.A, C:\Users\Neshaboo\AppData\Local\Temp\vitruvian-installer-install-v0001, Quarantined, [247b7e87a4e780b69d457b18f311d42c],
    PUP.Optional.Vitruvian.A, C:\Users\Neshaboo\AppData\Local\Temp\vitruvian-installer-processes-v0001, Quarantined, [b4ebb94c3f4c1323ecf682110df7c040],
    PUP.Optional.Vitruvian.A, C:\Users\Neshaboo\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0001, Quarantined, [c2dd95701b70989e934ffe9527dd34cc],
    PUP.Optional.Vitruvian.A, C:\Users\Neshaboo\AppData\Local\Temp\vitruvian-installer-uninstall-v0001, Quarantined, [3c638b7a692264d2687af2a17d876d93],
    PUP.Optional.VisiCoupons.A, C:\Users\Neshaboo\AppData\Local\visi_coupon\merchants.dat2, Quarantined, [465901047813bd79ab81efa71fe51be5],
    CryptoWall.Trace, C:\Users\Neshaboo\Desktop\HELP_DECRYPT.PNG, Quarantined, [702f41c4b3d85fd788327c1b9c688b75],
    CryptoWall.Trace, C:\Users\Neshaboo\Desktop\HELP_DECRYPT.TXT, Quarantined, [f1aef70ed1ba0b2b2199bfd8be46a35d],
    CryptoWall.Trace, C:\Users\Neshaboo\Desktop\HELP_DECRYPT.URL, Quarantined, [97088b7abecd0333803acccbe51f12ee],
    PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\MyOSProtect64.dll, Delete-on-Reboot, [19869e67c7c449edea4d0e8a11f3e719],
    PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
    PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\libeay32.dll, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
    PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\nfapi.dll, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
    PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\ProtocolFilters.dll, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
    PUP.Optional.AdPeak.A, C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\ssleay32.dll, Quarantined, [a8f739ccf5963ff758a04555e71df10f],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\ignores.dat, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\HELP_DECRYPT.PNG, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\HELP_DECRYPT.TXT, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\HELP_DECRYPT.URL, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\rupdates.db, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\supdates.db, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2014-10-22 19-44-09 0.log, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2014-10-22 19-44-56 0.log, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\HELP_DECRYPT.PNG, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\HELP_DECRYPT.TXT, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\HELP_DECRYPT.URL, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\Installers\SD-130584950574575733.log, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\cookiefilter.db, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\HELP_DECRYPT.PNG, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\HELP_DECRYPT.TXT, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\HELP_DECRYPT.URL, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\settings, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Cookies, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Cookies-journal, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\data_0, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\data_1, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\data_2, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\data_3, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\index, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage-journal, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Logs\2014-10-23 00;05;20,794.log, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.DriverUpdate.A, C:\Users\Neshaboo\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Logs\2014-10-23 00;05;20.log, Quarantined, [118eb5502467e452cd1203a1de261ee2],
    PUP.Optional.MultiPlug.F, C:\ProgramData\293ee2eae6b2ad75\{A2616871-3463-BCEE-5AFA-73773317A381}.20140929230952, Quarantined, [554a8a7b4843f34314e83c70a361a65a],
    PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\icon.png, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
    PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\install.rdf, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
    PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content\browser.xul, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
    PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin\style.css, Quarantined, [138cd0356f1cdb5b0a4f09e61fe3c43c],
    PUP.Optional.GlobalUpdate.A, C:\Users\Neshaboo\AppData\Local\Temp\comh.332897\GoogleUpdateHelper.msi, Quarantined, [237c5baa3d4e78be65e4b9391fe3946c],
    PUP.Optional.ArcadeParlor.A, C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor\Play ArcadeParlor Online.url, Quarantined, [3c63d530602b1a1cc9bb2dd83bc8f709],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  15. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    # AdwCleaner v4.208 - Logfile created 08/08/2015 at 12:37:29
    # Updated 09/07/2015 by Xplode
    # Database : 2015-08-01.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Neshaboo - NESHABOO-HP
    # Running from : C:\Users\Neshaboo\Desktop\adwcleaner_4.208.exe
    # Option : Cleaning

    ***** [ Services ] *****

    [#] Service Deleted : netfilter64
    [#] Service Deleted : swdumon

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Performance Optimizer
    Folder Deleted : C:\ProgramData\slimware utilities inc
    Folder Deleted : C:\ProgramData\SuavingttOYou
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Program Files (x86)\Web Protect
    Folder Deleted : C:\Program Files (x86)\Super Optimizer
    Folder Deleted : C:\Program Files (x86)\driverupdate
    Folder Deleted : C:\Program Files (x86)\SuavingttOYou
    Folder Deleted : C:\Program Files (x86)\VideoBuzz
    Folder Deleted : C:\Users\Neshaboo\AppData\Local\Temp\AirInstaller
    Folder Deleted : C:\Users\Neshaboo\AppData\Local\Temp\apn
    Folder Deleted : C:\Program Files\slimcleaner plus
    Folder Deleted : C:\Users\Neshaboo\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\Neshaboo\AppData\Local\iac
    Folder Deleted : C:\Users\Neshaboo\AppData\LocalLow\iac
    Folder Deleted : C:\Users\Neshaboo\AppData\LocalLow\visi_coupon
    Folder Deleted : C:\Users\Neshaboo\AppData\LocalLow\YahooCouponAddOn
    Folder Deleted : C:\Users\Neshaboo\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Neshaboo\AppData\Roaming\VideoBuzz
    File Deleted : C:\HELP_DECRYPT.PNG
    File Deleted : C:\HELP_DECRYPT.TXT
    File Deleted : C:\HELP_DECRYPT.URL
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\Public\Documents\HELP_DECRYPT.PNG
    File Deleted : C:\Users\Public\Documents\HELP_DECRYPT.TXT
    File Deleted : C:\Users\Public\Documents\HELP_DECRYPT.URL
    File Deleted : C:\Windows\System32\drivers\swdumon.sys
    File Deleted : C:\Users\Guest\HELP_DECRYPT.PNG
    File Deleted : C:\Users\Guest\HELP_DECRYPT.TXT
    File Deleted : C:\Users\Guest\HELP_DECRYPT.URL
    File Deleted : C:\Users\Guest\AppData\Local\HELP_DECRYPT.PNG
    File Deleted : C:\Users\Guest\AppData\Local\HELP_DECRYPT.TXT
    File Deleted : C:\Users\Guest\AppData\Local\HELP_DECRYPT.URL
    File Deleted : C:\Users\Guest\AppData\LocalLow\HELP_DECRYPT.PNG
    File Deleted : C:\Users\Guest\AppData\LocalLow\HELP_DECRYPT.TXT
    File Deleted : C:\Users\Guest\AppData\LocalLow\HELP_DECRYPT.URL
    File Deleted : C:\Users\Guest\AppData\Roaming\HELP_DECRYPT.PNG
    File Deleted : C:\Users\Guest\AppData\Roaming\HELP_DECRYPT.TXT
    File Deleted : C:\Users\Guest\AppData\Roaming\HELP_DECRYPT.URL
    File Deleted : C:\Users\Guest\Documents\HELP_DECRYPT.PNG
    File Deleted : C:\Users\Guest\Documents\HELP_DECRYPT.TXT
    File Deleted : C:\Users\Guest\Documents\HELP_DECRYPT.URL
    File Deleted : C:\Users\Neshaboo\HELP_DECRYPT.PNG
    File Deleted : C:\Users\Neshaboo\HELP_DECRYPT.TXT
    File Deleted : C:\Users\Neshaboo\HELP_DECRYPT.URL
    File Deleted : C:\Users\Neshaboo\AppData\LocalLow\HELP_DECRYPT.PNG
    File Deleted : C:\Users\Neshaboo\AppData\LocalLow\HELP_DECRYPT.TXT
    File Deleted : C:\Users\Neshaboo\AppData\LocalLow\HELP_DECRYPT.URL
    File Deleted : C:\Users\Neshaboo\Documents\HELP_DECRYPT.PNG
    File Deleted : C:\Users\Neshaboo\Documents\HELP_DECRYPT.TXT
    File Deleted : C:\Users\Neshaboo\Documents\HELP_DECRYPT.URL

