Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Please help with virus removal

This is a discussion on Please help with virus removal within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello –I have a virus (or 2 or 3) on my computer. It could have come from a video game


 
 
Thread Tools Search this Thread
Old 07-19-2015, 01:45 PM   #1
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: windows 7



Hello –I have a virus (or 2 or 3) on my computer. It could have come from a video game (minecraft) add-on download, from my son who won’t listen to me about downloading, or from maybe Adobe flash? I ran my virus scan several times, Avira, and each time it found something – Adware Gen 7 was one. I ran trend micro free scan several times and each time it found something.
I tried to fix it myself. I uninstalled every application added on my computer since when it messed up (some would come back). I read some online, and I downloaded and used Malwarebytes, then Junkware removal tool, then adwcleaner. Then I started to worry that I could have caused damage using these tools, without checking what it was deleting, because it may delete something critical to running the computer. So then decided to use System Restore, and it wouldn’t work – a file was not accessed. I tried several things with my virus protection, trying to disable it, trying it in safe mode, then removing it all together, and it still didn’t work. Looking more online, I read that system restore is not a good idea for viruses. I tried to re-install Avira virus protection today, and it installed but it’s not working. Real time protection won’t turn on, and it won’t scan.
I’ve done the dds scan, and I probably have the windows install discs somewhere (but I hope it doesn’t come to that).
I realize I can’t do this myself, I need yall’s expertise. I won't do any more on my own. Please help! Thank you so much.

Here is the dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.25.2
Run by Wilson at 15:33:41 on 2015-07-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16384.13080 [GMT -4:00]
.
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\Updatesvc.exe
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Antivirus\avguard.exe
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
C:\Program Files (x86)\Avira\Antivirus\sched.exe
c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Wilson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Wilson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\sppsvc.exe
C:\Users\Wilson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Wilson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Avira\Antivirus\avwsc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/search?pc=COSP&ptag=AA07624EB759D4009A9F&form=CONMHP&conlogo=CT3210127
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Google Update] "C:\Users\Wilson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
uRunOnce: [Application Restart #4] C:\Users\Wilson\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
mRun: [Avira Systray] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
dRunOnce: [!DefaultPack] "C:\Program Files (x86)\Microsoft\DefaultPack\DefaultPack.EXE" /c:"DefaultPack.exe partner=p001 comb=5"
StartupFolder: C:\Users\Wilson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Wilson\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.2.1 192.168.1.254 192.168.1.254
TCP: Interfaces\{BFF165AC-45CF-498E-BCF6-443D696E37FA} : DHCPNameServer = 192.168.2.1 192.168.1.254 192.168.1.254
TCP: Interfaces\{E3275E5F-51DB-4DD1-9B8B-279A2F530CBE} : DHCPNameServer = 192.168.2.1 192.168.1.254 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://www.google.com
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: {3c9ce603-44cc-4997-a166-239e6186c6ef} - <orphaned>
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [pcreg] C:\Program Files\pcreg\service.exe
x64-Run: [SpaceSoundPro] "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R?2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\Antivirus\sched.exe [2015-7-19 450808]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-28 16152]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-31 56208]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2015-7-19 28600]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-5-23 172344]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-28 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-28 204288]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2015-7-19 450808]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [2013-3-26 319488]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2015-7-19 153256]
R2 Avira.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2015-7-2 218816]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2015-7-19 44088]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-28 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-4-28 128280]
R2 msdotnetserv_v2050729;Microsoft .Net Framework v2.0.50729 ALP (X86);C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [2015-7-11 3003880]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-3-28 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-3-28 460288]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-4-28 1695040]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-28 363800]
R2 UpdateSvc;UpdateSvc;C:\Windows\Updatesvc.exe [2015-7-11 221184]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-4-28 76960]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-4-28 93712]
R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2014-6-6 95344]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2014-6-6 21872]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-9-8 282112]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
R3 glancedrv;glancedrv;C:\Windows\System32\drivers\glancedrv.sys [2015-1-4 36384]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-28 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-28 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-28 787736]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-7-14 25816]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-28 648808]
S2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2015-7-19 827184]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2015-7-19 1188360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-7-14 1133880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2014-10-2 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-10-2 477960]
S3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2015-2-26 23760]
S3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2015-2-26 23312]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-14 114688]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-7-14 113880]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-7-14 63704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-16 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 zejytose;Typewriter High Resolution; [x]
.
=============== Created Last 30 ================
.
2015-07-19 19:31:55 -------- d-----w- C:\Users\Wilson\AppData\Roaming\Avira
2015-07-19 14:00:43 44088 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2015-07-19 14:00:42 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2015-07-19 14:00:42 153256 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2015-07-19 13:55:08 -------- d-----w- C:\Program Files (x86)\Avira
2015-07-19 13:54:59 -------- d-----w- C:\ProgramData\Package Cache
2015-07-17 20:25:59 12221144 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21089FE2-84B4-4BF7-9AD2-5DFDDDB4B178}\mpengine.dll
2015-07-15 02:08:43 -------- d-----w- C:\FRST
2015-07-15 01:22:13 -------- d-----w- C:\AdwCleaner
2015-07-15 01:09:37 -------- d-----w- C:\RegBackup
2015-07-14 23:51:54 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-14 23:50:52 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-14 23:49:57 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-14 23:38:12 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-07-14 23:37:50 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-07-14 23:37:50 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-07-14 23:37:49 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-07-14 23:37:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-12 13:03:12 -------- d-----w- C:\Program Files (x86)\428378b5-151d-4aad-aa8f-0aac63b0763d
2015-07-12 03:38:24 271360 ----a-w- C:\Windows\Provider.dll
2015-07-12 03:38:24 221184 ----a-w- C:\Windows\Updatesvc.exe
2015-07-12 03:38:24 102912 ----a-w- C:\Windows\Installer.exe
2015-07-11 22:10:04 -------- d-----w- C:\ProgramData\MSNetCore
2015-07-11 2248 -------- d-----w- C:\Program Files (x86)\TechVedic
2015-07-11 2248 -------- d-----w- C:\Program Files (x86)\adlevel
2015-07-11 21:31:16 236080 ----a-w- C:\Windows\RegBootClean64.exe
2015-07-11 13:29:16 285208 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2015-07-10 18:35:15 -------- d-----w- C:\Program Files (x86)\ODMDownloader
2015-07-03 22:36:11 -------- d-----w- C:\ArcheAge
2015-07-03 15:27:44 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2015-07-03 15:22:11 -------- d--h--w- C:\Windows\msdownld.tmp
2015-07-03 15:22:11 -------- d-----w- C:\Windows\SysWow64\directx
2015-07-03 15:20:06 -------- d-----w- C:\ProgramData\Glyph
2015-07-03 15:20:03 -------- d-----w- C:\Program Files (x86)\Glyph
2015-06-24 05:29:00 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-06-22 22:31:05 -------- d-----w- C:\Users\Wilson\AppData\Local\Dropbox
2015-06-22 22:31:05 -------- d-----w- C:\ProgramData\Dropbox
.
==================== Find3M ====================
.
2015-07-09 17:59:59 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:41 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:26 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:24 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-09 17:58:23 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-09 17:58:23 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:50:11 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-03 18:05:54 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-03 18:05:43 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-03 18:05:34 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-03 18:05:26 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-03 17:56:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-03 17:56:56 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-03 17:56:52 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-03 17:55:42 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-03 16:52:31 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-03 16:42:38 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-23 17:30:20 300704 ------w- C:\Windows\System32\MpSigStub.exe
2015-06-20 2050 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-06-15 21:50:42 112064 ----a-w- C:\Windows\System32\consent.exe
2015-06-15 21:45:42 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-06-15 21:45:42 3242496 ----a-w- C:\Windows\System32\msi.dll
.
============= FINISH: 15:33:54.31 ===============
Attached Files
File Type: txt attach.txt (23.4 KB, 25 views)
ddbjwilson is offline  
Sponsored Links
Advertisement
 
Old 07-19-2015, 08:13 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

I noticed you have ASPCA Reminder by We-Care.com installed.

Please read this and decide if you want to keep it >> SystemLookup - D824F0DE-3D60-4F57-9EB1-66033ECD8ABB

You can uninstall it via Programs and Features in your Control Panel, if you don't want it.

If you decide to uninstall it, please delete the following Folder if it still exists:

C:\ProgramData\WeCareReminder

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-20-2015, 08:36 PM   #3
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: windows 7



Hello – Thank you for your help. I’ve backed up most of my files, I created the System Repair Disk, and I tried to uninstall the ASPCA We Care program. In the beginning uninstall process, it said the feature you are trying to use is on a network resource that is unavailable . . . try alternate path.” And so it did not uninstall. The file programdata/wecarereminder was not there.
I wasn’t able to disable my antivirus Avira; it is not working properly. I uninstalled it to run the combofix, then re-installed it after it finished.
The log for combofix is below. It makes me somewhat uncomfortable posting it – is this safe to post?
I found my notes – the viruses and malware found in my previous scans included – Adware Kazy, Dropper A, Adware Gigaclicks, Pricegong, Convert Ad gen, PUA Shopperz, Crossrider Gen 7, Adware Gen 7. Word Surfer is a program I uninstalled that kept coming back.
Thank you so much for your help.

ComboFix 15-07-20.01 - Wilson 07/20/2015 21:42:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16384.13638 [GMT -4:00]
Running from: c:\users\Wilson\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\428378b5-151d-4aad-aa8f-0aac63b0763d\22209261-ab1e-4fbd-b66a-70d4580fd2a5.dll
c:\program files (x86)\Adobe\428378b5-151d-4aad-aa8f-0aac63b0763d.dll
c:\programdata\ntuser.pol
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4747156A-F0D5-4715-8362-9DAF49E07BA2}.xps
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4F81C5C5-F63F-4B2B-9923-FDDFDBA9B050}.xps
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98C7B5B2-2A68-4A17-BE40-FC42444BABF0}.xps
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C2009C93-6A4C-4BDE-A5FE-79E99400E0C5}.xps
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE5E7CF4-CEC7-4DA7-9425-B677C49174CE}.xps
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E63102B9-D3FC-439E-8BC5-CC76EFF463CF}.xps
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FAB4C618-B242-4683-AD90-5844EF329C84}.xps
c:\users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE84F2D9-67E4-4E6A-A116-F48B4D218D48}.xps
c:\users\Dan\AppData\Local\nss15C0.tmp
c:\users\Dan\AppData\Local\nsvF2D3.tmp
c:\users\Dan\AppData\Local\nszCE1.tmp
c:\users\Jeffro\Documents\ppt56.tmp
c:\users\Wilson\AppData\Local\Microsoft\Windows\Temporary Internet Files\{27846E3B-0BE8-4879-A544-754BD9FDD214}.xps
c:\users\Wilson\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A5AD3E93-0014-4FF2-A5B8-84955643D622}.xps
c:\users\Wilson\AppData\Local\Microsoft\Windows\Temporary Internet Files\LinkiDoo_iels
c:\users\Wilson\Documents\~DF09325F41C79DC18B.TMP
c:\users\Wilson\ResourceReader.dll
c:\windows\installer.exe
c:\windows\msdownld.tmp
c:\windows\RPSETUP.EXE.LOG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
-------\Service_UpdateSvc
.
.
((((((((((((((((((((((((( Files Created from 2015-06-21 to 2015-07-21 )))))))))))))))))))))))))))))))
.
.
2015-07-21 02:14 . 2015-07-21 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-21 02:14 . 2015-07-21 02:14 -------- d-----w- c:\users\Jeffro\AppData\Local\temp
2015-07-21 02:13 . 2015-07-21 02:13 -------- d-----w- c:\users\Dan\AppData\Local\temp
2015-07-21 02:13 . 2015-07-21 02:13 -------- d-----w- c:\users\Baxter\AppData\Local\temp
2015-07-17 20:25 . 2015-06-24 05:22 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21089FE2-84B4-4BF7-9AD2-5DFDDDB4B178}\mpengine.dll
2015-07-15 02:08 . 2015-07-15 02:10 -------- d-----w- C:\FRST
2015-07-15 01:22 . 2015-07-15 01:29 -------- d-----w- C:\AdwCleaner
2015-07-15 01:09 . 2015-07-15 01:09 -------- d-----w- C:\RegBackup
2015-07-14 23:50 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-14 23:49 . 2015-07-09 17:59 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-14 23:38 . 2015-07-21 01:29 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-14 23:37 . 2015-06-18 12:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-14 23:37 . 2015-06-18 12:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-14 23:37 . 2015-07-15 10:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-14 23:37 . 2015-06-18 12:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-12 17:33 . 2015-07-12 17:33 -------- d-----w- c:\users\Dan\AppData\Roaming\Opera Software
2015-07-12 17:33 . 2015-07-12 17:33 -------- d-----w- c:\users\Dan\AppData\Local\Opera Software
2015-07-12 17:31 . 2015-07-12 18:21 -------- d-----w- c:\program files (x86)\Opera
2015-07-12 13:03 . 2015-07-21 02:10 -------- d-----w- c:\program files (x86)\428378b5-151d-4aad-aa8f-0aac63b0763d
2015-07-12 03:38 . 2015-07-10 03:18 221184 ----a-w- c:\windows\Updatesvc.exe
2015-07-12 03:38 . 2015-07-10 03:17 271360 ----a-w- c:\windows\Provider.dll
2015-07-11 22:10 . 2015-07-18 18:48 -------- d-----w- c:\programdata\MSNetCore
2015-07-11 22:06 . 2015-07-20 13:48 -------- d-----w- c:\program files (x86)\adlevel
2015-07-11 22:06 . 2015-07-15 10:58 -------- d-----w- c:\program files (x86)\TechVedic
2015-07-11 21:31 . 2015-07-11 21:33 236080 ----a-w- c:\windows\RegBootClean64.exe
2015-07-11 13:29 . 2013-09-28 02:56 285208 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2015-07-10 19:06 . 2015-07-10 19:06 -------- d-----w- c:\users\Dan\AppData\Local\Programs
2015-07-10 18:35 . 2015-07-15 10:58 -------- d-----w- c:\users\Jeffro\AppData\Roaming\4C4C4544-1436553340-5210-804A-CAC04F4E5331
2015-07-10 18:35 . 2015-07-15 10:58 -------- d-----w- c:\program files (x86)\ODMDownloader
2015-07-04 03:34 . 2015-07-15 10:58 -------- d-----w- c:\users\Jeffro\AppData\Roaming\Trove
2015-07-03 22:36 . 2015-07-03 22:36 -------- d-----w- C:\ArcheAge
2015-07-03 15:26 . 2006-02-03 12:43 3830992 ----a-w- c:\windows\system32\d3dx9_29.dll
2015-07-03 15:20 . 2015-07-15 10:58 -------- d-----w- c:\programdata\Glyph
2015-07-03 15:20 . 2015-07-15 10:58 -------- d-----w- c:\users\Jeffro\AppData\Local\Glyph
2015-07-03 15:20 . 2015-07-04 21:14 -------- d-----w- c:\program files (x86)\Glyph
2015-06-24 05:29 . 2015-06-24 05:29 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-22 22:31 . 2015-06-22 22:31 -------- d-----w- c:\users\Wilson\AppData\Local\Dropbox
2015-06-22 22:31 . 2015-06-22 22:31 -------- d-----w- c:\programdata\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-03 12:43 . 2012-07-18 23:37 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-06-23 17:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-05-25 18:24 . 2015-06-10 06:29 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-10 06:29 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-10 06:29 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-10 06:29 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-10 06:29 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-10 06:29 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-10 06:29 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 06:29 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 06:29 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-10 06:29 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-10 06:29 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-10 06:29 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-10 06:29 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-10 06:29 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-10 06:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-10 06:29 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 06:29 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 06:29 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 06:29 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-10 06:29 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-10 06:29 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 06:29 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 06:29 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-10 06:29 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-10 06:29 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-10 06:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-10 06:29 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 06:29 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 06:29 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-10 06:29 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 06:29 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-10 06:29 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 06:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-10 06:29 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-10 06:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-10 06:29 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 06:29 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 06:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-10 06:29 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 06:29 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 06:29 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-10 06:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-10 06:29 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-10 06:29 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-05-25 17:55 . 2015-06-10 06:29 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 17:55 . 2015-06-10 06:29 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2015-05-25 17:00 . 2015-06-10 06:29 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-05-25 16:50 . 2015-06-10 06:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2015-05-25 16:50 . 2015-06-10 06:29 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 151576 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-04-11 7806232]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2015-03-18 720064]
"Dropbox Update"="c:\users\Wilson\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-22 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2013-04-05 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-12-27 4522496]
"BrHelp"="c:\program files (x86)\Brother\Brother Help\BrotherHelp.exe" [2013-01-18 2009088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"!DefaultPack"="c:\program files (x86)\Microsoft\DefaultPack\DefaultPack.EXE" [2013-12-18 2162832]
.
c:\users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 44236896]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
R3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
R4 zejytose;Typewriter High Resolution; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 ATT MAHostService;ATT MAHostService;c:\program files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe;c:\program files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 msdotnetserv_v2050729;Microsoft .Net Framework v2.0.50729 ALP (X86);c:\program files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe;c:\program files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 glancedrv;glancedrv;c:\windows\system32\DRIVERS\glancedrv.sys;c:\windows\SYSNATIVE\DRIVERS\glancedrv.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-20 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000Core.job
- c:\users\Wilson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22 22:31]
.
2015-07-21 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000UA.job
- c:\users\Wilson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22 22:31]
.
2015-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 06:23]
.
2015-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 06:23]
.
2015-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000Core.job
- c:\users\Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 02:22]
.
2015-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000UA.job
- c:\users\Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 02:22]
.
2015-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1003Core.job
- c:\users\Jeffro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 19:51]
.
2015-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1003UA.job
- c:\users\Jeffro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 19:51]
.
2015-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1004Core.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 19:51]
.
2015-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1004UA.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 19:51]
.
2015-07-21 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]
.
2015-07-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/search?pc=COSP&ptag=AA07624EB759D4009A9F&form=CONMHP&conlogo=CT3210127
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: genieo.com\yahoo
TCP: DhcpNameServer = 192.168.2.1 192.168.1.254 192.168.1.254
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-ShieldSoft - c:\users\Wilson\AppData\Roaming\ShieldSoft\UI\bin\shieldui.exe
Wow6432Node-HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{3c9ce603-44cc-4997-a166-239e6186c6ef} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-pcreg - c:\program files\pcreg\service.exe
HKLM-Run-SpaceSoundPro - c:\program files\SpaceSoundPro\SpaceSoundPro.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\zejytose]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ATT\8.2.1.6\ma\bin\node.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
c:\users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\ControlCenter4\BrCtrlCntr.exe
c:\program files (x86)\ControlCenter4\BrCcUxSys.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
.
**************************************************************************
.
Completion time: 2015-07-20 22:31:52 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-21 02:31
.
Pre-Run: 662,322,630,656 bytes free
Post-Run: 669,285,892,096 bytes free
.
- - End Of File - - 88978BDAA4C10A5D6C80F78CB0983E34
ddbjwilson is offline  
Sponsored Links
Advertisement
 