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\apnwidgets.ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
    Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\WebProtect
    Key Deleted : HKCU\Software\UpdateFiles
    Key Deleted : HKCU\Software\SlimWare Utilities Inc
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\WebProtect
    Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
    Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\007go.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\26650.click.007go.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adbabylon.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\click.007go.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safefinder.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.safefinder.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.snapdo.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\snapdo.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.driverupdate.net
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.reimageplus.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.trovi.com
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17909

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

    -\\ Google Chrome v44.0.2403.130

    [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M5CC554CF-7DB1-4D01-BEA3-36395C1D2258&SearchSource=55&CUI=&UM=6&UP=SPD36F09A5-D122-4037-9773-A3B1E0B9446E&SSPV=NewSP218B_sp_ch
    [C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 7EC7BDC3FE3189380E34A1F77128C05A18FF6FC019AC8C107C4F07B8C82181BA"},"software_reporter":{"prompt_reason":"AC844712A2A4A6DAF9822EA39757EB9A41CCAC86D4E45E71BA7B387D848C6C8B","prompt_seed":"BAE1E94C930B0A813850EDC2F6A4ACCE877CB9510D3B84CBE1ED5FF4624CC969","prompt_version":"9B21ED82A97ED513C4B8D5E2D31793D75BEE3AE0138EBC0B9757ADE289DADD94"},"sync":{"remaining_rollback_tries":"254A3397CB49B936A78771AD04FD0D58C68D54A9DE1574EF269E0ABC68F6439D"}},"super_mac":"0A6AC91B2030D99B3F8B3D561D4A90D97E1255C4F166C63E3CF0455C74B1C039"},"session":{"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M5CC554CF-7DB1-4D01-BEA3-36395C1D2258&SearchSource=55&CUI=&UM=6&UP=SPD36F09A5-D122-4037-9773-A3B1E0B9446E&SSPV=NewSP218B_sp_ch

    *************************

    AdwCleaner[R0].txt - [14933 bytes] - [08/08/2015 12:35:29]
    AdwCleaner[S0].txt - [14297 bytes] - [08/08/2015 12:37:29]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14357 bytes] ##########
     
  16. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.5.5 (08.05.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Neshaboo on Sat 08/08/2015 at 19:38:46.23
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\Windows\system32\tasks\SlimCleaner Plus (Scheduled Scan - Neshaboo)
    Successfully deleted: [Task] C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Neshaboo).job



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\slimcleaner plus
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\SysWOW64\sho6321.tmp



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{15296B59-862B-43D4-B865-56D525C9DB91}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{29CC966B-9178-425E-8364-E0CF5082F4BF}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{368EAA7F-EAD8-4641-998E-F14279F78798}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{3BB452C9-D6A1-45A4-818A-483C95EF8976}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{3D80A55A-CEA0-4545-A174-1A624ED146A2}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{41F3A1F2-3329-406C-8ED7-2389EB041DB7}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{462F833D-9B1C-4118-881C-88C0276AC055}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{4A168880-BC00-43CF-A59C-E00B84F56419}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{581970CC-68FD-442B-B74C-D9A5CAD7A6AF}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{80374CF5-F8EE-4607-BAAC-8B706A0A7CBC}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{889B37F7-FDD4-4D56-B602-FECFD72430BA}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{9BAD7920-83FD-4D64-BDB8-6665CE428D16}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{9F114602-EAD8-405D-AE5A-1FC044D1FE3B}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{A11B144C-F7F1-4CA0-A76D-E9B3D5C06A9A}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{D7911230-46E5-4A79-B45C-51E78B4029EC}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{D799EE62-29D8-4332-8291-FD2875516D12}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{DA3FB2EB-501D-4B92-B74C-005E682D1ABA}
    Successfully deleted: [Empty Folder] C:\Users\Neshaboo\Appdata\Local\{F9A4FAD4-174D-4740-A50B-A916179B361E}
    Successfully deleted: [Folder] C:\Program Files\005
    Successfully deleted: [Folder] C:\ProgramData\google
    Successfully deleted: [Folder] C:\Users\Neshaboo\Appdata\Local\downloaded installers
    Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
    Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin



    ~~~ Chrome


    [C:\Users\Neshaboo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Neshaboo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Neshaboo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Neshaboo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 08/08/2015 at 19:42:44.98
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  18. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    So no matter what I do, I am getting the message "incompatible OS" wheneveri try to run combofix :(. Is that normal?
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Hmmm... it shouldn't be happening.
    In any case...

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  20. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
    Ran by Neshaboo (administrator) on NESHABOO-HP (11-08-2015 07:44:43)
    Running from C:\Users\Neshaboo\Desktop
    Loaded Profiles: Neshaboo & (Available Profiles: Neshaboo & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-06-10] (Synaptics Incorporated)
    HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-06-10] (IDT, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
    HKU\S-1-5-21-720022467-1087662642-2550357224-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
    HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    HKU\S-1-5-18\...\Run: [Exetender_135] => C:\Program Files (x86)\Verizon Games Player\GPlayer.exe [4892672 2010-12-05] (Exent Technologies Ltd.)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-02-20]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-02-20]
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-05-17]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
    ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
    ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
    ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)
    ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-11-09] (Versionate Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
    SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {762BF16C-D3AA-4FFD-843B-EA6633F99B61} URL = http://websearch.ask.com/redirect?c...pn_sauid=D59ECCFE-7C17-4A34-8BA4-B77722EE0ABD
    SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-08-04] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-04] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-08-04] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKU\S-1-5-21-720022467-1087662642-2550357224-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/Web...n&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-09-03] (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
    Tcpip\..\Interfaces\{24A37B02-85F7-46A1-B9B5-AC8490AD0C15}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll [2013-11-23] ()

    Chrome:
    =======
    CHR Profile: C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Neshaboo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
    S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-12-06] (CyberLink)
    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-17] (WildTangent)
    S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2013-11-27] (Belcarra Technologies) [File not signed]
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-10] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-06] ()
    R2 X5XSEx_Pr135; C:\Program Files (x86)\Verizon Games Player\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  21. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-11 07:44 - 2015-08-11 07:44 - 00000000 ____D C:\Users\Neshaboo\Desktop\FRST-OlderVersion
    2015-08-09 22:56 - 2015-08-09 22:57 - 05634368 ____R (Swearware) C:\Users\Neshaboo\Desktop\ComboFix.exe
    2015-08-09 22:49 - 2015-08-09 22:55 - 00001444 _____ C:\Users\Neshaboo\Desktop\Rkill.txt
    2015-08-09 22:43 - 2015-08-09 22:43 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Neshaboo\Desktop\rkill.exe
    2015-08-09 22:41 - 2015-08-09 22:58 - 00000000 ___SD C:\32788R22FWJFW
    2015-08-09 22:41 - 2015-08-09 22:41 - 00000000 ____D C:\Windows\erdnt
    2015-08-08 19:42 - 2015-08-08 19:42 - 00004005 _____ C:\Users\Neshaboo\Desktop\JRT.txt
    2015-08-08 12:49 - 2015-08-09 22:59 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForNeshaboo.job
    2015-08-08 12:49 - 2015-08-08 12:49 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNeshaboo
    2015-08-08 12:35 - 2015-08-08 12:37 - 00000000 ____D C:\AdwCleaner
    2015-08-08 12:34 - 2015-08-08 12:34 - 00030977 _____ C:\Users\Neshaboo\Desktop\malware.txt
    2015-08-08 12:12 - 2015-08-08 12:12 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\GWX
    2015-08-06 22:41 - 2015-08-07 09:41 - 00000000 ___SD C:\Windows\system32\GWX
    2015-08-06 22:41 - 2015-08-06 22:41 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-08-06 22:37 - 2015-08-08 12:38 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2015-08-06 22:37 - 2015-08-06 22:37 - 00001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-08-06 22:37 - 2015-08-06 22:37 - 00000991 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
    2015-08-06 22:37 - 2015-08-06 22:37 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\TeamViewer
    2015-08-06 21:45 - 2015-08-06 21:46 - 08096648 _____ (TeamViewer GmbH) C:\Users\Neshaboo\Downloads\TeamViewer_Setup_en.exe
    2015-08-06 21:29 - 2015-08-06 21:29 - 00010280 _____ C:\Users\Neshaboo\Desktop\RKreport.txt
    2015-08-06 21:25 - 2015-08-10 06:09 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-08-06 21:25 - 2015-08-06 21:25 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-08-06 21:25 - 2015-08-06 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-08-06 21:24 - 2015-08-06 21:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-08-06 21:24 - 2015-08-06 21:24 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-08-06 21:24 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-08-06 21:24 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-08-06 21:24 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-08-06 21:17 - 2015-08-06 21:31 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-08-06 21:17 - 2015-08-06 21:17 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-08-06 21:16 - 2015-08-06 21:16 - 18718280 _____ C:\Users\Neshaboo\Desktop\RogueKiller.exe
    2015-08-06 21:16 - 2015-08-06 21:16 - 02248704 _____ C:\Users\Neshaboo\Desktop\adwcleaner_4.208.exe
    2015-08-06 21:16 - 2015-08-06 21:16 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Neshaboo\Desktop\JRT.exe
    2015-08-04 15:39 - 2015-07-25 14:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-08-04 15:39 - 2015-07-25 14:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-08-04 15:39 - 2015-07-25 14:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-08-04 15:39 - 2015-07-25 14:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-08-04 15:39 - 2015-07-25 14:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-08-04 15:39 - 2015-07-25 14:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-08-04 15:39 - 2015-07-25 14:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-08-04 15:39 - 2015-07-25 13:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-08-04 10:53 - 2015-08-04 11:06 - 00047877 _____ C:\Users\Neshaboo\Desktop\Addition.txt
    2015-08-04 10:50 - 2015-08-11 07:44 - 00022735 _____ C:\Users\Neshaboo\Desktop\FRST.txt
    2015-08-04 10:50 - 2015-08-11 07:44 - 00000000 ____D C:\FRST
    2015-08-04 10:43 - 2015-08-04 10:43 - 00001945 _____ C:\Windows\epplauncher.mif
    2015-08-04 10:42 - 2015-08-04 10:42 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-08-04 10:42 - 2015-08-04 10:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2015-08-04 10:42 - 2015-08-04 10:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2015-08-04 10:38 - 2015-08-04 10:38 - 14243008 _____ (Microsoft Corporation) C:\Users\Neshaboo\Downloads\mseinstall64.exe
    2015-08-04 10:37 - 2015-08-11 07:44 - 02171392 _____ (Farbar) C:\Users\Neshaboo\Desktop\FRST64.exe
    2015-08-04 10:35 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-08-04 10:35 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-08-04 10:35 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-08-04 10:35 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-08-04 10:35 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-08-04 10:35 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-08-04 10:35 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-08-04 10:35 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-08-04 10:35 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-08-04 10:35 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-08-04 10:29 - 2015-08-04 10:30 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Neshaboo\Desktop\mbam-setup-2.1.8.1057.exe
    2015-07-15 20:13 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-07-15 20:13 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-07-15 19:44 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2015-07-15 19:44 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
    2015-07-15 19:44 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-07-15 19:44 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-07-15 19:44 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-07-15 19:44 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-07-15 19:43 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-07-15 19:43 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-07-15 19:43 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-07-15 19:43 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-07-15 19:43 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-07-15 19:43 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-07-15 19:43 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-07-15 19:43 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-07-15 19:43 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-07-15 19:42 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-07-15 19:42 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-07-15 19:42 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-07-15 19:42 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-07-15 19:42 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-07-15 19:42 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-07-15 19:42 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-07-15 19:42 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-07-15 19:42 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-07-15 19:42 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-07-15 19:42 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-07-15 19:42 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-07-15 19:42 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-07-15 19:42 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-07-15 19:42 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-07-15 19:42 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-07-15 19:42 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-07-15 19:42 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-07-15 19:42 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-07-15 19:42 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-07-15 19:42 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-07-15 19:42 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-07-15 19:42 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-07-15 19:42 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-07-15 19:42 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-07-15 19:42 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-07-15 19:42 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-07-15 19:42 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-07-15 19:42 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-07-15 19:42 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-07-15 19:42 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-07-15 19:42 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-07-15 19:42 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-07-15 19:42 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-07-15 19:42 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-07-15 19:42 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-07-15 19:42 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-07-15 19:42 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-07-15 19:42 