Old 07-20-2015, 10:17 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ddbjwilson. You're very welcome.

------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-21-2015, 05:42 PM   #5
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: windows 7



Hello Chemist - The FRST64 log is below, and the addition.txt is attached.
My antivirus must be partially working - I have a new virus message telling me I have the PUA Download Admin Gen 7 malware.
As always - Thanks for you help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Dan (administrator) on WILSON-PC on 21-07-2015 20:20:34
Running from C:\Users\Dan\Downloads
Loaded Profiles: Wilson & Dan (Available Profiles: Wilson & Jeffro & Dan & Baxter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Joyent, Inc) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Copyright © Microsoft 2015) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Dropbox, Inc.) C:\Users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-04-11] (SUPERAntiSpyware)
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\...\Run: [Dropbox Update] => C:\Users\Wilson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\...\Run: [Google Update] => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-15] (Google Inc.)
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-18\...\RunOnce: [!DefaultPack] => "C:\Program Files (x86)\Microsoft\DefaultPack\DefaultPack.EXE" /c:"DefaultPack.exe partner=p001 comb=5"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2012-07-18]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-05-25]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1CD103AA-3F08-4F15-A1D3-1AF87BD09364} URL = https://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1CD103AA-3F08-4F15-A1D3-1AF87BD09364} URL = https://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> {1CD103AA-3F08-4F15-A1D3-1AF87BD09364} URL = https://www.bing.com/search?pc=COSP&ptag=AA07624EB759D4009A9F&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> {2945253C-B5D4-4A56-AF1A-DC553473B684} URL = https://www.bing.com/search?pc=COSP&ptag=AA07624EB759D4009A9F&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.bing.com/search?pc=COSP&ptag=AA07624EB759D4009A9F&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> {1CD103AA-3F08-4F15-A1D3-1AF87BD09364} URL = (null){searchTerms}
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> {2EC8A302-99F3-4EA1-95F1-4CD54635CB14} URL = (null){searchTerms}
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = (null){searchTerms}
BHO: No Name -> {3c9ce603-44cc-4997-a166-239e6186c6ef} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-17] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-17] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} https://quickscan.bitdefender.com/qsax/qsax.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{BFF165AC-45CF-498E-BCF6-443D696E37FA}: [DhcpNameServer] 192.168.2.1 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{E3275E5F-51DB-4DD1-9B8B-279A2F530CBE}: [DhcpNameServer] 192.168.2.1 192.168.1.254 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\soybqma3.default
FF SearchEngineOrder.1: Ask.com
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll [2013-03-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2788050178-582097163-3900234372-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2788050178-582097163-3900234372-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2788050178-582097163-3900234372-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-2788050178-582097163-3900234372-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2788050178-582097163-3900234372-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2788050178-582097163-3900234372-1004: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Dan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF user.js: detected! => C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\soybqma3.default\user.js [2015-07-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-02-25] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-02-25] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\soybqma3.default\searchplugins\avira-safesearch.xml [2015-02-26]
FF Extension: Avira Browser Safety - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\soybqma3.default\Extensions\[email protected] [2015-07-02]
FF Extension: Avira SafeSearch - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\soybqma3.default\Extensions\[email protected] [2015-06-16]
FF Extension: TunePro360 - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c} [2015-07-11]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}] - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}
FF HKU\S-1-5-21-2788050178-582097163-3900234372-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-14]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-14]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-14]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-14]
CHR Extension: (Avira Browser Safety) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-21]
CHR Extension: (Google Wallet) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.PSISSEI7SZ7CORX45RHYAC4FUY - C:\Users\Jeffro\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-11] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-10-02] (BitRaider, LLC)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2014-03-08] () <==== ATTENTION (zero byte File/Folder)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-21] ()
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2014-03-08] () <==== ATTENTION (zero byte File/Folder)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 msdotnetserv_v2050729; C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [3003880 2015-07-05] (Copyright © Microsoft 2015)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2014-03-08] () <==== ATTENTION (zero byte File/Folder)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2014-03-08] () <==== ATTENTION (zero byte File/Folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-03-08] () <==== ATTENTION (zero byte File/Folder)
R3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2014-03-08] () <==== ATTENTION (zero byte File/Folder)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]
S4 zejytose; [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-10-02] (BitRaider)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
R3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 20:20 - 2015-07-21 20:20 - 00035003 _____ C:\Users\Dan\Downloads\FRST.txt
2015-07-21 20:17 - 2015-07-21 20:17 - 02135552 _____ (Farbar) C:\Users\Dan\Downloads\FRST64.exe
2015-07-21 08:08 - 2015-07-21 08:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Avira
2015-07-21 08:03 - 2015-07-21 08:03 - 00000000 ___RD C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-20 23:04 - 2015-07-20 23:04 - 00000000 ____D C:\Users\Wilson\AppData\Roaming\Avira
2015-07-20 23:03 - 2015-06-16 09:36 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-20 23:03 - 2015-06-16 09:36 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-20 23:03 - 2015-06-16 09:36 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-07-20 23:03 - 2015-06-16 09:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-07-20 22:56 - 2015-07-20 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-20 22:56 - 2015-07-20 23:03 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-20 22:56 - 2015-07-20 22:57 - 04721376 _____ (Avira Operations GmbH & Co. KG) C:\Users\Wilson\Downloads\avira_en_av_55a62c686be52__ws (1).exe
2015-07-20 22:56 - 2015-07-20 22:57 - 00001190 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-20 22:56 - 2015-07-20 22:56 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-20 22:55 - 2015-07-20 22:56 - 04721376 _____ (Avira Operations GmbH & Co. KG) C:\Users\Wilson\Downloads\avira_en_av_55a62c686be52__ws.exe
2015-07-20 22:31 - 2015-07-20 22:31 - 00043314 _____ C:\ComboFix.txt
2015-07-20 21:41 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-20 21:41 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-20 21:41 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-20 21:41 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-20 21:41 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-20 21:41 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-20 21:41 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-20 21:41 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-20 21:24 - 2015-07-20 22:32 - 00000000 ____D C:\Qoobox
2015-07-20 21:24 - 2015-07-20 22:29 - 00000000 ____D C:\Windows\erdnt
2015-07-20 21:23 - 2015-07-20 21:23 - 05632853 ____R (Swearware) C:\Users\Wilson\Desktop\ComboFix.exe
2015-07-20 21:20 - 2015-07-20 21:20 - 00000135 _____ C:\Windows\version.ini
2015-07-20 18:38 - 2015-07-20 18:39 - 00000000 ____D C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-19 15:33 - 2015-07-19 15:33 - 00688992 ____R (Swearware) C:\Users\Wilson\Downloads\dds.scr
2015-07-19 15:33 - 2015-07-19 15:33 - 00032381 _____ C:\Users\Wilson\Desktop\dds.txt
2015-07-19 15:33 - 2015-07-19 15:33 - 00023950 _____ C:\Users\Wilson\Desktop\attach.txt
2015-07-19 09:54 - 2015-07-19 09:54 - 04721376 _____ (Avira Operations GmbH & Co. KG) C:\Users\Dan\Downloads\avira_en_av_5729464629__ws.exe
2015-07-17 14:04 - 2015-07-17 14:04 - 00058925 _____ C:\Users\Dan\Downloads\Attachments_2015717.zip
2015-07-14 22:09 - 2015-07-14 22:10 - 00075676 _____ C:\Users\Wilson\Downloads\FRST.txt
2015-07-14 22:09 - 2015-07-14 22:10 - 00054521 _____ C:\Users\Wilson\Downloads\Addition.txt
2015-07-14 22:08 - 2015-07-21 20:20 - 00000000 ____D C:\FRST
2015-07-14 22:07 - 2015-07-14 22:07 - 02133504 _____ (Farbar) C:\Users\Wilson\Downloads\FRST64.exe
2015-07-14 21:32 - 2015-07-14 21:32 - 00029573 _____ C:\Users\Wilson\Documents\AdwCleaner[S0].txt
2015-07-14 21:22 - 2015-07-14 21:29 - 00000000 ____D C:\AdwCleaner
2015-07-14 21:19 - 2015-07-14 21:19 - 02248704 _____ C:\Users\Wilson\Downloads\AdwCleaner.exe
2015-07-14 21:17 - 2015-07-14 21:17 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Wilson\Downloads\mbam-setup-2.1.8.1057 (2).exe
2015-07-14 21:17 - 2015-07-14 21:17 - 03034989 _____ (Malwarebytes Corporation) C:\Users\Wilson\Downloads\JRT (1).exe
2015-07-14 21:14 - 2015-07-14 21:14 - 00044147 _____ C:\Users\Wilson\Documents\JRT.txt
2015-07-14 21:11 - 2015-07-14 21:11 - 00044147 _____ C:\Users\Wilson\Desktop\JRT.txt
2015-07-14 21:09 - 2015-07-14 21:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-WILSON-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-14 21:09 - 2015-07-14 21:09 - 00000000 ____D C:\RegBackup
2015-07-14 21:08 - 2015-07-14 21:08 - 03034989 _____ (Malwarebytes Corporation) C:\Users\Wilson\Downloads\JRT.exe
2015-07-14 21:02 - 2015-07-14 21:03 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Wilson\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-07-14 19:52 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 19:52 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 19:52 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 19:52 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 19:52 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 19:52 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 19:52 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 19:52 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 19:52 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 19:52 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 19:52 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 19:52 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 19:52 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 19:52 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 19:52 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 19:52 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 19:52 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 19:52 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 19:52 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 19:52 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 19:52 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 19:52 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 19:52 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-14 19:52 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 19:52 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 19:52 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 19:52 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 19:52 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 19:52 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 19:51 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 19:51 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 19:51 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 19:51 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 19:51 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 19:51 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 19:51 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 19:51 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 19:51 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 19:51 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 19:51 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 19:51 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 19:51 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 19:51 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 19:51 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 19:51 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 19:51 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 19:51 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 19:51 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 19:51 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 19:51 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 19:51 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 19:51 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 19:51 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 19:51 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 19:51 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 19:51 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 19:51 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 19:51 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-14 19:51 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 19:51 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 19:51 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 19:51 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 19:51 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-14 19:51 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 19:51 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 19:51 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 19:51 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 19:51 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 19:51 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 19:51 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 19:51 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-14 19:51 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 19:51 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 19:50 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 19:50 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 19:50 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 19:50 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 19:50 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 19:50 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 19:50 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 19:50 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 19:50 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 19:50 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 19:50 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 19:50 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 19:50 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 19:50 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 19:50 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 19:50 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 19:50 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 19:50 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 19:50 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 19:50 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 19:50 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 19:50 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 19:50 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 19:50 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 19:50 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 19:50 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 19:50 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 19:50 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 19:50 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 19:50 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 19:50 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 19:50 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 19:50 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 19:50 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-14 19:50 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-14 19:50 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-14 19:50 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-14 19:50 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-14 19:50 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-14 19:50 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-14 19:50 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-14 19:49 - 2015-07-09 13:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 19:49 - 2015-07-09 13:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 19:49 - 2015-07-09 13:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 19:49 - 2015-07-09 13:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 19:49 - 2015-07-09 13:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 19:49 - 2015-07-09 13:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 19:49 - 2015-07-09 13:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 19:49 - 2015-07-09 13:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 19:49 - 2015-07-03 14:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-14 19:49 - 2015-07-03 14:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-14 19:49 - 2015-07-03 14:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-14 19:49 - 2015-07-03 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-14 19:49 - 2015-07-03 13:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-14 19:49 - 2015-07-03 13:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-14 19:49 - 2015-07-03 13:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-14 19:49 - 2015-07-03 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-14 19:49 - 2015-07-03 12:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-14 19:49 - 2015-07-03 12:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-14 19:38 - 2015-07-20 21:29 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 19:37 - 2015-07-15 06:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-14 19:37 - 2015-07-15 06:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-14 19:37 - 2015-07-14 19:37 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-14 19:37 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-14 19:37 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-14 19:37 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-14 19:35 - 2015-07-14 19:36 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Wilson\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-12 13:33 - 2015-07-12 13:33 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Opera Software
2015-07-12 13:33 - 2015-07-12 13:33 - 00000000 ____D C:\Users\Dan\AppData\Local\Opera Software
2015-07-12 13:31 - 2015-07-12 14:21 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-12 09:06 - 2015-07-12 14:33 - 00001606 _____ C:\ProgramData\tempimage.bmp
2015-07-12 09:03 - 2015-07-20 22:10 - 00000000 ____D C:\Program Files (x86)\428378b5-151d-4aad-aa8f-0aac63b0763d
2015-07-12 09:03 - 2015-07-12 09:03 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-11 23:38 - 2015-07-09 23:18 - 00221184 _____ (drms media group) C:\Windows\Updatesvc.exe
2015-07-11 23:38 - 2015-07-09 23:17 - 00271360 _____ (drms media group) C:\Windows\Provider.dll
2015-07-11 18:10 - 2015-07-18 14:48 - 00000000 ____D C:\ProgramData\MSNetCore
2015-07-11 18:06 - 2015-07-21 08:02 - 00000000 ____D C:\Program Files (x86)\adlevel
2015-07-11 18:06 - 2015-07-15 06:58 - 00000000 ____D C:\Program Files (x86)\TechVedic
2015-07-11 18:06 - 2015-07-11 18:06 - 00003052 _____ C:\Windows\System32\Tasks\TunePro360 Updater
2015-07-11 17:47 - 2015-07-11 19:06 - 00536228 _____ C:\Users\Dan\AppData\Local\census.cache