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-07-15 19:42 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-07-15 19:41 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-07-15 19:41 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-07-15 19:41 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-07-15 19:41 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-07-15 19:41 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-07-15 19:41 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-07-15 19:41 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-07-15 19:41 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-07-15 19:41 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-07-15 19:41 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-07-15 19:41 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-07-15 19:41 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-07-15 19:41 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-07-15 19:41 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-07-15 19:41 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-07-15 19:41 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-07-15 19:41 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-07-15 19:41 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-07-15 19:41 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-07-15 19:41 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-07-15 19:41 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-07-15 19:41 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-07-15 19:41 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-07-15 19:41 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-07-15 19:41 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-07-15 19:41 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-07-15 19:41 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-07-15 19:41 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-07-15 19:41 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-07-15 19:41 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-07-15 19:41 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-07-15 19:41 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-07-15 19:41 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-07-15 19:41 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-07-15 19:41 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-07-15 19:41 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-07-15 19:41 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-07-15 19:41 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-07-15 19:41 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-07-15 19:41 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-07-15 19:41 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-07-15 19:41 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-07-15 19:41 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-07-15 19:41 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-07-15 19:41 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-07-15 19:41 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-07-15 19:41 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-07-15 19:41 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-07-15 19:41 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-07-15 19:41 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-07-15 19:41 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-07-15 19:41 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-07-15 19:41 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-07-15 19:41 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-07-15 19:41 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-07-15 19:41 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-07-15 19:41 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-07-15 19:41 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-07-15 19:41 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-07-15 19:41 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-07-15 19:41 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-07-15 19:41 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-07-15 19:41 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-07-15 19:41 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-07-15 19:41 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-07-15 19:41 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-07-15 19:41 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-07-15 19:40 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2015-07-15 19:40 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2015-07-15 19:40 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-07-15 19:40 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-07-15 19:40 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-07-15 19:40 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-07-15 19:40 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-07-15 19:40 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-07-15 19:40 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-07-15 19:40 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-07-15 19:40 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-07-15 19:40 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2015-07-15 19:39 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-07-15 19:39 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-07-15 19:39 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-07-15 19:39 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-07-15 19:39 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-07-15 19:39 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-07-15 19:39 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-07-15 19:39 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-07-15 19:39 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-07-15 19:39 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-07-15 19:39 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-07-15 19:39 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-07-15 19:39 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-07-15 19:39 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-07-15 19:39 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-07-15 19:39 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-07-15 19:39 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-07-15 19:39 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-07-15 19:39 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-07-15 19:39 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-07-15 19:39 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-07-15 19:39 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-07-15 19:39 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-07-15 19:39 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-07-15 19:39 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2015-07-15 19:39 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2015-07-15 19:39 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2015-07-15 19:39 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2015-07-15 19:39 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-07-15 19:39 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2015-07-15 19:39 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2015-07-15 19:39 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2015-07-15 19:39 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2015-07-15 19:39 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-07-15 19:39 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-07-15 19:39 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-07-15 19:39 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-07-15 19:38 - 2015-06-03 16:17 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-07-15 19:38 - 2015-06-03 16:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-07-15 19:38 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
    2015-07-15 19:38 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-07-15 19:38 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-07-15 19:38 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-07-15 19:37 - 2015-07-15 19:37 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2015-07-15 19:37 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-07-15 19:37 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-07-15 19:37 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-07-15 19:37 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-07-15 19:37 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-07-15 19:37 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-07-15 19:37 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-07-15 19:21 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-07-15 19:21 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-07-15 19:21 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-07-15 19:15 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-07-15 19:15 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-07-15 19:01 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-07-15 19:01 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-07-15 19:01 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-07-15 19:01 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-07-15 19:00 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-07-15 19:00 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-07-15 19:00 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-07-15 19:00 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-07-15 19:00 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-07-15 19:00 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-07-15 19:00 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-07-15 19:00 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-07-15 19:00 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-07-15 19:00 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-07-15 19:00 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-07-15 19:00 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-07-15 19:00 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-07-15 19:00 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-07-15 18:59 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-07-15 18:59 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-07-15 18:59 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-07-15 18:59 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-07-15 18:59 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-07-15 18:59 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-07-15 18:59 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-07-15 18:59 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-07-15 18:59 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-07-15 18:59 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-07-15 18:59 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-07-15 18:59 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-07-15 18:59 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-07-15 18:58 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-07-15 18:58 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-07-15 18:51 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-07-15 18:51 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-07-15 18:39 - 2015-07-15 18:39 - 00000000 ____D C:\Program Files (x86)\GUM25DC.tmp
    2015-07-15 18:39 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-07-15 18:39 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-07-15 18:39 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-07-15 18:39 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
     
  22. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-11 07:44 - 2014-01-26 14:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-08-11 07:43 - 2014-01-26 14:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-08-11 07:43 - 2012-11-14 15:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-08-10 07:12 - 2011-02-20 05:38 - 01273204 _____ C:\Windows\WindowsUpdate.log
    2015-08-10 06:46 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-08-10 06:46 - 2009-07-14 00:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-08-09 22:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-08-09 22:59 - 2009-07-14 00:51 - 00074242 _____ C:\Windows\setupact.log
    2015-08-09 19:51 - 2012-03-09 09:27 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{56CD31B4-BB90-4A70-A0F1-FA3D0FBFD449}
    2015-08-08 12:37 - 2014-09-30 09:19 - 00001060 _____ C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
    2015-08-08 12:37 - 2012-11-05 23:54 - 00000000 ____D C:\Users\Guest
    2015-08-08 12:37 - 2011-04-28 00:52 - 00000000 ____D C:\Users\Neshaboo
    2015-08-08 12:10 - 2011-04-28 00:59 - 00113496 _____ C:\Users\Neshaboo\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-08-08 12:10 - 2011-02-20 05:43 - 00326776 _____ C:\Windows\PFRO.log
    2015-08-07 20:51 - 2009-09-06 21:57 - 00000000 ____D C:\Windows\Panther
    2015-08-07 20:46 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
    2015-08-06 22:45 - 2009-07-14 00:45 - 00443360 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-08-06 22:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-08-06 22:41 - 2014-05-07 15:43 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-08-06 21:58 - 2014-01-26 14:30 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\Google
    2015-08-06 21:58 - 2013-03-09 23:04 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\HP
    2015-08-06 21:58 - 2011-05-26 04:50 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\Microsoft Games
    2015-08-06 21:58 - 2011-04-28 00:53 - 00000000 ____D C:\Users\Neshaboo\AppData\Local\Hewlett-Packard
    2015-08-06 21:57 - 2014-04-30 19:04 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
    2015-08-06 21:57 - 2013-05-16 12:34 - 00000000 ____D C:\Users\Guest\AppData\Local\Microsoft Games
    2015-08-06 21:38 - 2014-09-30 22:16 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Blio
    2015-08-06 21:38 - 2012-09-07 01:13 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\ooVoo Details
    2015-08-06 21:38 - 2012-09-07 01:00 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Skype
    2015-08-06 21:38 - 2012-06-28 00:00 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Funlinker
    2015-08-06 21:38 - 2012-01-13 19:05 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Casual Arts
    2015-08-06 21:38 - 2011-05-24 21:24 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\PlayFirst
    2015-08-06 21:38 - 2011-05-10 03:17 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\iWing
    2015-08-06 21:38 - 2011-04-28 01:37 - 00000000 ____D C:\Users\Neshaboo\AppData\Roaming\Adobe
    2015-08-06 21:37 - 2012-11-06 11:40 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype
    2015-08-06 21:35 - 2012-11-06 11:28 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
    2015-08-06 21:35 - 2011-01-09 05:52 - 00000000 ____D C:\ProgramData\Macrovision
    2015-08-06 21:34 - 2013-12-27 19:43 - 00000000 ____D C:\ProgramData\Leapfrog
    2015-08-06 21:34 - 2013-03-09 23:21 - 00000000 ____D C:\ProgramData\HP
    2015-08-06 21:34 - 2011-04-29 23:04 - 00000000 ____D C:\ProgramData\GoBit Games
    2015-08-06 21:34 - 2011-01-09 06:00 - 00000000 ____D C:\ProgramData\Hewlett-Packard
    2015-08-06 21:33 - 2011-07-26 09:09 - 00000000 ____D C:\ProgramData\mpbptm
    2015-08-06 21:33 - 2011-07-25 20:42 - 00000000 ____D C:\ProgramData\McAfee
    2015-08-06 21:33 - 2011-01-09 05:53 - 00000000 ____D C:\ProgramData\Sonic
    2015-08-06 21:32 - 2014-09-18 23:47 - 00000000 ____D C:\ProgramData\BlueStacksSetup
    2015-08-06 21:32 - 2014-01-17 02:59 - 00000000 ____D C:\ProgramData\BlueStacks
    2015-08-06 21:16 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-08-06 21:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
    2015-08-04 16:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2015-08-04 15:53 - 2014-01-26 14:31 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-08-04 11:20 - 2014-06-22 00:14 - 00000000 ____D C:\Users\Neshaboo\Desktop\baby shower games
    2015-08-04 11:20 - 2014-04-03 14:39 - 00000000 ____D C:\Users\Neshaboo\Desktop\CAR PAYMENTS
    2015-08-04 11:19 - 2013-10-12 22:40 - 00000000 ____D C:\Users\Neshaboo\Desktop\South university Graduate Work
    2015-08-04 11:19 - 2013-08-13 13:09 - 00000000 ____D C:\Users\Neshaboo\Desktop\myliyah school payments
    2015-08-04 11:19 - 2013-01-13 00:07 - 00000000 ____D C:\Users\Neshaboo\Documents\ASHLEY
    2015-08-04 11:06 - 2014-12-18 00:34 - 00000000 ____D C:\Users\Neshaboo\Documents\MARY
    2015-08-04 11:06 - 2014-11-17 02:21 - 00000000 ____D C:\Users\Neshaboo\Documents\ELINIDA
    2015-08-04 11:06 - 2014-10-04 15:59 - 00000000 ____D C:\Users\Neshaboo\Documents\JAYDEN
    2015-08-04 11:06 - 2013-06-28 17:46 - 00000000 ____D C:\Users\Neshaboo\Documents\Malik
    2015-08-04 11:06 - 2013-01-07 00:26 - 00000000 ____D C:\Users\Neshaboo\Documents\KATHLEEN
    2015-08-04 11:06 - 2012-06-02 03:47 - 00000000 ____D C:\Users\Neshaboo\Documents\KEYPRO DOCS
    2015-08-04 11:06 - 2011-10-15 21:31 - 00000000 ____D C:\Users\Neshaboo\Documents\CyberLink
    2015-08-04 11:06 - 2011-09-25 13:48 - 00000000 ____D C:\Users\Neshaboo\Documents\JAMIE
    2015-08-04 11:06 - 2011-08-02 12:25 - 00000000 ____D C:\Users\Neshaboo\Documents\JASMYNE
    2015-08-04 11:06 - 2011-07-03 03:25 - 00000000 ____D C:\Users\Neshaboo\Documents\JOSHUA
    2015-08-04 11:06 - 2011-06-09 20:26 - 00000000 ____D C:\Users\Neshaboo\Documents\GREG
    2015-08-04 11:06 - 2011-05-12 23:58 - 00000000 ____D C:\Users\Neshaboo\Documents\LISA
    2015-08-04 11:06 - 2011-05-12 23:58 - 00000000 ____D C:\Users\Neshaboo\Documents\JUSTINA
    2015-08-04 11:06 - 2011-05-12 23:57 - 00000000 ____D C:\Users\Neshaboo\Documents\JASMINE
    2015-08-04 11:06 - 2011-05-12 23:57 - 00000000 ____D C:\Users\Neshaboo\Documents\ELLEN
    2015-08-04 11:06 - 2011-05-12 23:57 - 00000000 ____D C:\Users\Neshaboo\Documents\DAUNECIA
    2015-08-04 11:06 - 2011-05-12 23:56 - 00000000 ____D C:\Users\Neshaboo\Documents\GLORIA
    2015-08-04 11:05 - 2014-01-03 00:52 - 00000000 ____D C:\Users\Neshaboo\Documents\NIA
    2015-08-04 11:05 - 2013-11-03 13:33 - 00000000 ____D C:\Users\Neshaboo\Documents\NCG group work
    2015-08-04 11:05 - 2013-03-18 00:44 - 00000000 ____D C:\Users\Neshaboo\Documents\RANI
    2015-08-04 11:05 - 2012-11-11 12:51 - 00000000 ____D C:\Users\Neshaboo\Documents\SHARNEATHE
    2015-08-04 11:05 - 2012-09-23 15:54 - 00000000 ____D C:\Users\Neshaboo\Documents\STEPHANIE
    2015-08-04 11:05 - 2012-08-11 15:28 - 00000000 ____D C:\Users\Neshaboo\Documents\NICOLE
    2015-08-04 11:05 - 2012-05-23 20:16 - 00000000 ____D C:\Users\Neshaboo\Documents\SHAWNTANESE
    2015-08-04 11:05 - 2012-04-07 00:14 - 00000000 ____D C:\Users\Neshaboo\Documents\Youcam
    2015-08-04 11:05 - 2012-03-21 22:12 - 00000000 ____D C:\Users\Neshaboo\Documents\SHANTA
    2015-08-04 11:05 - 2012-03-05 01:12 - 00000000 ____D C:\Users\Neshaboo\Documents\NESHA
    2015-08-04 11:05 - 2011-12-20 01:53 - 00000000 ____D C:\Users\Neshaboo\Documents\xmas
    2015-08-04 11:05 - 2011-06-17 09:50 - 00000000 ____D C:\Users\Neshaboo\Documents\online bills
    2015-08-04 11:05 - 2011-05-12 23:58 - 00000000 ____D C:\Users\Neshaboo\Documents\SHAUNICA
    2015-08-04 11:05 - 2011-05-08 04:18 - 00000000 ____D C:\Users\Neshaboo\Documents\projected hrs NCG
    2015-08-04 10:54 - 2014-03-11 15:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2015-08-01 10:19 - 2014-11-13 04:09 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieBrowserModeList
    2015-08-01 10:19 - 2014-04-14 21:59 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieUserList
    2015-08-01 10:19 - 2014-04-14 21:59 - 00000000 __SHD C:\Users\Neshaboo\AppData\Local\EmieSiteList
    2015-08-01 10:19 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
    2015-08-01 10:05 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
    2015-08-01 10:04 - 2014-12-14 04:15 - 00000000 ____D C:\Windows\system32\appraiser
    2015-08-01 10:03 - 2014-01-26 14:31 - 00000000 ____D C:\Program Files\Google
    2015-08-01 10:03 - 2014-01-26 14:30 - 00000000 ____D C:\Program Files (x86)\Google
    2015-07-15 20:28 - 2011-04-28 18:49 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-07-15 20:12 - 2013-03-16 03:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-07-15 20:11 - 2013-03-16 03:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-07-15 20:11 - 2013-03-16 03:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-07-15 20:10 - 2013-07-17 23:16 - 00000000 ____D C:\Windows\system32\MRT
    2015-07-15 19:37 - 2012-11-14 15:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-07-15 19:37 - 2012-11-14 15:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-07-15 19:37 - 2011-08-07 12:36 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-07-15 19:03 - 2011-01-09 05:55 - 00000000 ____D C:\Program Files (x86)\Windows Live
    2015-07-15 18:45 - 2014-01-26 14:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-07-15 18:45 - 2014-01-26 14:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    Some files in TEMP:
    ====================
    C:\Users\Neshaboo\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Neshaboo\AppData\Local\Temp\Quarantine.exe
    C:\Users\Neshaboo\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-08-04 16:35