2015-07-11 17:47 - 2015-07-11 19:06 - 00215957 _____ C:\Users\Dan\AppData\Local\ars.cache
2015-07-11 17:31 - 2015-07-11 17:33 - 00236080 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-07-11 12:46 - 2015-07-15 06:58 - 00000000 ___RD C:\Users\Jeffro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-11 09:41 - 2015-07-11 17:45 - 00000010 _____ C:\Users\Dan\AppData\Local\sponge.last.runtime.cache
2015-07-11 09:29 - 2015-07-11 09:29 - 00000036 _____ C:\Users\Dan\AppData\Local\housecall.guid.cache
2015-07-11 09:29 - 2013-09-27 22:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-07-11 09:27 - 2015-07-11 09:27 - 02494944 _____ (Trend Micro Inc.) C:\Users\Dan\Downloads\HousecallLauncher64(1).exe
2015-07-11 07:54 - 2015-07-11 07:54 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-07-10 14:36 - 2015-07-10 14:36 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-07-10 14:35 - 2015-07-15 06:58 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\4C4C4544-1436553340-5210-804A-CAC04F4E5331
2015-07-10 14:35 - 2015-07-15 06:58 - 00000000 ____D C:\Program Files (x86)\ODMDownloader
2015-07-10 14:34 - 2015-07-10 14:34 - 00618800 _____ C:\Users\Jeffro\Downloads\SetupODM.exe
2015-07-10 14:34 - 2015-07-10 14:34 - 00000003 _____ C:\Users\Jeffro\Downloads\1.txt
2015-07-03 23:34 - 2015-07-15 06:58 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\Trove
2015-07-03 18:36 - 2015-07-15 06:58 - 00000000 ____D C:\Users\Jeffro\Documents\ArcheAge
2015-07-03 18:36 - 2015-07-03 18:36 - 00000000 ____D C:\ArcheAge
2015-07-03 12:24 - 2015-07-15 06:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 11:27 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-07-03 11:27 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-07-03 11:27 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-07-03 11:27 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-07-03 11:27 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-07-03 11:27 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-07-03 11:27 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-07-03 11:27 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-07-03 11:27 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-07-03 11:27 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-07-03 11:27 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-07-03 11:27 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-07-03 11:27 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-07-03 11:27 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-07-03 11:27 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-07-03 11:27 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-07-03 11:27 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-07-03 11:27 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-07-03 11:27 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-07-03 11:27 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-07-03 11:27 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-07-03 11:27 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-07-03 11:27 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-07-03 11:27 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-07-03 11:27 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-07-03 11:27 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-07-03 11:27 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-07-03 11:27 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-07-03 11:27 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-07-03 11:27 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-07-03 11:27 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-07-03 11:27 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-07-03 11:27 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-07-03 11:27 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-07-03 11:27 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-07-03 11:27 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-07-03 11:27 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-07-03 11:27 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-07-03 11:27 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-07-03 11:27 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-07-03 11:27 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-07-03 11:27 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-07-03 11:27 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-07-03 11:27 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-07-03 11:27 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-07-03 11:27 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-07-03 11:27 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-07-03 11:27 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-07-03 11:27 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-07-03 11:27 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-07-03 11:27 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-07-03 11:27 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-07-03 11:27 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-07-03 11:27 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-07-03 11:27 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-07-03 11:27 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-07-03 11:27 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-07-03 11:27 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-07-03 11:27 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-07-03 11:27 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-07-03 11:27 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-07-03 11:27 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-07-03 11:27 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-07-03 11:27 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-07-03 11:27 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-07-03 11:27 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-07-03 11:27 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-07-03 11:27 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-07-03 11:27 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-07-03 11:27 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-07-03 11:27 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-07-03 11:27 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-07-03 11:27 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-07-03 11:27 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-07-03 11:27 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-07-03 11:27 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-07-03 11:27 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-07-03 11:27 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-07-03 11:27 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-07-03 11:27 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-07-03 11:27 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-07-03 11:27 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-07-03 11:27 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-07-03 11:27 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-07-03 11:27 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-07-03 11:27 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-07-03 11:27 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-07-03 11:27 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-07-03 11:27 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-07-03 11:27 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-07-03 11:27 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-07-03 11:27 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-07-03 11:27 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-07-03 11:27 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-07-03 11:27 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-07-03 11:27 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-07-03 11:27 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-07-03 11:26 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-07-03 11:26 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-07-03 11:26 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-07-03 11:26 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-07-03 11:26 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-07-03 11:26 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-07-03 11:26 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-07-03 11:26 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-07-03 11:26 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-07-03 11:26 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-07-03 11:26 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-07-03 11:26 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-07-03 11:26 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-07-03 11:26 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-07-03 11:26 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-07-03 11:26 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-07-03 11:22 - 2015-07-03 11:27 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-07-03 11:20 - 2015-07-15 06:58 - 00000000 ____D C:\Users\Jeffro\AppData\Local\Glyph
2015-07-03 11:20 - 2015-07-15 06:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-07-03 11:20 - 2015-07-15 06:58 - 00000000 ____D C:\ProgramData\Glyph
2015-07-03 11:20 - 2015-07-04 17:14 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-07-03 11:20 - 2015-07-03 11:20 - 00000999 _____ C:\Users\Jeffro\Desktop\Glyph.lnk
2015-07-03 11:17 - 2015-07-03 11:19 - 32035192 _____ (Trion Worlds Inc.) C:\Users\Jeffro\Downloads\GlyphInstall-0-120.exe
2015-07-01 15:58 - 2015-07-16 21:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-01 15:58 - 2015-07-01 15:58 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-24 01:29 - 2015-06-24 01:29 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2015-06-23 16:42 - 2015-06-23 16:42 - 01088664 _____ (Unity Technologies ApS) C:\Users\Jeffro\Downloads\UnityWebPlayer (1).exe
2015-06-22 18:31 - 2015-07-21 19:36 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000UA.job
2015-06-22 18:31 - 2015-07-21 15:36 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000Core.job
2015-06-22 18:31 - 2015-07-19 15:31 - 00003898 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000UA
2015-06-22 18:31 - 2015-07-19 15:31 - 00003502 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000Core
2015-06-22 18:31 - 2015-06-22 18:31 - 00000000 ____D C:\Users\Wilson\AppData\Local\Dropbox
2015-06-22 18:31 - 2015-06-22 18:31 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 20:08 - 2012-07-14 22:39 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-21 19:54 - 2012-08-24 23:03 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1004UA.job
2015-07-21 19:40 - 2012-08-30 21:57 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1003UA.job
2015-07-21 19:37 - 2012-07-14 22:22 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000UA.job
2015-07-21 19:02 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-21 19:02 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-21 15:40 - 2012-08-30 21:57 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1003Core.job
2015-07-21 15:37 - 2012-07-14 22:22 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000Core.job
2015-07-21 14:04 - 2012-04-28 02:11 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-07-21 12:08 - 2012-07-14 22:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-21 08:03 - 2012-04-28 01:55 - 02033179 _____ C:\Windows\WindowsUpdate.log
2015-07-21 08:02 - 2012-07-14 16:34 - 00000000 ____D C:\Users\Wilson\Documents\Bluetooth Folder
2015-07-21 08:02 - 2012-04-28 02:16 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-07-21 08:02 - 2012-04-28 02:11 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-07-20 23:03 - 2013-01-15 15:36 - 00000000 ____D C:\ProgramData\Avira
2015-07-20 22:32 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-07-20 22:20 - 2014-12-22 15:57 - 00000000 ___RD C:\Users\Wilson\Dropbox
2015-07-20 22:20 - 2014-12-22 15:55 - 00000000 ____D C:\Users\Wilson\AppData\Roaming\Dropbox
2015-07-20 22:19 - 2012-04-28 02:28 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-07-20 22:19 - 2012-04-28 02:28 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-07-20 22:19 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2015-07-20 22:18 - 2010-11-20 23:47 - 01131098 _____ C:\Windows\PFRO.log
2015-07-20 22:18 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 22:18 - 2009-07-14 00:51 - 00177756 _____ C:\Windows\setupact.log
2015-07-20 22:18 - 2009-07-13 22:34 - 95420416 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-20 22:18 - 2009-07-13 22:34 - 47448064 _____ C:\Windows\system32\config\components.bak
2015-07-20 22:18 - 2009-07-13 22:34 - 20185088 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-20 22:18 - 2009-07-13 22:34 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-20 22:18 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-20 22:18 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-07-20 22:11 - 2012-07-14 16:27 - 00000000 ____D C:\Users\Wilson
2015-07-20 22:10 - 2012-04-28 02:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-20 21:05 - 2012-09-10 17:23 - 00432640 ___SH C:\Users\Wilson\Documents\Thumbs.db
2015-07-20 20:56 - 2014-12-28 09:40 - 00000000 ____D C:\Users\Wilson\Documents\computer
2015-07-20 20:54 - 2012-08-24 23:03 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1004Core.job
2015-07-20 12:28 - 2014-09-08 12:41 - 00007891 _____ C:\Windows\BRRBCOM.INI
2015-07-19 19:31 - 2013-03-12 22:23 - 00000000 ____D C:\Users\Dan\Documents\Bluetooth Folder
2015-07-19 15:32 - 2012-07-14 22:22 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000UA
2015-07-19 15:32 - 2012-07-14 22:22 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000Core
2015-07-18 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-18 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-17 12:03 - 2012-07-14 22:39 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 12:03 - 2012-07-14 22:39 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 20:59 - 2014-12-28 14:05 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 20:55 - 2012-08-24 23:10 - 00002359 _____ C:\Users\Dan\Desktop\Google Chrome.lnk
2015-07-15 20:49 - 2012-08-24 23:03 - 00003870 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1004UA
2015-07-15 20:49 - 2012-08-24 23:03 - 00003474 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1004Core
2015-07-15 06:58 - 2014-12-10 04:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 06:58 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 06:58 - 2014-02-05 10:41 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2015-07-15 06:58 - 2014-01-29 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-15 06:58 - 2012-08-30 22:01 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-15 06:58 - 2012-08-24 23:10 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-15 06:58 - 2012-07-18 07:51 - 00000000 ____D C:\Users\Dan
2015-07-15 06:58 - 2012-07-15 18:15 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\Microsoft\Windows\Start Menu\PDF Reader
2015-07-15 06:58 - 2012-07-14 22:26 - 00000000 ____D C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-15 06:58 - 2012-07-14 17:56 - 00000000 ____D C:\Users\Jeffro
2015-07-15 06:58 - 2012-04-28 02:37 - 00000000 ____D C:\ProgramData\Atheros
2015-07-15 06:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-15 06:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-15 06:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 06:58 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-15 06:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-07-15 03:37 - 2009-07-14 00:45 - 05027064 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 03:17 - 2012-07-21 21:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 03:12 - 2013-07-18 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 20:39 - 2012-07-14 22:26 - 00002374 _____ C:\Users\Wilson\Desktop\Google Chrome.lnk
2015-07-14 19:37 - 2013-08-28 08:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-14 19:31 - 2009-07-14 01:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-12 14:22 - 2012-07-18 16:31 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2015-07-12 14:21 - 2014-12-07 13:19 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieBrowserModeList
2015-07-12 14:21 - 2014-05-28 12:09 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieUserList
2015-07-12 14:21 - 2014-05-28 12:09 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieSiteList
2015-07-12 14:21 - 2012-07-18 07:52 - 00001415 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-11 12:46 - 2012-07-14 17:56 - 00000000 ____D C:\Users\Jeffro\Documents\Bluetooth Folder
2015-07-11 05:51 - 2012-07-14 21:41 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6AF24388-F1D8-45C8-A36A-301A327DE957}
2015-07-10 22:19 - 2012-07-15 17:51 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\.minecraft
2015-07-10 19:51 - 2013-08-28 22:40 - 00000000 ____D C:\Users\Dan\Documents\Job applications
2015-07-07 13:42 - 2012-08-30 22:01 - 00002374 _____ C:\Users\Jeffro\Desktop\Google Chrome.lnk
2015-07-06 11:17 - 2012-07-18 07:52 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Adobe
2015-07-06 11:16 - 2012-07-23 15:31 - 00000000 ____D C:\Users\Dan\AppData\Local\Adobe
2015-07-03 11:27 - 2012-04-28 02:22 - 00010430 _____ C:\Windows\DirectX.log
2015-07-03 08:43 - 2012-07-18 19:37 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 20:37 - 2015-04-15 05:55 - 00000000 ____D C:\Users\Wilson\AppData\Local\UmmyVideoDownloader
2015-07-02 19:28 - 2015-02-08 00:06 - 00000000 ____D C:\Users\Jeffro\Documents\Boy Scouts
2015-07-01 15:58 - 2012-04-28 02:25 - 00000000 ____D C:\ProgramData\Adobe
2015-06-29 22:02 - 2012-09-02 17:13 - 00000000 ____D C:\Users\Wilson\Documents\Recipes
2015-06-27 17:57 - 2012-10-15 17:37 - 00009728 ___SH C:\Users\Dan\Thumbs.db
2015-06-25 22:44 - 2014-12-02 00:00 - 00000000 __SHD C:\Users\Wilson\AppData\Local\EmieBrowserModeList
2015-06-25 22:44 - 2014-04-23 22:28 - 00000000 __SHD C:\Users\Wilson\AppData\Local\EmieUserList
2015-06-25 22:44 - 2014-04-23 22:28 - 00000000 __SHD C:\Users\Wilson\AppData\Local\EmieSiteList
2015-06-23 19:34 - 2012-08-13 23:21 - 00000000 ____D C:\Users\Jeffro\AppData\Local\CrashDumps
2015-06-23 13:30 - 2010-11-20 23:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-05-12 19:22 - 2015-05-12 19:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico
2012-10-29 23:29 - 2013-01-21 16:51 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2012-10-29 23:28 - 2012-10-29 23:28 - 7021336 _____ (Webroot Software, Inc.) C:\Users\Dan\AppData\Roaming\wruninstall.exe
2015-07-11 17:47 - 2015-07-11 19:06 - 0215957 _____ () C:\Users\Dan\AppData\Local\ars.cache
2015-07-11 17:47 - 2015-07-11 19:06 - 0536228 _____ () C:\Users\Dan\AppData\Local\census.cache
2015-07-11 09:29 - 2015-07-11 09:29 - 0000036 _____ () C:\Users\Dan\AppData\Local\housecall.guid.cache
2015-07-11 09:41 - 2015-07-11 17:45 - 0000010 _____ () C:\Users\Dan\AppData\Local\sponge.last.runtime.cache
2013-11-02 11:42 - 2013-11-02 11:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-11-02 11:55 - 2015-04-12 11:57 - 0007559 _____ () C:\ProgramData\hpzinstall.log
2015-07-12 09:06 - 2015-07-12 14:33 - 0001606 _____ () C:\ProgramData\tempimage.bmp

Files to move or delete:
====================
C:\Users\Wilson\en_res.dll
C:\Users\Wilson\es_res.dll
C:\Users\Wilson\fr_res.dll
C:\Users\Wilson\grm_res.dll
C:\Users\Wilson\it_res.dll
C:\Users\Wilson\jp_res.dll
C:\Users\Wilson\mfc80u.dll
C:\Users\Wilson\msvcr80.dll
C:\Users\Wilson\PCPE Setup.exe
C:\Users\Wilson\pt_res.dll
C:\Users\Wilson\ru_res.dll
C:\Users\Wilson\zh_res.dll


Some files in TEMP:
====================
C:\Users\Dan\AppData\Local\temp\avgnt.exe
C:\Users\Wilson\AppData\Local\temp\avgnt.exe
C:\Users\Wilson\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn5xsui.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\System32\aticfx32.dll
C:\Windows\System32\atidxx32.dll
C:\Windows\System32\atiu9pag.dll
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll
C:\Windows\System32\atiuxpag.dll
C:\Windows\System32\d3dx10_41.dll
C:\Windows\System32\expsrv.dll
C:\Windows\System32\msjet40.dll
C:\Windows\System32\MSJINT40.DLL
C:\Windows\System32\msjter40.dll
C:\Windows\System32\mswstr10.dll
C:\Windows\System32\odbcji32.dll
C:\Windows\System32\odbcjt32.dll
C:\Windows\System32\sirenacm.dll
C:\Windows\System32\VBAJET32.DLL

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-15 04:07

==================== End of log ============================
Attached Files
File Type: txt Addition.txt (55.8 KB, 185 views)
ddbjwilson is offline  
Old 07-22-2015, 08:56 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ddbjwilson. You're very welcome. Your machine is a mess. It will take several rounds to fix.