    ==================== End of log ============================
     
  23. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I still need Addition.txt log.
     
  24. lemowill

    lemowill TS Enthusiast Topic Starter Posts: 126

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
    Ran by Neshaboo (2015-08-11 21:15:39)
    Running from C:\Users\Neshaboo\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-720022467-1087662642-2550357224-500 - Administrator - Disabled)
    Guest (S-1-5-21-720022467-1087662642-2550357224-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-720022467-1087662642-2550357224-1002 - Limited - Enabled)
    Neshaboo (S-1-5-21-720022467-1087662642-2550357224-1000 - Administrator - Enabled) => C:\Users\Neshaboo

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
    Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Burger Shop 2™ (HKLM-x32\...\exent_645450) (Version: - )
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cases of Stolen Beauty (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Christmas Wonderland (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3525 - CyberLink Corp.)
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4814 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3609 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Department 42: The Mystery of the Nine (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    Family Vacation: California (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version: - Zecter Inc.)
    HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
    HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Documentation (HKLM-x32\...\{0C107330-16DF-4D39-AA74-0E5448AED9E8}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
    HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    I SPY Treasure Hunt (x32 Version: 2.2.0.97 - WildTangent) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
    Inbetween Land (x32 Version: 3.0.2.51 - WildTangent) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
    Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3429 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3429 - CyberLink Corp.) Hidden
    LeapFrog LeapReader Plugin (x32 Version: 5.2.4.18512 - LeapFrog) Hidden
    LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-720022467-1087662642-2550357224-1000\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Nancy Drew: Secrets Can Kill Remastered (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.35 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4725 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4725 - CyberLink Corp.) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    Snark Busters 3: High Society (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45471 - TeamViewer)
    The Fog (x32 Version: 3.0.2.59 - WildTangent) Hidden
    The Lost Cases of Sherlock Holmes 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version: - LeapFrog)
    Verizon Games Player (HKLM-x32\...\{A7DDBA41-E56C-4654-9AB2-C8187E3F2C27}) (Version: - )
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
    WebIQ Technology Engine (HKLM-x32\...\{31F039C7-DF16-4FCC-85AE-68E68352D2B2}) (Version: 1.7.1114 - Usability Sciences Corporation)
    Weird Park: Broken Tune (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-720022467-1087662642-2550357224-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    04-08-2015 10:23:35 Windows Update
    04-08-2015 17:51:56 Software Removal Tool
    06-08-2015 22:40:31 Windows Update
    08-08-2015 19:38:50 JRT Pre-Junkware Removal
    10-08-2015 06:43:35 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2015-08-06 00:51 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {15217754-BF21-497A-AF48-25CCC4EBD9B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
    Task: {153B3946-3819-4C13-9075-6DA98BF9EF92} - System32\Tasks\{3B14636D-5FDA-48FF-8FB3-E97C22CB0F7E} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    Task: {171F9109-F9DA-42BA-A15C-E8A2468D8CCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
    Task: {44012427-6770-48F9-B81C-77E1BBC077F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
    Task: {578D75BC-05E9-4212-A0A1-3AB5F3139BD1} - System32\Tasks\HP AR Program Upload - baf9a344280e45d08081662302573919bc7c06020fab43629b1abf48c628606d => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {6666C4D7-04E6-4262-B536-492F7CA75125} - System32\Tasks\HP AR Program Upload - e7686d6754a54044ac830d08a6c86ab8a8594926fded4dfca8f7303591da2bf7 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {73D1BF56-F620-4D74-AD38-10B94C9CD917} - System32\Tasks\HP AR Program Upload - 7e18934b81cb4b93b008770d06d1629824b5c61632e24ae6aeba3948b76d49f8 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {77A744A8-7F99-42DD-918E-904ACDEC2F02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
    Task: {7C864BDD-2135-4A59-AB67-55DFA5BE0126} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {7D6F2967-4CC1-42C1-96AF-4DFCB24F8812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
    Task: {8845D76B-BCF3-4C82-AFC8-4D1A6C28C9F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {8A356F31-450B-4646-AD62-91D06892EFF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {8D97317C-AE08-49D8-B23A-6B930C2E0A57} - System32\Tasks\HP AR Program Upload - 7e6a3e70bd4242cda7017a70eed11a1a1a66478c86134afe952181005e18c563 => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {944FF85D-A193-4195-88FE-49BF80A6B762} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
    Task: {A6FC653D-E61B-4AAE-A0B9-FC5BB471AAB4} - System32\Tasks\HP AR Program Upload - 1ac898481ec845ddb78da7e6335898d398451f13e90b4f64b1ffed57ad5eadfe => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {AD258926-8628-4527-B524-B07D50B7A72F} - System32\Tasks\HPCeeScheduleForNeshaboo => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {B23102A2-E0E8-4074-A78B-8377CC64D47F} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {B28CFF47-1E15-4022-9A47-1406169E9ADF} - System32\Tasks\{E7B58D99-4F3C-49AA-BB2E-135811BE89F0} => pcalua.exe -a "C:\Program Files (x86)\Verizon Games Player\Uninstall.exe"
    Task: {B55D2396-49EA-4EAD-B40E-ECCEF88D8BFB} - System32\Tasks\{D4B7C16E-2B81-4288-8611-82DB39965C64} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    Task: {D2D33CF4-ED3E-481F-B6B7-49ECE8D58817} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-12-11] (CyberLink)
    Task: {DE73B2F0-FB23-46FD-B26D-1F378267A77F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {EA1CC361-C3E0-473C-BF23-6699CBC219F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {ED260611-6F26-45D2-9C05-F3B3733B2152} - System32\Tasks\{ED962435-FD06-416F-9C70-1159E0F3E9C0} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    Task: {F65997B1-6EC4-4998-828B-F03FA3BC900C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-08-04] (Microsoft Corporation)
    Task: {F8F3DE14-AD82-4C94-9472-F15F701D1C51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForNeshaboo.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-03-11 15:18 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2010-07-21 18:33 - 2010-07-21 18:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
    2014-11-19 00:12 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2010-07-29 23:39 - 2010-07-29 23:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
    2010-12-08 14:55 - 2010-12-08 14:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2010-07-21 18:33 - 2010-07-21 18:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
    2010-07-21 18:33 - 2010-07-21 18:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
    2014-10-22 19:33 - 2014-10-22 19:33 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
    2011-02-20 05:35 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2010-11-22 18:00 - 2010-11-22 18:00 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    2010-11-22 18:00 - 2010-11-22 18:00 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    2010-11-22 18:00 - 2010-11-22 18:00 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2014-11-19 00:10 - 2014-11-19 00:10 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2015-08-04 15:52 - 2015-07-31 02:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
    2015-08-04 15:52 - 2015-07-31 02:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
    2015-08-04 15:52 - 2015-07-31 02:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-720022467-1087662642-2550357224-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Neshaboo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 68.105.28.11 - 68.105.29.11
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D6D334A1-795D-4D28-9E95-5BB4AB6A9FDB}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{DD0BB6D1-83CC-4CFF-AEDB-D7827BC946B1}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
    FirewallRules: [{8E526251-143C-4534-89BC-4CAD045FA589}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{7F45E489-EEBA-4E82-9A82-2EBEA63E61EE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{96B0D824-04F5-47B1-9DC8-F1CFA71E0461}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{C86EBE37-B6DF-4FE5-9223-D6B476A23436}] => (Allow) LPort=2869
    FirewallRules: [{5AF2DF68-743D-43B3-87AE-6814D15DCA52}] => (Allow) LPort=1900
    FirewallRules: [{7C9C6D48-825D-423A-B138-34DA1695DB97}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{9FB0E4CB-CAFC-4354-ACBE-8D386E075A97}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{29EDA64A-5A0B-4AB3-B01B-3897977B7BA2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    FirewallRules: [{EF959CFD-3727-480E-9ED3-93C5CC0F4107}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    FirewallRules: [{2D26D779-C688-4FC8-8DC1-CECD444AD4F2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
    FirewallRules: [TCP Query User{89A3BEEA-7323-4B0C-B086-61590CE8E2E9}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [UDP Query User{B4BD1E27-AC5D-47F3-9245-6EAC6CA5D4E8}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [{E4E4E7F1-4496-481B-B430-584953D470AF}] => (Allow) LPort=443
    FirewallRules: [{216AA462-61AD-4421-AE98-2E6B0B192C50}] => (Allow) LPort=443
    FirewallRules: [{39FE1071-A14E-4E22-8584-25712ED26017}] => (Allow) LPort=37674
    FirewallRules: [{8F189678-5155-489B-B4AB-258315C094E3}] => (Allow) LPort=37674
    FirewallRules: [{45349DEB-7CDF-4BC5-BDE9-A3E62220FFF6}] => (Allow) LPort=37675
    FirewallRules: [TCP Query User{139DFFBC-1CC8-4513-B65D-FA5A0C6D8B12}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [UDP Query User{E44FBF13-9DCD-445D-A5FE-C6E07FA2B4BF}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [{8DDEE566-636C-4E66-B0A5-74C18C86FBDA}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
    FirewallRules: [{3C9A2EB5-0699-47C2-ADEA-D6EF8EC13C3C}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
    FirewallRules: [TCP Query User{E5D3A398-A13C-444A-94D6-A92C2EBA8648}C:\program files (x86)\tango\tango.exe] => (Block) C:\program files (x86)\tango\tango.exe
    FirewallRules: [UDP Query User{EC433D7C-FF32-4D0A-BD5B-961082A2A499}C:\program files (x86)\tango\tango.exe] => (Block) C:\program files (x86)\tango\tango.exe
    FirewallRules: [{91AE8FC2-5E12-49A2-AC94-ECF1D7991B4A}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
    FirewallRules: [{1B942E25-0E89-420D-9657-B276A65120EB}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{EEB6CA6F-4C12-4480-A3D4-4D4FF72430EA}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{F09BC73F-5A49-49B2-B7D3-20871A9F9984}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{23F8B979-D326-4F20-BB5D-FD45668514C5}] => (Allow) C:\Users\Neshaboo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{29133CE9-206E-4278-97B3-E82EB52D90DA}] => (Allow) C:\Users\Neshaboo\AppData\Local\Temp\7zS2156.tmp\SymNRT.exe
    FirewallRules: [{E3175C05-A110-4118-9F0B-BE134694C8EB}] => (Allow) C:\Users\Neshaboo\AppData\Local\Temp\7zS2156.tmp\SymNRT.exe
    FirewallRules: [{4EEAE3D9-9677-4E48-81BD-CCE3AA2BF523}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{D0585044-54FE-4001-AC3E-B2D6A6B8AE79}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{2609BBB3-26FE-4C9F-BC4E-38047A21B3C7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{28553DCA-8084-480C-9AAC-D50967AE26DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{75B0F16A-5C68-4690-B58C-FCB301C9C59A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{C984FA22-79E8-42F7-90F3-1B3F91322167}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{F7E36CCE-3B75-4381-A117-5643A595077B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C82CB15F-9DB6-40FF-A0B0-1C26CC2C8793}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service Compatibility Verify since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service Protect Monitor since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service cyycfhtzro64 since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service AllDaySavingsService64 since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (08/04/2015 05:56:10 PM) (Source: AllDaySavingsService64) (EventID: 1) (User: )
    Description: AllDaySavingsService64SvcInit, failed to connect to driver, status: -1
    failed with 2