Yes, it is safe to post the logs.

It appears you ran dds under the Wilson account, but FRST under the Dan account.

I see all your accounts are admin accounts, but we would prefer you run all tools under the same account, at least for now.

------------------------------------------------------

Did you download, and do you use UmmyVideoDownloader?

------------------------------------------------------

I noticed you have Ask Toolbar Updater installed.

Please read this and decide if you want to keep it >> Current Practices of IAC/Ask Toolbars

You can uninstall it via Programs and Features in your Control Panel.

If you decide to uninstall it, please delete the following Folder if it still exists:

C:\Program Files (x86)\Ask.com

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EFS" /s
    Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso" /s
    Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon" /s
    Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProtectedStorage" /s
    Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SamSs" /s
    Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VaultSvc" /s
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Run FRST64 again. Copy/paste the following bolded text into the Search window and click 'Search Files':

csrss.exe;lsass.exe;lsm.exe;services.exe;smss.exe;winlogon.exe;aticfx32.dll;atidxx32.dll;atiu9pag.dll;atiumdag.dll;atiumdva.dll;atiuxpag.dll;d3dx10_41.dll;expsrv.dll;msjet40.dll;MSJINT40.DLL;msjter40.dll;mswstr10.dll;odbcji32.dll;odbcjt32.dll;sirenacm.dll;VBAJET32.DLL

Please be patient as it may take a while.

Once done, a log will pop open. Please post the log in your next reply. If the log is too big to post, please attach the log to your next reply.

The log, Search.txt, will also be saved at the same location that FRST.exe is located.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-24-2015, 05:20 PM   #7
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: windows 7



Hello Chemist – I will be careful to stick to the Wilson account from now on.

I did download ummy video downloader, and use it. I understand there is some controversy with it. I downloaded it from cnet, and I realize it could have brought some bad stuff with it.

I would like to be rid of Ask Toolbar, but it doesn’t show up on my Uninstall list of programs, and I checked through several times. The Ask.com folder is not found in C:\Program Files (x86). I did a search for ask on my C drive, and Ask Toolbar was found in 4 quarantine folders, one for each account, and in another folder System Volume Information\System Restore\FRStaging\Users\...\AppData.

I ran the FRST file twice, with the fixlist, and as a search. Here is the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Wilson at 2015-07-24 19:40:40 Run:1
Running from C:\Users\Wilson\Downloads
Loaded Profiles: Wilson (Available Profiles: Wilson & Jeffro & Dan & Baxter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EFS" /s
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso" /s
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon" /s
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProtectedStorage" /s
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SamSs" /s
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VaultSvc" /s
EmptyTemp:
end
*****************


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EFS" /s =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EFS
DisplayName REG_SZ @%SystemRoot%\system32\efssvc.dll,-100
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\lsass.exe
Description REG_SZ @%SystemRoot%\system32\efssvc.dll,-101
ObjectName REG_SZ LocalSystem
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x3
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ RPCSS
RequiredPrivileges REG_MULTI_SZ SeImpersonatePrivilege\0SeTcbPrivilege\0SeIncreaseQuotaPrivilege\0SeAssignPrimaryTokenPrivilege\0SeAuditPrivilege

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EFS\Security
Security REG_BINARY 01001480A0000000AC000000140000003000000002001C000100000002C0140002000D00010100000000000100000000020070000500000000001400FF010F0001010000000000051200000000001800BF01020001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000000014001400000001010000000000050B000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EFS\TriggerInfo

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EFS\TriggerInfo\0
Type REG_DWORD 0x14
Action REG_DWORD 0x1
GUID REG_BINARY 44E663685DDDA243A8B57A81B46672E6



========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso" /s =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso
DisplayName REG_SZ @keyiso.dll,-100
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\lsass.exe
Description REG_SZ @keyiso.dll,-101
ObjectName REG_SZ LocalSystem
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x3
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso\Security
Security REG_BINARY 01001480B4000000C0000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020084000600000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000000014008D010200010100000000000506000000000014000001000001010000000000050B000000010100000000000512000000010100000000000512000000



========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon" /s =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon
DisplayName REG_SZ @%SystemRoot%\System32\netlogon.dll,-102
Group REG_SZ MS_WindowsRemoteValidation
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\lsass.exe
Description REG_SZ @%SystemRoot%\System32\netlogon.dll,-103
ObjectName REG_SZ LocalSystem
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x3
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters
Update REG_SZ no
DisablePasswordChange REG_DWORD 0x0
MaximumPasswordAge REG_DWORD 0x1e
RequireSignOrSeal REG_DWORD 0x1
RequireStrongKey REG_DWORD 0x1
SealSecureChannel REG_DWORD 0x1
SignSecureChannel REG_DWORD 0x1



========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProtectedStorage" /s =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProtectedStorage
DisplayName REG_SZ @%systemroot%\system32\psbase.dll,-300
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\lsass.exe
Description REG_SZ @%systemroot%\system32\psbase.dll,-301
ObjectName REG_SZ LocalSystem
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x3
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ RpcSs
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProtectedStorage\Security
Security REG_BINARY 01001480A0000000AC000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020070000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014009D010200010100000000000506000000000014000001000001010000000000050B000000010100000000000512000000010100000000000512000000



========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SamSs" /s =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SamSs
DisplayName REG_SZ @%SystemRoot%\system32\samsrv.dll,-1
Group REG_SZ MS_WindowsLocalValidation
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\lsass.exe
Description REG_SZ @%SystemRoot%\system32\samsrv.dll,-2
ObjectName REG_SZ LocalSystem
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ RPCSS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SamSs\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200600004000000000014008D00020001010000000000050B00000000001800FF010F0001020000000000052000000020020000000014008D000000010100000000000504000000000018008D00000001020000000000052000000021020000010100000000000512000000010100000000000512000000



========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VaultSvc" /s =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VaultSvc
DisplayName REG_SZ @%SystemRoot%\system32\vaultsvc.dll,-1003
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\lsass.exe
Description REG_SZ @%SystemRoot%\system32\vaultsvc.dll,-1004
ObjectName REG_SZ LocalSystem
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x3
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ rpcss
RequiredPrivileges REG_MULTI_SZ SeTcbPrivilege\0SeTakeOwnershipPrivilege

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VaultSvc\Security
Security REG_BINARY 01001480A0000000AC000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020070000500000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D010200010100000000000504000000000014008D010200010100000000000506000000000014000001000001010000000000050B000000010100000000000512000000010100000000000512000000



========= End of Reg: =========

EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 19:41:43 ====

*****************************************************************
Here is the Search.txt log:

****************************************************************
Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Wilson at 2015-07-24 19:49:18
Running from C:\Users\Wilson\Downloads
Boot Mode: Normal

================== Search Files: "csrss.exe;lsass.exe;lsm.exe;services.exe;smss.exe;winlogon.exe;aticfx32.dll;atidxx32.dll;atiu9pag.dll;atiumdag.dll;atiumdva.dll;atiuxpag.dll;d3dx10_41.dll;expsrv.dll;msjet40.dll;MSJINT40.DLL;msjter40.dll;mswstr10.dll;odbcji32.dll;odbcjt32.dll;sirenacm.dll;VBAJET32.DLL
" =============

C:\Windows\winsxs\x86_microsoft-windows-m..s-components-jetvba_31bf3856ad364e35_6.1.7600.16385_none_7568a7acf374dfed\expsrv.dll
[2009-07-13 17:04][2009-07-13 21:15] 0380957 ____A (Microsoft Corporation) EFF10B20A6F094BC75385791C526546D [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-m..s-components-jetvba_31bf3856ad364e35_6.1.7600.16385_none_7568a7acf374dfed\vbajet32.dll
[2009-07-13 17:04][2009-07-13 21:16] 0030749 ____A (Microsoft Corporation) 73D1680C94C1B57F6D8E49B2AE8122ED [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.1.7600.16385_none_0f472a3521bdcfd4\msjint40.dll
[2009-07-13 17:03][2009-07-13 21:15] 0024576 ____A (Microsoft Corporation) 0219B6F2329F4C1BC24580C83D0F3645 [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.1.7600.16385_none_0f472a3521bdcfd4\msjter40.dll
[2009-07-13 17:03][2009-07-13 21:15] 0061440 ____A (Microsoft Corporation) 870285A6C2429CFC47FF95DA49313664 [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.1.7600.16385_none_0f472a3521bdcfd4\mswstr10.dll
[2009-07-13 17:04][2009-07-13 21:15] 0618496 ____A (Microsoft Corporation) 1F55C7C1E338047DC5E329011A781FB3 [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-m..-mdac-odbc-jet-jt32_31bf3856ad364e35_6.1.7601.21747_none_558f4b4ed9b7da85\odbcjt32.dll
[2012-04-28 03:45][2012-04-28 03:45] 0319488 ____A (Microsoft Corporation) F14F72B85413ED0593E9E76744EFF07F [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-m..-mdac-odbc-jet-jt32_31bf3856ad364e35_6.1.7601.17632_none_550b7cfdc096a017\odbcjt32.dll
[2012-04-28 03:45][2012-04-28 03:45] 0319488 ____A (Microsoft Corporation) 3FDB77D0BBEEB36AE35077ABC0BF80EC [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-m..-mdac-odbc-jet-jt32_31bf3856ad364e35_6.1.7601.17514_none_55231b83c0849dbc\odbcjt32.dll
[2010-11-20 23:24][2010-11-20 23:24] 0319488 ____A (Microsoft Corporation) 477C4F443B046A05A2758471E6893E25 [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-m..-mdac-odbc-jet-ji32_31bf3856ad364e35_6.1.7600.16385_none_4e1138c1c6b8e855\odbcji32.dll
[2009-07-13 20:12][2009-07-13 21:16] 0024576 ____A (Microsoft Corporation) 03F86B6A95728E83364B67FCA192DFE9 [File is signed]

C:\Windows\winsxs\x86_microsoft-windows-m..-components-jetcore_31bf3856ad364e35_6.1.7600.16385_none_046511bf090691ab\msjet40.dll
[2009-07-13 17:03][2009-07-13 21:15] 1589248 ____A (Microsoft Corporation) C9380B96A0D51B8109D19D13467ADA0B [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[2014-10-15 01:55][2014-07-15 23:23] 0455680 ____A (Microsoft Corporation) 98AA0BFEE089C7E5DADB94190D93456C [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014-05-14 03:17][2014-03-04 07:08] 0455680 ____A (Microsoft Corporation) 6CE2AE073BD21C542FC2C707CAE944CC [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014-10-15 01:55][2014-07-16 22:07] 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014-05-14 03:17][2014-03-04 05:43] 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010-11-20 23:24][2010-11-20 23:24] 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_036ad230212a39ce\lsm.exe
[2010-11-20 23:23][2010-11-20 23:23] 0343040 ____A (Microsoft Corporation) 9662EE182644511439F1C53745DC1C88 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23072_none_0aa7312749218315\smss.exe
[2015-06-10 02:29][2015-05-25 14:21] 0112640 ____A (Microsoft Corporation) 18196A0F4C3904C81ACE6E91529227D9 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23040_none_0ac5a057490afc94\smss.exe
[2015-05-13 11:30][2015-04-27 15:17] 0112640 ____A (Microsoft Corporation) CF8DC00FA29243A347AD4B605AFFF1E5 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23002_none_0af2e09b48e8bf7e\smss.exe
[2015-04-15 09:08][2015-03-17 01:11] 0112640 ____A (Microsoft Corporation) 206A6B71AC09D9F7651F0A8B015676C7 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22948_none_0acdca854903940a\smss.exe
[2015-03-11 22:20][2015-02-02 23:50] 0112640 ____A (Microsoft Corporation) 8CD5A97B8D155718D357B2D9BC6B113D [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22943_none_0ac8c91349081557\smss.exe
[2015-03-11 22:19][2015-01-26 23:56] 0112640 ____A (Microsoft Corporation) B75198D88A34994DE1E4D9F2286DF759 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22923_none_0ade68eb48f7dd75\smss.exe
[2014-05-14 03:17][2014-04-11 22:31] 0112640 ____A (Microsoft Corporation) 3442A918386D4716D74C661543151746 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22921_none_0adc685748f9aac7\smss.exe
[2014-05-14 03:17][2014-04-11 22:31] 0112640 ____A (Microsoft Corporation) 3442A918386D4716D74C661543151746 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22908_none_0af90a3548e32446\smss.exe
[2014-05-14 03:17][2014-04-11 22:31] 0112640 ____A (Microsoft Corporation) 3442A918386D4716D74C661543151746 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22780_none_0a9a84b9492b3ec8\smss.exe
[2014-05-14 03:17][2014-04-11 22:31] 0112640 ____A (Microsoft Corporation) 3442A918386D4716D74C661543151746 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_0abdf375491039d3\smss.exe
[2014-05-14 03:17][2014-04-11 22:31] 0112640 ____A (Microsoft Corporation) 3442A918386D4716D74C661543151746 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013-10-09 13:06][2013-08-28 21:04] 0112640 ____A (Microsoft Corporation) B2B31D4C79EFD883097FA24D02E79C12 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013-09-10 18:52][2013-08-02 01:06] 0112640 ____A (Microsoft Corporation) CB5DA3E44456D1084BCD87F5B1B3152B [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_0aae4fa7491b124a\smss.exe
[2013-08-14 06:39][2013-07-07 22:50] 0112640 ____A (Microsoft Corporation) E65601CF4BC0CF3718AFBE56A9AD846F [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2013-04-09 23:12][2013-03-18 22:57] 0112640 ____A (Microsoft Corporation) 498E2A20E145199709CD100CDBA8603D [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18869_none_0a2f8e2c2ff54579\smss.exe
[2015-06-10 02:29][2015-05-25 14:18] 0112640 ____A (Microsoft Corporation) 9BBEA639884C0338DD78654277BD188A [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18839_none_0a4ffdf02fdcf1a6\smss.exe
[2015-05-13 11:30][2015-04-27 15:22] 0112640 ____A (Microsoft Corporation) DA5EF2CC0764BE7097BAFA9CAF903FE8 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18798_none_0a0e1c38300e82ce\smss.exe
[2015-04-15 09:08][2015-03-17 01:16] 0112640 ____A (Microsoft Corporation) 0B6514A14631E41DE4D6D40D1C80BE68 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18741_none_0a3d29ce2fec45b8\smss.exe
[2015-03-11 22:19][2015-02-02 23:30] 0112640 ____A (Microsoft Corporation) 63D3C30B497347495B8EA78A38188969 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18738_none_0a4efbc02fdddb28\smss.exe
[2015-03-11 22:19][2015-01-28 23:18] 0112640 ____A (Microsoft Corporation) 83C0199B7C06AC3C33212E1A0DC2260E [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe
[2013-09-10 18:52][2013-08-01 20:59] 0112640 ____A (Microsoft Corporation) F0970A4BC8395659C22BF53D0FADF16F [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013-04-09 23:12][2013-03-18 23:06] 0112640 ____A (Microsoft Corporation) F0371DE302FFFF8F086661611BE60848 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2009-07-13 19:19][2009-07-13 21:39] 0112640 ____A (Microsoft Corporation) 1911A3356FA3F77CCC825CCBAC038C2A [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_2df8898bfd178df8\services.exe
[2015-05-13 11:30][2015-04-11 00:31] 0328704 ____A (Microsoft Corporation) 43DCEC23557C32F7702C8D5BC729738F [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_2d7fe646e3ec3705\services.exe
[2015-05-13 11:30][2015-04-12 23:28] 0328704 ____A (Microsoft Corporation) 71C85477DF9347FE8E7BC55768473FCA [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 19:19][2009-07-13 21:39] 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23115_none_04faf6388c87bd17\lsass.exe
[2015-07-14 19:50][2015-07-01 14:20] 0031232 ____A (Microsoft Corporation) 5F8423E7FDA0EB902C6D156F6121E094 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23112_none_04f7f55a8c8a7112\lsass.exe
[2015-07-14 19:49][2015-06-27 14:12] 0031232 ____A (Microsoft Corporation) BD1E0ADA58D82453182F297C4C6AA00A [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23072_none_04b713ec8cbb1b91\lsass.exe
[2015-06-10 02:29][2015-05-25 14:21] 0031232 ____A (Microsoft Corporation) 2A953A1104439BA166FD63A5806A16DF [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23040_none_04d5831c8ca49510\lsass.exe
[2015-05-13 11:30][2015-04-27 15:16] 0031232 ____A (Microsoft Corporation) D52C700254E7FBD9BF6D817BA7BA5309 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_04fcf4e68c85f29e\lsass.exe
[2015-05-13 11:32][2015-04-03 23:25] 0031232 ____A (Microsoft Corporation) BB9C1B746086558899935E3333CD4580 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23002_none_0502c3608c8257fa\lsass.exe
[2015-04-15 09:08][2015-03-17 01:11] 0031232 ____A (Microsoft Corporation) DCCDD65A4E68360E5CF57AFC864C64E0 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22983_none_04ad6c288cc21d97\lsass.exe
[2015-03-11 22:18][2015-03-06 01:32] 0031232 ____A (Microsoft Corporation) 395CAE11172BEBB0253895E8B5F82BFA [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_04ddad4a8c9d2c86\lsass.exe
[2015-03-11 22:19][2015-02-02 23:50] 0031232 ____A (Microsoft Corporation) CBB80CC43E683F929F8D5E50330F7BA6 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22943_none_04d8abd88ca1add3\lsass.exe
[2015-03-11 22:19][2015-01-26 23:56] 0031232 ____A (Microsoft Corporation) 5B63917A1BE4728D8111850CDEF252F1 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f\lsass.exe
[2014-05-14 03:17][2014-04-11 22:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22923_none_04ee4bb08c9175f1\lsass.exe
[2014-05-14 03:17][2014-04-11 22:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec\lsass.exe
[2015-02-11 03:38][2015-01-10 03:09] 0031232 ____A (Microsoft Corporation) 55C62F66528A7BF58EA964B70BCB3D96 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_04d8a9f28ca1b0ac\lsass.exe
[2014-05-14 03:17][2014-04-11 22:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630\lsass.exe
[2014-11-11 15:19][2014-09-19 05:47] 0031232 ____A (Microsoft Corporation) B84317193B6A29F5F5DCF538C34FDCED [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_0507eaca8c7da644\lsass.exe
[2014-05-14 03:17][2014-04-11 22:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[2014-05-14 03:17][2014-04-11 22:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2014-05-14 03:17][2014-04-11 22:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[2014-07-09 09:39][2014-05-30 04:00] 0031232 ____A (Microsoft Corporation) 04F6C08B30C599D301CE8530A6F6A703 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014-05-14 03:17][2014-04-11 22:31] 0031232 ____A (Microsoft Corporation) 6598EBC4D209318EBD81F76833ECBEDB [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[2013-11-13 14:16][2013-09-24 21:08] 0030720 ____A (Microsoft Corporation) F021DAFB1F87616FCEBA159C2ED7042F [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2012-07-15 03:23][2012-06-04 03:51] 0031232 ____A (Microsoft Corporation) 79C908CAA6F43021EB05F4C733A927D1 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2012-04-28 03:45][2012-04-28 03:45] 0031232 ____A (Microsoft Corporation) 0A10B74FBB437FF9A23F1D5DE4446A83 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18912_none_046e806d736c9e06\lsass.exe
[2015-07-14 19:50][2015-07-01 16:47] 0031232 ____A (Microsoft Corporation) 97D879A884E7CDFED51AD63348A35254 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18909_none_0480525f735e3376\lsass.exe
[2015-07-14 19:49][2015-06-27 14:02] 0031232 ____A (Microsoft Corporation) FCCD46F56DD641ED856FC0E65757B4FD [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18869_none_043f70f1738eddf5\lsass.exe
[2015-06-10 02:29][2015-05-25 14:18] 0031232 ____A (Microsoft Corporation) 17A6A9AAD04CCC6EE53290585BFC43AF [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18839_none_045fe0b573768a22\lsass.exe
[2015-05-13 11:30][2015-04-27 15:22] 0031232 ____A (Microsoft Corporation) 9262D6E2C239EDD6D87B080F2BCCEC9F [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_046e7e87736ca0df\lsass.exe
[2015-05-13 11:32][2015-04-03 23:20] 0031232 ____A (Microsoft Corporation) 4C3FAC816925F73A34AD52F1F7C0A7EA [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18798_none_041dfefd73a81b4a\lsass.exe
[2015-04-15 09:08][2015-03-17 01:15] 0031232 ____A (Microsoft Corporation) CA4FC33FB22D92368A0B221092B46374 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18779_none_04349f1f7396fcbf\lsass.exe
[2015-03-11 22:18][2015-03-06 01:41] 0031232 ____A (Microsoft Corporation) B6C7729936AAF8E0697F0A7DCA82CED8 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_044d0c937385de34\lsass.exe
[2015-03-11 22:19][2015-02-02 23:30] 0031232 ____A (Microsoft Corporation) 7554A1B82B4A222FD4CC292ABD38A558 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18738_none_045ede85737773a4\lsass.exe
[2015-03-11 22:19][2015-01-28 23:18] 0031232 ____A (Microsoft Corporation) 43FE6F74D2D43443CF2279613FA0A516 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519\lsass.exe
[2015-02-11 03:37][2015-01-15 04:09] 0031232 ____A (Microsoft Corporation) E0105F3B5B1C4B0F5B3D788A13504EC6 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18717_none_04737e137368226b\lsass.exe
[2015-02-11 03:35][2015-01-14 02:04] 0031232 ____A (Microsoft Corporation) 1E31700D9C9E0FB79999D02A8437482C [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666\lsass.exe
[2015-02-11 03:38][2015-01-10 02:47] 0031232 ____A (Microsoft Corporation) C8152B86C0F12E61B0AD5C95751547D3 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_045ddc5573785d26\lsass.exe
[2014-05-14 03:17][2014-04-11 22:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc\lsass.exe
[2014-11-11 15:19][2014-09-19 05:42] 0031232 ____A (Microsoft Corporation) 341655B216721D89CADE9DEA2F33872F [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2014-05-14 03:17][2014-04-11 22:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2014-05-14 03:17][2014-04-11 22:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[2014-07-09 09:39][2014-05-30 04:07] 0031232 ____A (Microsoft Corporation) F23812F9F7B130854E4BC0389F7C688C [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014-05-14 03:17][2014-04-11 22:19] 0031232 ____A (Microsoft Corporation) 204F3F58212B3E422C90BD9691A2DF28 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2013-11-13 14:16][2013-09-24 21:03] 0030720 ____A (Microsoft Corporation) 4D71227301DD8D09097B9E4CC6527E5A [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2012-04-28 03:45][2012-04-28 03:45] 0031232 ____A (Microsoft Corporation) C118A82CD78818C29AB228366EBF81C3 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2012-04-28 03:45][2012-04-28 03:45] 0031232 ____A (Microsoft Corporation) C118A82CD78818C29AB228366EBF81C3 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2009-07-13 19:20][2009-07-13 21:39] 0031232 ____A (Microsoft Corporation) 0793F40B9B8A1BDD266296409DBD91EA [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2009-07-13 19:19][2009-07-13 21:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File is signed]

C:\Windows\winsxs\amd64_atiilhag.inf_31bf3856ad364e35_6.1.7601.17514_none_03c46b205be81dfd\atidxx32.dll
[2009-07-13 17:59][2009-07-13 21:40] 2342400 ____A (ATI Technologies Inc. ) A4950D76F3C8C765F7D31E0FF6946C54 [File is signed]

C:\Windows\winsxs\amd64_atiilhag.inf_31bf3856ad364e35_6.1.7601.17514_none_03c46b205be81dfd\atiumdag.dll
[2009-07-13 17:59][2009-07-13 21:40] 4030976 ____A (ATI Technologies Inc. ) 26A9FC0A341229B8D3E883B4F4908B91 [File is signed]

C:\Windows\winsxs\amd64_atiilhag.inf_31bf3856ad364e35_6.1.7601.17514_none_03c46b205be81dfd\atiumdva.dll
[2009-07-13 17:59][2009-07-13 21:40] 4772352 ____A (ATI Technologies Inc. ) 99EA8876679C8BCA016835C97BE2BBF0 [File is signed]

C:\Windows\SysWOW64\aticfx32.dll
[2012-04-28 03:33][2011-10-26 15:06] 0748544 ____A (Advanced Micro Devices, Inc. ) BB05618F2FDC188AFC904941D110735A [File is signed]

C:\Windows\SysWOW64\atidxx32.dll
[2012-04-28 03:33][2011-10-26 14:55] 4292096 ____A (Advanced Micro Devices, Inc. ) 00AAEE57E9620DF4C8642FFE8D345393 [File is signed]

C:\Windows\SysWOW64\atiu9pag.dll
[2012-04-28 03:33][2011-10-26 14:20] 0029184 ____A (Advanced Micro Devices, Inc. ) B710F24DE8FDDC8720A8EAC0748B3FD5 [File is signed]

C:\Windows\SysWOW64\atiumdag.dll
[2012-04-28 03:33][2011-10-26 14:35] 4353536 ____A (Advanced Micro Devices, Inc. ) 24A936EC6DD913A2F946EED4E215157E [File is signed]

C:\Windows\SysWOW64\atiumdva.dll
[2012-04-28 03:33][2011-10-26 14:32] 4189184 ____A (Advanced Micro Devices, Inc. ) 27510C2A5AE198C71DAE113E4AF64F61 [File is signed]

C:\Windows\SysWOW64\atiuxpag.dll
[2012-04-28 03:33][2011-10-26 14:21] 0031744 ____A (Advanced Micro Devices, Inc. ) E129C261C9EF8AE8ED1A0C1515A31F6D [File is signed]

C:\Windows\SysWOW64\csrss.exe
[2014-03-08 18:50][2014-03-08 18:50] 0000000 ____A ()

C:\Windows\SysWOW64\d3dx10_41.dll
[2010-07-11 16:47][2010-07-11 16:47] 0453456 ____A (Microsoft Corporation) 1AA571774936717EE776DBED51E9EDF4 [File is signed]

C:\Windows\SysWOW64\expsrv.dll
[2009-07-13 17:04][2009-07-13 21:15] 0380957 ____A (Microsoft Corporation) EFF10B20A6F094BC75385791C526546D [File is signed]

C:\Windows\SysWOW64\lsass.exe
[2014-03-08 18:50][2014-03-08 18:50] 0000000 ____A ()

C:\Windows\SysWOW64\lsm.exe
[2014-03-08 18:50][2014-03-08 18:50] 0000000 ____A ()

C:\Windows\SysWOW64\msjet40.dll
[2009-07-13 17:03][2009-07-13 21:15] 1589248 ____A (Microsoft Corporation) C9380B96A0D51B8109D19D13467ADA0B [File is signed]

C:\Windows\SysWOW64\msjint40.dll
[2009-07-13 17:03][2009-07-13 21:15] 0024576 ____A (Microsoft Corporation) 0219B6F2329F4C1BC24580C83D0F3645 [File is signed]

C:\Windows\SysWOW64\msjter40.dll
[2009-07-13 17:03][2009-07-13 21:15] 0061440 ____A (Microsoft Corporation) 870285A6C2429CFC47FF95DA49313664 [File is signed]

C:\Windows\SysWOW64\mswstr10.dll
[2009-07-13 17:04][2009-07-13 21:15] 0618496 ____A (Microsoft Corporation) 1F55C7C1E338047DC5E329011A781FB3 [File is signed]

C:\Windows\SysWOW64\odbcji32.dll
[2009-07-13 20:12][2009-07-13 21:16] 0024576 ____A (Microsoft Corporation) 03F86B6A95728E83364B67FCA192DFE9 [File is signed]

C:\Windows\SysWOW64\odbcjt32.dll
[2012-04-28 03:45][2012-04-28 03:45] 0319488 ____A (Microsoft Corporation) 3FDB77D0BBEEB36AE35077ABC0BF80EC [File is signed]

C:\Windows\SysWOW64\services.exe
[2014-03-08 18:50][2014-03-08 18:50] 0000000 ____A ()

C:\Windows\SysWOW64\sirenacm.dll
[2012-03-08 18:50][2012-03-08 18:50] 0049016 ____A (Microsoft Corporation) F2BE8BAF8E8FFBA6969B9CF92367283A [File is signed]

C:\Windows\SysWOW64\smss.exe
[2014-03-08 18:50][2014-03-08 18:50] 0000000 ____A ()

C:\Windows\SysWOW64\vbajet32.dll
[2009-07-13 17:04][2009-07-13 21:16] 0030749 ____A (Microsoft Corporation) 73D1680C94C1B57F6D8E49B2AE8122ED [File is signed]

C:\Windows\SysWOW64\winlogon.exe
[2014-03-08 18:50][2014-03-08 18:50] 0000000 ____A ()

C:\Windows\System32\aticfx32.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\atidxx32.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\atiu9pag.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\atiumdag.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\atiumdva.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\atiuxpag.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\csrss.exe
[2009-07-13 19:19][2009-07-13 21:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72 [File is signed]

C:\Windows\System32\d3dx10_41.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\expsrv.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\lsass.exe
[2015-07-14 19:50][2015-07-01 16:47] 0031232 ____A (Microsoft Corporation) 97D879A884E7CDFED51AD63348A35254 [File is signed]

C:\Windows\System32\lsm.exe
[2010-11-20 23:23][2010-11-20 23:23] 0343040 ____A (Microsoft Corporation) 9662EE182644511439F1C53745DC1C88 [File is signed]

C:\Windows\System32\msjet40.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\MSJINT40.DLL
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\msjter40.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\mswstr10.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\odbcji32.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\odbcjt32.dll
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\services.exe
[2015-05-13 11:30][2015-04-12 23:28] 0328704 ____A (Microsoft Corporation) 71C85477DF9347FE8E7BC55768473FCA [File is signed]

C:\Windows\System32\sirenacm.dll
[2013-05-12 22:28][2013-05-12 22:28] 0000000 ____A ()

C:\Windows\System32\smss.exe
[2015-06-10 02:29][2015-05-25 14:18] 0112640 ____A (Microsoft Corporation) 9BBEA639884C0338DD78654277BD188A [File is signed]

C:\Windows\System32\VBAJET32.DLL
[2013-03-09 15:00][2013-03-09 15:00] 0000000 ____A ()

C:\Windows\System32\winlogon.exe
[2014-10-15 01:55][2014-07-16 22:07] 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7129524.inf_amd64_neutral_26ee58aafbaa7dcf\B127441\aticfx32.dll
[2012-04-28 03:33][2011-10-26 15:06] 0748544 ____A (Advanced Micro Devices, Inc. ) BB05618F2FDC188AFC904941D110735A [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7129524.inf_amd64_neutral_26ee58aafbaa7dcf\B127441\atidxx32.dll
[2012-04-28 03:33][2011-10-26 14:55] 4292096 ____A (Advanced Micro Devices, Inc. ) 00AAEE57E9620DF4C8642FFE8D345393 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7129524.inf_amd64_neutral_26ee58aafbaa7dcf\B127441\atiu9pag.dll
[2012-04-28 03:33][2011-10-26 14:20] 0029184 ____A (Advanced Micro Devices, Inc. ) B710F24DE8FDDC8720A8EAC0748B3FD5 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7129524.inf_amd64_neutral_26ee58aafbaa7dcf\B127441\atiumdag.dll
[2012-04-28 03:33][2011-10-26 14:35] 4353536 ____A (Advanced Micro Devices, Inc. ) 24A936EC6DD913A2F946EED4E215157E [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7129524.inf_amd64_neutral_26ee58aafbaa7dcf\B127441\atiumdva.dll
[2012-04-28 03:33][2011-10-26 14:32] 4189184 ____A (Advanced Micro Devices, Inc. ) 27510C2A5AE198C71DAE113E4AF64F61 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\c7129524.inf_amd64_neutral_26ee58aafbaa7dcf\B127441\atiuxpag.dll
[2012-04-28 03:33][2011-10-26 14:21] 0031744 ____A (Advanced Micro Devices, Inc. ) E129C261C9EF8AE8ED1A0C1515A31F6D [File is signed]