    Error: (08/04/2015 05:52:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary netfilter64.

    System Error:
    The system cannot find the file specified.
    .

    Error: (08/04/2015 10:43:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936

    Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

    Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

    Error: (08/01/2015 10:14:07 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: compatibilitycheck.exe, version: 0.0.0.0, time stamp: 0x54bd82c9
    Faulting module name: compatibilitycheck.exe, version: 0.0.0.0, time stamp: 0x54bd82c9
    Exception code: 0xc0000005
    Fault offset: 0x0009587e
    Faulting process id: 0x200
    Faulting application start time: 0xcompatibilitycheck.exe0
    Faulting application path: compatibilitycheck.exe1
    Faulting module path: compatibilitycheck.exe2
    Report Id: compatibilitycheck.exe3


    System errors:
    =============
    Error: (08/11/2015 07:55:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

    Error: (08/10/2015 06:44:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

    Error: (08/09/2015 11:01:58 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The McAfee Home Network service depends the following service: MfeFire. This service might not be installed.

    Error: (08/09/2015 10:59:49 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The McAfee Proxy Service service depends the following service: MfeFire. This service might not be installed.

    Error: (08/09/2015 10:56:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/09/2015 10:56:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/09/2015 10:56:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/09/2015 10:56:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/09/2015 10:56:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (08/09/2015 10:56:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068


    Microsoft Office:
    =========================
    Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Details:
    AddWin32ServiceFiles: Unable to back up image of service Compatibility Verify since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.

    Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Details:
    AddWin32ServiceFiles: Unable to back up image of service Protect Monitor since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.

    Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Details:
    AddWin32ServiceFiles: Unable to back up image of service cyycfhtzro64 since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.

    Error: (08/06/2015 10:40:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Details:
    AddWin32ServiceFiles: Unable to back up image of service AllDaySavingsService64 since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.

    Error: (08/04/2015 05:56:10 PM) (Source: AllDaySavingsService64) (EventID: 1) (User: )
    Description: AllDaySavingsService64SvcInit, failed to connect to driver, status: -1
    failed with 2

    Error: (08/04/2015 05:52:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Details:
    AddLegacyDriverFiles: Unable to back up image of binary netfilter64.

    System Error:
    The system cannot find the file specified.

    Error: (08/04/2015 10:43:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -2143485936

    Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

    Error: (08/04/2015 10:43:01 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
    Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {7F01A3F9-D58B-4A38-BF82-959680B44C68}

    Error: (08/01/2015 10:14:07 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: compatibilitycheck.exe0.0.0.054bd82c9compatibilitycheck.exe0.0.0.054bd82c9c00000050009587e20001d0cc63f9cddd51C:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Neshaboo\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe91a647ea-3857-11e5-b9cb-cc52af6b1fdb


    CodeIntegrity:
    ===================================
    Date: 2015-08-08 03:37:00.666
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-08 03:36:24.896
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-08 00:24:19.876
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-08 00:23:39.472
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-07 04:54:32.997
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-07 04:54:00.892
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-07 00:07:23.563
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-07 00:06:38.057
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-06 23:18:43.222
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-06 23:17:09.996
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
    Percentage of memory in use: 58%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 1599.75 MB
    Total Virtual: 7785.93 MB
    Available Virtual: 4878.1 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:450.82 GB) (Free:364.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.64 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F4AEA3A7)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=450.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End of log ============================
     
  25. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...