C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atidxx32.dll
[2009-07-13 17:59][2009-07-13 21:40] 2342400 ____A (ATI Technologies Inc. ) A4950D76F3C8C765F7D31E0FF6946C54 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atiumdag.dll
[2009-07-13 17:59][2009-07-13 21:40] 4030976 ____A (ATI Technologies Inc. ) 26A9FC0A341229B8D3E883B4F4908B91 [File is signed]

C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atiumdva.dll
[2009-07-13 17:59][2009-07-13 21:40] 4772352 ____A (ATI Technologies Inc. ) 99EA8876679C8BCA016835C97BE2BBF0 [File is signed]

C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.4763\EXPSRV.DLL
[2010-02-25 11:07][2010-02-25 11:07] 0452936 ___RA (Microsoft Corporation) C9978EDA975F98F26AF49E5D2B1286C1 [File is signed]

C:\Windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.4763\VBAJET32.DLL
[2010-02-25 11:07][2010-02-25 11:07] 0049488 ___RA (Microsoft Corporation) E6C17655925007E9A945E445EA4DF754 [File is signed]

C:\Windows\erdnt\cache64\lsass.exe
[2015-07-20 22:29][2015-07-01 16:47] 0031232 ____A (Microsoft Corporation) 97D879A884E7CDFED51AD63348A35254 [File is signed]

C:\Windows\erdnt\cache64\services.exe
[2015-07-20 22:29][2015-04-12 23:28] 0328704 ____A (Microsoft Corporation) 71C85477DF9347FE8E7BC55768473FCA [File is signed]

C:\Windows\erdnt\cache64\winlogon.exe
[2015-07-20 22:29][2014-07-16 22:07] 0455168 ____A (Microsoft Corporation) 8CEBD9D0A0A879CDE9F36F4383B7CAEA [File is signed]

C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18839_none_0a4ffdf02fdcf1a6\smss.exe
[2015-05-13 11:30][2015-04-27 15:22] 0112640 ____A (Microsoft Corporation) DA5EF2CC0764BE7097BAFA9CAF903FE8 [File is signed]

C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18869_none_043f70f1738eddf5\lsass.exe
[2015-06-10 02:29][2015-05-25 14:18] 0031232 ____A (Microsoft Corporation) 17A6A9AAD04CCC6EE53290585BFC43AF [File is signed]

C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18839_none_045fe0b573768a22\lsass.exe
[2015-05-13 11:30][2015-04-27 15:22] 0031232 ____A (Microsoft Corporation) 9262D6E2C239EDD6D87B080F2BCCEC9F [File is signed]

C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2015-07-14 19:37][2015-06-18 08:39] 0893752 ____A (MalwareBytes) 0692C8163852AB5674E2EB3B36131EF3 [File is signed]

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXPSRV.DLL
[2012-12-10 10:49][2012-12-10 10:49] 0454744 ____A (Microsoft Corporation) 7172970EFFB3EA5600B53D5905566ED0 [File is signed]

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\VBAJET32.DLL
[2012-12-10 10:49][2012-12-10 10:49] 0050272 ____A (Microsoft Corporation) AAC786999127BF644763C8422EBF0C24 [File is signed]

====== End of Search ======


Thank you !!
ddbjwilson is offline  
Old 07-25-2015, 02:29 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ddbjwilson. You're very welcome.

Run FRST64 again. Copy/paste the following bolded text into the Search window and click 'Search Registry':

csrss.exe;lsass.exe;lsm.exe;services.exe;smss.exe;winlogon.exe;{79A765E1-C399-405B-85AF-466F52E918B0};{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}

Once done, a log will pop open. Please copy/paste the contents of the log here in your next reply.

The log, Search.txt, will also be saved at the same location that FRST64.exe is located.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-26-2015, 07:12 AM   #9
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: windows 7



Hello Chemist - Here is the search registry log, FRST.
Thanks again.

Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Wilson at 2015-07-26 10:08:43
Running from C:\Users\Wilson\Downloads
Boot Mode: Normal

================== Search Registry: "csrss.exe;lsass.exe;lsm.exe;services.exe;smss.exe;winlogon.exe;{79A765E1-C399-405B-85AF-466F52E918B0};{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}" ===========


===================== Search result for "csrss.exe" ==========

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3685fcbdfb21a5ac]
"f!csrss.exe.mui"="0x630073007200730073002E006500780065002E006D0075006900"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_da67613a42c43476]
"f!csrss.exe.mui"="0x630073007200730073002E006500780065002E006D0075006900"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unsecapp.exe:wbemtest.exe:winmgmt.exe:wmic.exe:bfsvc.exe:Twunk_16.exe:Twunk_32.exe:wuauclt.exe:wsqmcons.exe:sapisvr.exe:WinSAT.exe:p2phost.exe:SearchProtocolHost.exe:WerFault.exe:drvinst.exe:ehshell.exe:UI0Detect.exe:ehtray.exe:HelpPane.exe:mrt.exe:SearchFilterHost.exe:mobsync.exe:Narrator.exe:SLUI.exe:taskmgr.exe:PresentationSettings.exe:vds.exe:sdclt.exe:irftp.exe:DFDWiz.exe:SndVol.exe:makecab.exe:msfeedssync.exe:unregmp2.exe:DeviceProperties.exe:rstrui.exe:MdRes.exe:netsh.exe:printui.exe:mcupdate.exe:4mmdat.sys:61883.sys:ACPI.sys:amdk7.sys:amdk8.sys:ASYNCMAC.SYS:atapi.sys:AVC.SYS:cdfs.sys:cdrom.sys:circlass.sys:cmbatt.sys:crusoe.sys:CSC.Sys:dc21x4vm.sys:disk.sys:dot4.sys:dot4usb.sys:drmkaud.sys:ecache.sys:fdc.sys:floppy.sys:hdaudbus.sys:HDAudio.sys:HIDBTH.SYS:HIDIR.SYS:i8042prt.sys:intelppm.sys:irenum.SYS:IRSIR.SYS:kbdclass.sys:kbdhid.sys:LOOP.SYS:mf.sys:monitor.sys:mouclass.sys:mouhid.sys:msisadrv.sys:msiscsi.sys:NDISWAN.SYS:nsiproxy.sys:ohci1394.sys:pci.sys:pciide.sys:powerfil.sys:processr.sys:rasl2tp.sys:raspppoe.sys:RASPPTP.SYS:RDPCDD.SYS:rfcomm.sys:sbp2port.sys:sdbus.sys:serenum.sys:serial.sys:sermouse.sys:sffdisk.sys:sffp_mmc.sys:smbios.sys:swenum.sys:tdx.sys:termdd.sys:tpm.sys:tunmp.sys:tunnel.sys:umbus.sys:update.sys:usb8023.sys:USBAudio.sys:USBCCGP.SYS:usbcir.sys:USBEHCI.sys:usbhub.sys:USBOHCI.sys:usbprint.sys:USBUHCI.sys:viac7.sys:wacompen.sys:wceusbsh.sys:winusb.sys:ws2ifsl.sys:xnacc.sys"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16"


===================== Search result for "lsass.exe" ==========

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_047d4bcf7360effc]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18714_none_04707d35736ad666]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18719_none_04757ea773665519]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_044d0c937385de34]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18798_none_041dfefd73a81b4a]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18839_none_045fe0b573768a22]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18909_none_0480525f735e3376]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_04fa1a008c887630]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22920_none_04eb4ad28c9429ec]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22925_none_04f04c448c8fa89f]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_04ddad4a8c9d2c86]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23002_none_0502c3608c8257fa]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23040_none_04d5831c8ca49510]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23112_none_04f7f55a8c8a7112]
"f!lsass.exe"="0x6C0073006100730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.18766 (win7sp1_gdr.150217-1551)\ComponentFamilies\amd64_microsoft-windows-lsa_31bf3856ad364e35_none_57c3f6b236ae7a5a\f256!lsass.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unsecapp.exe:wbemtest.exe:winmgmt.exe:wmic.exe:bfsvc.exe:Twunk_16.exe:Twunk_32.exe:wuauclt.exe:wsqmcons.exe:sapisvr.exe:WinSAT.exe:p2phost.exe:SearchProtocolHost.exe:WerFault.exe:drvinst.exe:ehshell.exe:UI0Detect.exe:ehtray.exe:HelpPane.exe:mrt.exe:SearchFilterHost.exe:mobsync.exe:Narrator.exe:SLUI.exe:taskmgr.exe:PresentationSettings.exe:vds.exe:sdclt.exe:irftp.exe:DFDWiz.exe:SndVol.exe:makecab.exe:msfeedssync.exe:unregmp2.exe:DeviceProperties.exe:rstrui.exe:MdRes.exe:netsh.exe:printui.exe:mcupdate.exe:4mmdat.sys:61883.sys:ACPI.sys:amdk7.sys:amdk8.sys:ASYNCMAC.SYS:atapi.sys:AVC.SYS:cdfs.sys:cdrom.sys:circlass.sys:cmbatt.sys:crusoe.sys:CSC.Sys:dc21x4vm.sys:disk.sys:dot4.sys:dot4usb.sys:drmkaud.sys:ecache.sys:fdc.sys:floppy.sys:hdaudbus.sys:HDAudio.sys:HIDBTH.SYS:HIDIR.SYS:i8042prt.sys:intelppm.sys:irenum.SYS:IRSIR.SYS:kbdclass.sys:kbdhid.sys:LOOP.SYS:mf.sys:monitor.sys:mouclass.sys:mouhid.sys:msisadrv.sys:msiscsi.sys:NDISWAN.SYS:nsiproxy.sys:ohci1394.sys:pci.sys:pciide.sys:powerfil.sys:processr.sys:rasl2tp.sys:raspppoe.sys:RASPPTP.SYS:RDPCDD.SYS:rfcomm.sys:sbp2port.sys:sdbus.sys:serenum.sys:serial.sys:sermouse.sys:sffdisk.sys:sffp_mmc.sys:smbios.sys:swenum.sys:tdx.sys:termdd.sys:tpm.sys:tunmp.sys:tunnel.sys:umbus.sys:update.sys:usb8023.sys:USBAudio.sys:USBCCGP.SYS:usbcir.sys:USBEHCI.sys:usbhub.sys:USBOHCI.sys:usbprint.sys:USBUHCI.sys:viac7.sys:wacompen.sys:wceusbsh.sys:winusb.sys:ws2ifsl.sys:xnacc.sys"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\343305C9]
"AppFullPath"="C:\Windows\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\343305C9]
"AppFullPath"="C:\Windows\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|[email protected],-25407|[email protected],-25408|[email protected],-25000|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\343305C9]
"AppFullPath"="C:\Windows\system32\lsass.exe"


===================== Search result for "lsm.exe" ==========

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_036ad230212a39ce]
"f!lsm.exe"="0x6C0073006D002E00650078006500"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unsecapp.exe:wbemtest.exe:winmgmt.exe:wmic.exe:bfsvc.exe:Twunk_16.exe:Twunk_32.exe:wuauclt.exe:wsqmcons.exe:sapisvr.exe:WinSAT.exe:p2phost.exe:SearchProtocolHost.exe:WerFault.exe:drvinst.exe:ehshell.exe:UI0Detect.exe:ehtray.exe:HelpPane.exe:mrt.exe:SearchFilterHost.exe:mobsync.exe:Narrator.exe:SLUI.exe:taskmgr.exe:PresentationSettings.exe:vds.exe:sdclt.exe:irftp.exe:DFDWiz.exe:SndVol.exe:makecab.exe:msfeedssync.exe:unregmp2.exe:DeviceProperties.exe:rstrui.exe:MdRes.exe:netsh.exe:printui.exe:mcupdate.exe:4mmdat.sys:61883.sys:ACPI.sys:amdk7.sys:amdk8.sys:ASYNCMAC.SYS:atapi.sys:AVC.SYS:cdfs.sys:cdrom.sys:circlass.sys:cmbatt.sys:crusoe.sys:CSC.Sys:dc21x4vm.sys:disk.sys:dot4.sys:dot4usb.sys:drmkaud.sys:ecache.sys:fdc.sys:floppy.sys:hdaudbus.sys:HDAudio.sys:HIDBTH.SYS:HIDIR.SYS:i8042prt.sys:intelppm.sys:irenum.SYS:IRSIR.SYS:kbdclass.sys:kbdhid.sys:LOOP.SYS:mf.sys:monitor.sys:mouclass.sys:mouhid.sys:msisadrv.sys:msiscsi.sys:NDISWAN.SYS:nsiproxy.sys:ohci1394.sys:pci.sys:pciide.sys:powerfil.sys:processr.sys:rasl2tp.sys:raspppoe.sys:RASPPTP.SYS:RDPCDD.SYS:rfcomm.sys:sbp2port.sys:sdbus.sys:serenum.sys:serial.sys:sermouse.sys:sffdisk.sys:sffp_mmc.sys:smbios.sys:swenum.sys:tdx.sys:termdd.sys:tpm.sys:tunmp.sys:tunnel.sys:umbus.sys:update.sys:usb8023.sys:USBAudio.sys:USBCCGP.SYS:usbcir.sys:USBEHCI.sys:usbhub.sys:USBOHCI.sys:usbprint.sys:USBUHCI.sys:viac7.sys:wacompen.sys:wceusbsh.sys:winusb.sys:ws2ifsl.sys:xnacc.sys"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{5d896912-022d-40aa-a3a8-4fa5515c76d7}]
"ResourceFileName"="%SystemRoot%\system32\lsm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f3b975e7-e068-4f66-81ef-b23e0a0e64c9}]
"ApplicationIdentity"="lsm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{f3b975e7-e068-4f66-81ef-b23e0a0e64c9}]
"ApplicationIdentity"="lsm.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\LSM]
"EventMessageFile"="%SystemRoot%\system32\lsm.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\System\LSM]
"EventMessageFile"="%SystemRoot%\system32\lsm.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\LSM]
"EventMessageFile"="%SystemRoot%\system32\lsm.exe"


===================== Search result for "services.exe" ==========

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468]
"f!services.exe.mui"="0x730065007200760069006300650073002E006500780065002E006D0075006900"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_2d7fe646e3ec3705]
"f!services.exe"="0x730065007200760069006300650073002E00650078006500"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unsecapp.exe:wbemtest.exe:winmgmt.exe:wmic.exe:bfsvc.exe:Twunk_16.exe:Twunk_32.exe:wuauclt.exe:wsqmcons.exe:sapisvr.exe:WinSAT.exe:p2phost.exe:SearchProtocolHost.exe:WerFault.exe:drvinst.exe:ehshell.exe:UI0Detect.exe:ehtray.exe:HelpPane.exe:mrt.exe:SearchFilterHost.exe:mobsync.exe:Narrator.exe:SLUI.exe:taskmgr.exe:PresentationSettings.exe:vds.exe:sdclt.exe:irftp.exe:DFDWiz.exe:SndVol.exe:makecab.exe:msfeedssync.exe:unregmp2.exe:DeviceProperties.exe:rstrui.exe:MdRes.exe:netsh.exe:printui.exe:mcupdate.exe:4mmdat.sys:61883.sys:ACPI.sys:amdk7.sys:amdk8.sys:ASYNCMAC.SYS:atapi.sys:AVC.SYS:cdfs.sys:cdrom.sys:circlass.sys:cmbatt.sys:crusoe.sys:CSC.Sys:dc21x4vm.sys:disk.sys:dot4.sys:dot4usb.sys:drmkaud.sys:ecache.sys:fdc.sys:floppy.sys:hdaudbus.sys:HDAudio.sys:HIDBTH.SYS:HIDIR.SYS:i8042prt.sys:intelppm.sys:irenum.SYS:IRSIR.SYS:kbdclass.sys:kbdhid.sys:LOOP.SYS:mf.sys:monitor.sys:mouclass.sys:mouhid.sys:msisadrv.sys:msiscsi.sys:NDISWAN.SYS:nsiproxy.sys:ohci1394.sys:pci.sys:pciide.sys:powerfil.sys:processr.sys:rasl2tp.sys:raspppoe.sys:RASPPTP.SYS:RDPCDD.SYS:rfcomm.sys:sbp2port.sys:sdbus.sys:serenum.sys:serial.sys:sermouse.sys:sffdisk.sys:sffp_mmc.sys:smbios.sys:swenum.sys:tdx.sys:termdd.sys:tpm.sys:tunmp.sys:tunnel.sys:umbus.sys:update.sys:usb8023.sys:USBAudio.sys:USBCCGP.SYS:usbcir.sys:USBEHCI.sys:usbhub.sys:USBOHCI.sys:usbprint.sys:USBUHCI.sys:viac7.sys:wacompen.sys:wceusbsh.sys:winusb.sys:ws2ifsl.sys:xnacc.sys"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{0063715b-eeda-4007-9429-ad526f62696e}]
"ResourceFileName"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{06184c97-5201-480e-92af-3a3626c5b140}]
"ResourceFileName"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{555908d1-a6d7-4695-8e1e-26931d2012f4}]
"ResourceFileName"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\Service Control Manager]
"EventMessageFile"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected]PI.dll,-29502|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\System\Service Control Manager]
"EventMessageFile"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Service Control Manager]
"EventMessageFile"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|[email protected],-29503|[email protected],-29506|[email protected],-29502|"


===================== Search result for "smss.exe" ==========

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_405f2a0a78e60334]
"f!smss.exe.mui"="0x73006D00730073002E006500780065002E006D0075006900"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9]
"f!smss.exe"="0x73006D00730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18738_none_0a4efbc02fdddb28]
"f!smss.exe"="0x73006D00730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18798_none_0a0e1c38300e82ce]
"f!smss.exe"="0x73006D00730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18869_none_0a2f8e2c2ff54579]
"f!smss.exe"="0x73006D00730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_0aae4fa7491b124a]
"f!smss.exe"="0x73006D00730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8]
"f!smss.exe"="0x73006D00730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22780_none_0a9a84b9492b3ec8]
"f!smss.exe"="0x73006D00730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22921_none_0adc685748f9aac7]
"f!smss.exe"="0x73006D00730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22943_none_0ac8c91349081557]
"f!smss.exe"="0x73006D00730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23002_none_0af2e09b48e8bf7e]
"f!smss.exe"="0x73006D00730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23072_none_0aa7312749218315]
"f!smss.exe"="0x73006D00730073002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-smss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e4408e86c08891fe]
"f!smss.exe.mui"="0x73006D00730073002E006500780065002E006D0075006900"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.18766 (win7sp1_gdr.150217-1551)\ComponentFamilies\amd64_microsoft-windows-smss_31bf3856ad364e35_none_cdb68eeacc6a35f6\f256!smss.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unsecapp.exe:wbemtest.exe:winmgmt.exe:wmic.exe:bfsvc.exe:Twunk_16.exe:Twunk_32.exe:wuauclt.exe:wsqmcons.exe:sapisvr.exe:WinSAT.exe:p2phost.exe:SearchProtocolHost.exe:WerFault.exe:drvinst.exe:ehshell.exe:UI0Detect.exe:ehtray.exe:HelpPane.exe:mrt.exe:SearchFilterHost.exe:mobsync.exe:Narrator.exe:SLUI.exe:taskmgr.exe:PresentationSettings.exe:vds.exe:sdclt.exe:irftp.exe:DFDWiz.exe:SndVol.exe:makecab.exe:msfeedssync.exe:unregmp2.exe:DeviceProperties.exe:rstrui.exe:MdRes.exe:netsh.exe:printui.exe:mcupdate.exe:4mmdat.sys:61883.sys:ACPI.sys:amdk7.sys:amdk8.sys:ASYNCMAC.SYS:atapi.sys:AVC.SYS:cdfs.sys:cdrom.sys:circlass.sys:cmbatt.sys:crusoe.sys:CSC.Sys:dc21x4vm.sys:disk.sys:dot4.sys:dot4usb.sys:drmkaud.sys:ecache.sys:fdc.sys:floppy.sys:hdaudbus.sys:HDAudio.sys:HIDBTH.SYS:HIDIR.SYS:i8042prt.sys:intelppm.sys:irenum.SYS:IRSIR.SYS:kbdclass.sys:kbdhid.sys:LOOP.SYS:mf.sys:monitor.sys:mouclass.sys:mouhid.sys:msisadrv.sys:msiscsi.sys:NDISWAN.SYS:nsiproxy.sys:ohci1394.sys:pci.sys:pciide.sys:powerfil.sys:processr.sys:rasl2tp.sys:raspppoe.sys:RASPPTP.SYS:RDPCDD.SYS:rfcomm.sys:sbp2port.sys:sdbus.sys:serenum.sys:serial.sys:sermouse.sys:sffdisk.sys:sffp_mmc.sys:smbios.sys:swenum.sys:tdx.sys:termdd.sys:tpm.sys:tunmp.sys:tunnel.sys:umbus.sys:update.sys:usb8023.sys:USBAudio.sys:USBCCGP.SYS:usbcir.sys:USBEHCI.sys:usbhub.sys:USBOHCI.sys:usbprint.sys:USBUHCI.sys:viac7.sys:wacompen.sys:wceusbsh.sys:winusb.sys:ws2ifsl.sys:xnacc.sys"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"


===================== Search result for "winlogon.exe" ==========

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b]
"f!winlogon.exe.mui"="0x770069006E006C006F0067006F006E002E006500780065002E006D0075006900"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572]
"f!winlogon.exe"="0x770069006E006C006F0067006F006E002E00650078006500"

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f]
"f!winlogon.exe"="0x770069006E006C006F0067006F006E002E00650078006500"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\ReflectionApplications\winlogon.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{dbe9b383-7cf3-4331-91cc-a3cb16a3b538}]
"ResourceFileName"="%SystemRoot%\system32\winlogon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\RADAR\HeapLeakDetection\ReflectionApplications\winlogon.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Winlogon]
"EventMessageFile"="%SystemRoot%\System32\winlogon.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\Microsoft-Windows-Winlogon]
"EventMessageFile"="%SystemRoot%\system32\winlogon.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Winlogon]
"EventMessageFile"="%SystemRoot%\System32\winlogon.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\System\Microsoft-Windows-Winlogon]
"EventMessageFile"="%SystemRoot%\system32\winlogon.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Winlogon]
"EventMessageFile"="%SystemRoot%\System32\winlogon.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Winlogon]
"EventMessageFile"="%SystemRoot%\system32\winlogon.exe"


===================== Search result for "{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1E8B816B17BF732438163CAEE31FE57F]
"ProductIcon"="C:\Windows\Installer\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}\icon.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Windows\Installer\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1E8B816B17BF732438163CAEE31FE57F\InstallProperties]
"UninstallString"="MsiExec.exe /X{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}]
"UninstallString"="MsiExec.exe /X{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}"

[HKEY_USERS\S-1-5-21-2788050178-582097163-3900234372-1000\Software\FLEXnet\Connect\db\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}.ini]
====== End of Search ======
ddbjwilson is offline  
Old 07-26-2015, 02:28 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ddbjwilson. You're very welcome.

Sorry this is taking so long, but there is a lot going on here.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1E8B816B17BF732438163CAEE31FE57F]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1E8B816B17BF732438163CAEE31FE57F]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}]

[-HKEY_USERS\S-1-5-21-2788050178-582097163-3900234372-1000\Software\FLEXnet\Connect\db\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Windows\Installer\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}\"=-
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete fix.reg afterwards.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    Task: {1720FA29-F5DC-4799-A5FF-8003DCA8EB49} - System32\Tasks\TunePro360 Updater => C:\Program Files (x86)\adlevel\TunePro360Updater.exe [2015-07-11] ()
    C:\Program Files (x86)\adlevel
    Task: {5076FEA7-7F59-48EF-BE72-7EE29564673D} - System32\Tasks\SoftUpdateDaily => C:\Users\Wilson\AppData\Local\SoftUpdate\SoftUpdate.exe
    C:\Users\Wilson\AppData\Local\SoftUpdate
    Task: {8FBC355D-89EC-4CAD-85B4-155779C9BD47} - System32\Tasks\SoftUpdateLogon => C:\Users\Wilson\AppData\Local\SoftUpdate\SoftUpdate.exe
    AlternateDataStreams: C:\ProgramData\TEMP:6787441C
    AlternateDataStreams: C:\Users\Dan\BSA-October Outing Receipts.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\Dan\BSA-October Outing Receipts.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\Wilson\AppData\Local\Temp:1R1vmR1bNlW8YFdXkemwoEfB
    AlternateDataStreams: C:\Users\Wilson\AppData\Local\WZ6QeyAU6UWT:AjZ1vQnXBP0iQv9jzZy
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
    FirewallRules: [{5807C37E-95D7-4CB5-9C4B-F72F553B567F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{09E7CB3A-96E2-414B-860F-A28EFF196278}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    C:\Program Files\Common Files\mcafee
    FirewallRules: [{18FD64AC-B651-4085-BB64-B68A88C86CFF}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\7zS598A\HPDiagnosticCoreUI.exe
    FirewallRules: [{F302C2FB-A3E0-49F2-BB3A-2492E2EF435C}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\7zS598A\HPDiagnosticCoreUI.exe
    FirewallRules: [{25C463C8-752F-4DC4-8A2C-75BD5CAE5551}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\7zS7DD3\setup\hpznui40.ex
    FirewallRules: [{F3CBEF19-5873-49E0-B7E3-CE9E98D26186}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\Phx28D\verti.exe
    FirewallRules: [{87A8FA1E-7202-4737-806A-DD9A23A69E74}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_3840357349.exe
    FirewallRules: [{B22F8BE9-1FB2-4929-BFF1-93211B121B44}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_144377.exe
    FirewallRules: [{D280B18E-C8C5-4658-9FE8-E52EB5075599}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_to_run551677.exe
    FirewallRules: [{80C8F599-9ED0-4609-A777-734E5443F45E}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_to_run551677.exe
    FirewallRules: [{94864FC3-C854-41F9-BFCB-0D0787EA0DA5}] => (Allow) C:\Windows\TEMP\file_to_run551954.exe
    FirewallRules: [{154BF8D2-E9BA-4A36-8D8C-CC4625C75E53}] => (Allow) C:\Windows\TEMP\file_to_run551954.exe
    FirewallRules: [{F30D8DC5-3255-4E96-BBF1-153AECD47778}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_to_run551176.exe
    FirewallRules: [{1382651E-1025-4580-BAAD-D7277FE66ADA}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_to_run551176.exe
    Startup: C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-11]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"]         -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"]         -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"]         -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"]         -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"]         -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"]         -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"]         -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"]         -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2788050178-582097163-3900234372-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> {1CD103AA-3F08-4F15-A1D3-1AF87BD09364} URL = (null){searchTerms}
    SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> {2EC8A302-99F3-4EA1-95F1-4CD54635CB14} URL = (null){searchTerms}
    SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = (null){searchTerms}
    BHO: No Name -> {3c9ce603-44cc-4997-a166-239e6186c6ef} -> No File
    Toolbar: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF SearchEngineOrder.1: Ask.com
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Extension: TunePro360 - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c} [2015-07-11]
    FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
    FF HKLM\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}] - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}
    FF HKU\S-1-5-21-2788050178-582097163-3900234372-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    C:\Program Files\Updater By SweetPacks
    C:\Program Files\shopperz
    C:\ProgramData\McAfee Security Scan
    C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S4 zejytose; [X]
    C:\Windows\System32\Tasks\TunePro360 Updater
    C:\Program Files (x86)\tunepro138x138.ico
    C:\Users\Wilson\en_res.dll
    C:\Users\Wilson\es_res.dll
    C:\Users\Wilson\fr_res.dll
    C:\Users\Wilson\grm_res.dll
    C:\Users\Wilson\it_res.dll
    C:\Users\Wilson\jp_res.dll
    C:\Users\Wilson\mfc80u.dll
    C:\Users\Wilson\msvcr80.dll
    C:\Users\Wilson\PCPE Setup.exe
    C:\Users\Wilson\pt_res.dll
    C:\Users\Wilson\ru_res.dll
    C:\Users\Wilson\zh_res.dll
    C:\Windows\SysWOW64\csrss.exe
    C:\Windows\SysWOW64\lsass.exe
    C:\Windows\SysWOW64\lsm.exe
    C:\Windows\SysWOW64\services.exe
    C:\Windows\SysWOW64\smss.exe
    C:\Windows\SysWOW64\winlogon.exe
    C:\Windows\System32\aticfx32.dll
    C:\Windows\System32\atidxx32.dll
    C:\Windows\System32\atiu9pag.dll
    C:\Windows\System32\atiumdag.dll
    C:\Windows\System32\atiumdva.dll
    C:\Windows\System32\atiuxpag.dll
    C:\Windows\System32\d3dx10_41.dll
    C:\Windows\System32\expsrv.dll
    C:\Windows\System32\msjet40.dll
    C:\Windows\System32\MSJINT40.DLL
    C:\Windows\System32\msjter40.dll
    C:\Windows\System32\mswstr10.dll
    C:\Windows\System32\odbcji32.dll
    C:\Windows\System32\odbcjt32.dll
    C:\Windows\System32\sirenacm.dll
    C:\Windows\System32\VBAJET32.DLL
    C:\Windows\Installer\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}
    C:\ProgramData\WeCareReminder
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-26-2015, 03:49 PM   #11
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: windows 7



Hello Chemist - I'm not worried about how long it takes, it's understandable.
Just grateful for your help.
I ran the fix.reg, then deleted the file. Then ran FRST with the fixlist.
The fixlog.txt is below.
Thanks again.


Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Wilson at 2015-07-26 18:33:07 Run:2
Running from C:\Users\Wilson\Downloads
Loaded Profiles: Wilson (Available Profiles: Wilson & Jeffro & Dan & Baxter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {1720FA29-F5DC-4799-A5FF-8003DCA8EB49} - System32\Tasks\TunePro360 Updater => C:\Program Files (x86)\adlevel\TunePro360Updater.exe [2015-07-11] ()
C:\Program Files (x86)\adlevel
Task: {5076FEA7-7F59-48EF-BE72-7EE29564673D} - System32\Tasks\SoftUpdateDaily => C:\Users\Wilson\AppData\Local\SoftUpdate\SoftUpdate.exe
C:\Users\Wilson\AppData\Local\SoftUpdate
Task: {8FBC355D-89EC-4CAD-85B4-155779C9BD47} - System32\Tasks\SoftUpdateLogon => C:\Users\Wilson\AppData\Local\SoftUpdate\SoftUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:6787441C
AlternateDataStreams: C:\Users\Dan\BSA-October Outing Receipts.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dan\BSA-October Outing Receipts.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Wilson\AppData\Local\Temp:1R1vmR1bNlW8YFdXkemwoEfB
AlternateDataStreams: C:\Users\Wilson\AppData\Local\WZ6QeyAU6UWT:AjZ1vQnXBP0iQv9jzZy
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
FirewallRules: [{5807C37E-95D7-4CB5-9C4B-F72F553B567F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{09E7CB3A-96E2-414B-860F-A28EFF196278}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
C:\Program Files\Common Files\mcafee
FirewallRules: [{18FD64AC-B651-4085-BB64-B68A88C86CFF}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\7zS598A\HPDiagnosticCoreUI.exe
FirewallRules: [{F302C2FB-A3E0-49F2-BB3A-2492E2EF435C}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\7zS598A\HPDiagnosticCoreUI.exe
FirewallRules: [{25C463C8-752F-4DC4-8A2C-75BD5CAE5551}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\7zS7DD3\setup\hpznui40.ex
FirewallRules: [{F3CBEF19-5873-49E0-B7E3-CE9E98D26186}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\Phx28D\verti.exe
FirewallRules: [{87A8FA1E-7202-4737-806A-DD9A23A69E74}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_3840357349.exe
FirewallRules: [{B22F8BE9-1FB2-4929-BFF1-93211B121B44}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_144377.exe
FirewallRules: [{D280B18E-C8C5-4658-9FE8-E52EB5075599}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_to_run551677.exe
FirewallRules: [{80C8F599-9ED0-4609-A777-734E5443F45E}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_to_run551677.exe
FirewallRules: [{94864FC3-C854-41F9-BFCB-0D0787EA0DA5}] => (Allow) C:\Windows\TEMP\file_to_run551954.exe
FirewallRules: [{154BF8D2-E9BA-4A36-8D8C-CC4625C75E53}] => (Allow) C:\Windows\TEMP\file_to_run551954.exe
FirewallRules: [{F30D8DC5-3255-4E96-BBF1-153AECD47778}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_to_run551176.exe
FirewallRules: [{1382651E-1025-4580-BAAD-D7277FE66ADA}] => (Allow) C:\Users\Wilson\AppData\Local\Temp\file_to_run551176.exe
Startup: C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> {1CD103AA-3F08-4F15-A1D3-1AF87BD09364} URL = (null){searchTerms}
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> {2EC8A302-99F3-4EA1-95F1-4CD54635CB14} URL = (null){searchTerms}
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = (null){searchTerms}
BHO: No Name -> {3c9ce603-44cc-4997-a166-239e6186c6ef} -> No File
Toolbar: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2788050178-582097163-3900234372-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SearchEngineOrder.1: Ask.com
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: TunePro360 - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c} [2015-07-11]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}] - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}
FF HKU\S-1-5-21-2788050178-582097163-3900234372-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
C:\Program Files\Updater By SweetPacks
C:\Program Files\shopperz
C:\ProgramData\McAfee Security Scan
C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 zejytose; [X]
C:\Windows\System32\Tasks\TunePro360 Updater
C:\Program Files (x86)\tunepro138x138.ico
C:\Users\Wilson\en_res.dll
C:\Users\Wilson\es_res.dll
C:\Users\Wilson\fr_res.dll
C:\Users\Wilson\grm_res.dll
C:\Users\Wilson\it_res.dll
C:\Users\Wilson\jp_res.dll
C:\Users\Wilson\mfc80u.dll
C:\Users\Wilson\msvcr80.dll
C:\Users\Wilson\PCPE Setup.exe
C:\Users\Wilson\pt_res.dll
C:\Users\Wilson\ru_res.dll
C:\Users\Wilson\zh_res.dll
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\System32\aticfx32.dll
C:\Windows\System32\atidxx32.dll
C:\Windows\System32\atiu9pag.dll
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll
C:\Windows\System32\atiuxpag.dll
C:\Windows\System32\d3dx10_41.dll
C:\Windows\System32\expsrv.dll
C:\Windows\System32\msjet40.dll
C:\Windows\System32\MSJINT40.DLL
C:\Windows\System32\msjter40.dll
C:\Windows\System32\mswstr10.dll
C:\Windows\System32\odbcji32.dll
C:\Windows\System32\odbcjt32.dll
C:\Windows\System32\sirenacm.dll
C:\Windows\System32\VBAJET32.DLL
C:\Windows\Installer\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}
C:\ProgramData\WeCareReminder
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2788050178-582097163-3900234372-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key not found.
HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found.
HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found.
HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key not found.
HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found.
HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key not found.
HKU\S-1-5-21-2788050178-582097163-3900234372-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1720FA29-F5DC-4799-A5FF-8003DCA8EB49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1720FA29-F5DC-4799-A5FF-8003DCA8EB49}" => key removed successfully
C:\Windows\System32\Tasks\TunePro360 Updater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TunePro360 Updater" => key removed successfully
C:\Program Files (x86)\adlevel => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5076FEA7-7F59-48EF-BE72-7EE29564673D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5076FEA7-7F59-48EF-BE72-7EE29564673D}" => key removed successfully
C:\Windows\System32\Tasks\SoftUpdateDaily => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoftUpdateDaily" => key removed successfully
C:\Users\Wilson\AppData\Local\SoftUpdate => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8FBC355D-89EC-4CAD-85B4-155779C9BD47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FBC355D-89EC-4CAD-85B4-155779C9BD47}" => key removed successfully
C:\Windows\System32\Tasks\SoftUpdateLogon => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoftUpdateLogon" => key removed successfully
C:\ProgramData\TEMP => ":6787441C" ADS removed successfully.
C:\Users\Dan\BSA-October Outing Receipts.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\Dan\BSA-October Outing Receipts.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Wilson\AppData\Local\Temp => ":1R1vmR1bNlW8YFdXkemwoEfB" ADS removed successfully.
C:\Users\Wilson\AppData\Local\WZ6QeyAU6UWT => ":AjZ1vQnXBP0iQv9jzZy" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRkrn" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRSVC" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5807C37E-95D7-4CB5-9C4B-F72F553B567F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{09E7CB3A-96E2-414B-860F-A28EFF196278} => value removed successfully
"C:\Program Files\Common Files\mcafee" => File/Folder not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18FD64AC-B651-4085-BB64-B68A88C86CFF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F302C2FB-A3E0-49F2-BB3A-2492E2EF435C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25C463C8-752F-4DC4-8A2C-75BD5CAE5551} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3CBEF19-5873-49E0-B7E3-CE9E98D26186} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{87A8FA1E-7202-4737-806A-DD9A23A69E74} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B22F8BE9-1FB2-4929-BFF1-93211B121B44} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D280B18E-C8C5-4658-9FE8-E52EB5075599} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80C8F599-9ED0-4609-A777-734E5443F45E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{94864FC3-C854-41F9-BFCB-0D0787EA0DA5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{154BF8D2-E9BA-4A36-8D8C-CC4625C75E53} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F30D8DC5-3255-4E96-BBF1-153AECD47778} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1382651E-1025-4580-BAAD-D7277FE66ADA} => value removed successfully
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk => moved successfully.
C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt1" => key removed successfully
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt2" => key removed successfully
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt3" => key removed successfully
"HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt4" => key removed successfully
"HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt5" => key removed successfully
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt6" => key removed successfully
"HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt7" => key removed successfully
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt8" => key removed successfully
"HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt1" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt2" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt3" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt4" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt5" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt6" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt7" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt8" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2788050178-582097163-3900234372-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CD103AA-3F08-4F15-A1D3-1AF87BD09364} => key not found.
HKCR\CLSID\{1CD103AA-3F08-4F15-A1D3-1AF87BD09364} => key not found.
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2EC8A302-99F3-4EA1-95F1-4CD54635CB14} => key not found.
HKCR\CLSID\{2EC8A302-99F3-4EA1-95F1-4CD54635CB14} => key not found.
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c9ce603-44cc-4997-a166-239e6186c6ef}" => key removed successfully
HKCR\CLSID\{3c9ce603-44cc-4997-a166-239e6186c6ef} => key not found.
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
Firefox SearchEngineOrder.1 removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c} => moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{3c9ce603-44cc-4997-a166-239e6186c6ef} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{3c9ce603-44cc-4997-a166-239e6186c6ef} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c} => value removed successfully
HKU\S-1-5-21-2788050178-582097163-3900234372-1004\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value not found.
"C:\Program Files\Updater By SweetPacks" => File/Folder not found.
"C:\Program Files\shopperz" => File/Folder not found.
"C:\ProgramData\McAfee Security Scan" => File/Folder not found.
"C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}" => File/Folder not found.
AppMgmt => service removed successfully
zejytose => service removed successfully
"C:\Windows\System32\Tasks\TunePro360 Updater" => File/Folder not found.
C:\Program Files (x86)\tunepro138x138.ico => moved successfully.
C:\Users\Wilson\en_res.dll => moved successfully.
C:\Users\Wilson\es_res.dll => moved successfully.
C:\Users\Wilson\fr_res.dll => moved successfully.
C:\Users\Wilson\grm_res.dll => moved successfully.
C:\Users\Wilson\it_res.dll => moved successfully.
C:\Users\Wilson\jp_res.dll => moved successfully.
C:\Users\Wilson\mfc80u.dll => moved successfully.
C:\Users\Wilson\msvcr80.dll => moved successfully.
C:\Users\Wilson\PCPE Setup.exe => moved successfully.
C:\Users\Wilson\pt_res.dll => moved successfully.
C:\Users\Wilson\ru_res.dll => moved successfully.
C:\Users\Wilson\zh_res.dll => moved successfully.
C:\Windows\SysWOW64\csrss.exe => moved successfully.
C:\Windows\SysWOW64\lsass.exe => moved successfully.
C:\Windows\SysWOW64\lsm.exe => moved successfully.
C:\Windows\SysWOW64\services.exe => moved successfully.
C:\Windows\SysWOW64\smss.exe => moved successfully.
C:\Windows\SysWOW64\winlogon.exe => moved successfully.
C:\Windows\System32\aticfx32.dll => moved successfully.
C:\Windows\System32\atidxx32.dll => moved successfully.
C:\Windows\System32\atiu9pag.dll => moved successfully.
C:\Windows\System32\atiumdag.dll => moved successfully.
C:\Windows\System32\atiumdva.dll => moved successfully.
C:\Windows\System32\atiuxpag.dll => moved successfully.
C:\Windows\System32\d3dx10_41.dll => moved successfully.
C:\Windows\System32\expsrv.dll => moved successfully.
C:\Windows\System32\msjet40.dll => moved successfully.
C:\Windows\System32\MSJINT40.DLL => moved successfully.
C:\Windows\System32\msjter40.dll => moved successfully.
C:\Windows\System32\mswstr10.dll => moved successfully.
C:\Windows\System32\odbcji32.dll => moved successfully.
C:\Windows\System32\odbcjt32.dll => moved successfully.
C:\Windows\System32\sirenacm.dll => moved successfully.
C:\Windows\System32\VBAJET32.DLL => moved successfully.
C:\Windows\Installer\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7} => moved successfully.
"C:\ProgramData\WeCareReminder" => File/Folder not found.
EmptyTemp: => 141.7 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 18:33:33 ====
ddbjwilson is offline  
Old 07-26-2015, 08:03 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ddbjwilson. You're very welcome. How is the machine behaving?

Please run FRST64.exe again and post/attach the FRST.txt/Addition.txt logs as before. Thanks.

Make sure you tick the Addition.txt box before clicking 'Scan'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-27-2015, 05:42 PM   #13
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: windows 7



Hello Chemist - It seems to be working OK. Internet looks about normal. I haven't had any new pop-up notices from my antivirus Avira. I started to do a scan with Avira, and it went for a while then I stopped it. It detected Adware Penny Bee Gen and ConvertAd Gen. Avira appears to be working - it shows real time protection as on, when it didn't before. It also allowed me to disable it, when it didn't before.

The FRST.txt is below, and the addition.txt is attached.

Thanks for your help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Wilson (administrator) on WILSON-PC (27-07-2015 20:26:01)
Running from C:\Users\Wilson\Downloads
Loaded Profiles: Wilson (Available Profiles: Wilson & Jeffro & Dan & Baxter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Joyent, Inc) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Copyright © Microsoft 2015) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dropbox, Inc.) C:\Users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Google Inc.) C:\Users\Wilson\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Wilson\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Wilson\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Wilson\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-07-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-04-11] (SUPERAntiSpyware)
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\...\Run: [Dropbox Update] => C:\Users\Wilson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-18\...\RunOnce: [!DefaultPack] => "C:\Program Files (x86)\Microsoft\DefaultPack\DefaultPack.EXE" /c:"DefaultPack.exe partner=p001 comb=5"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2012-07-18]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Wilson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-05-25]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilson\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-2788050178-582097163-3900234372-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1CD103AA-3F08-4F15-A1D3-1AF87BD09364} URL = https://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1CD103AA-3F08-4F15-A1D3-1AF87BD09364} URL = https://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> {1CD103AA-3F08-4F15-A1D3-1AF87BD09364} URL = https://www.bing.com/search?pc=COSP&ptag=AA07624EB759D4009A9F&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> {2945253C-B5D4-4A56-AF1A-DC553473B684} URL = https://www.bing.com/search?pc=COSP&ptag=AA07624EB759D4009A9F&form=CONBDF&conlogo=CT3210127&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2788050178-582097163-3900234372-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.bing.com/search?pc=COSP&ptag=AA07624EB759D4009A9F&form=CONBDF&conlogo=CT3210127&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-17] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-17] (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} https://quickscan.bitdefender.com/qsax/qsax.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{BFF165AC-45CF-498E-BCF6-443D696E37FA}: [DhcpNameServer] 192.168.2.1 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{E3275E5F-51DB-4DD1-9B8B-279A2F530CBE}: [DhcpNameServer] 192.168.2.1 192.168.1.254 192.168.1.254

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll [2013-03-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2788050178-582097163-3900234372-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2788050178-582097163-3900234372-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Wilson\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2788050178-582097163-3900234372-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-02-25] (Cisco WebEx LLC)

Chrome:
=======
CHR Profile: C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Profile: C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (YouTube) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-05]
CHR Extension: (Google Search) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-05]
CHR Extension: (Babylon Toolbar) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2012-09-05]
CHR Extension: (Gmail) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.PSISSEI7SZ7CORX45RHYAC4FUY - C:\Users\Jeffro\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-11] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [887128 2015-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-07-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1213072 2015-07-23] (Avira Operations GmbH & Co. KG)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
R2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-10-02] (BitRaider, LLC)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-21] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 msdotnetserv_v2050729; C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [3003880 2015-07-05] (Copyright © Microsoft 2015)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-10-02] (BitRaider)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
R3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-27 19:46 - 2015-07-27 19:46 - 00000000 ___RD C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-26 18:35 - 2015-07-26 18:35 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-07-26 18:33 - 2015-07-26 18:33 - 00000000 _____ C:\prefs.js
2015-07-26 13:33 - 2015-07-26 13:33 - 00000000 ___RD C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-26 10:06 - 2015-07-26 10:06 - 00000000 ____D C:\Users\Wilson\Downloads\FRST-OlderVersion
2015-07-25 17:21 - 2015-07-25 17:21 - 00043590 _____ C:\Users\Dan\Downloads\Attachments_2015725.zip
2015-07-24 19:49 - 2015-07-26 10:08 - 00035350 _____ C:\Users\Wilson\Downloads\Search.txt
2015-07-23 22:55 - 2015-07-23 22:55 - 00000027 _____ C:\Users\Dan\Downloads\ATT00001.txt
2015-07-23 14:00 - 2015-07-23 14:00 - 00000691 _____ C:\Users\Dan\Downloads\my_claims.csv
2015-07-22 22:25 - 2015-07-22 22:25 - 00000000 ____D C:\Users\Wilson\AppData\Local\{C8C146BC-44C8-4E7E-A90C-5D629793CC15}
2015-07-21 20:21 - 2015-07-21 20:21 - 00057110 _____ C:\Users\Dan\Downloads\Addition.txt
2015-07-21 20:20 - 2015-07-21 20:21 - 00095912 _____ C:\Users\Dan\Downloads\FRST.txt
2015-07-21 20:17 - 2015-07-26 10:06 - 02146816 _____ (Farbar) C:\Users\Wilson\Downloads\FRST64.exe
2015-07-21 08:08 - 2015-07-21 08:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Avira
2015-07-21 03:55 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 03:55 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 03:55 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 03:55 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 03:55 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 03:55 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 03:55 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 03:55 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 03:55 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 03:55 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 23:04 - 2015-07-20 23:04 - 00000000 ____D C:\Users\Wilson\AppData\Roaming\Avira
2015-07-20 23:03 - 2015-07-23 23:42 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-20 23:03 - 2015-07-23 23:42 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-20 23:03 - 2015-06-16 09:36 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-07-20 23:03 - 2015-06-16 09:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-07-20 22:56 - 2015-07-23 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-20 22:56 - 2015-07-20 23:03 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-20 22:56 - 2015-07-20 22:57 - 04721376 _____ (Avira Operations GmbH & Co. KG) C:\Users\Wilson\Downloads\avira_en_av_55a62c686be52__ws (1).exe
2015-07-20 22:56 - 2015-07-20 22:57 - 00001190 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-20 22:56 - 2015-07-20 22:56 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-20 22:55 - 2015-07-20 22:56 - 04721376 _____ (Avira Operations GmbH & Co. KG) C:\Users\Wilson\Downloads\avira_en_av_55a62c686be52__ws.exe
2015-07-20 22:31 - 2015-07-20 22:31 - 00043314 _____ C:\ComboFix.txt
2015-07-20 21:41 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-20 21:41 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-20 21:41 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-20 21:41 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-20 21:41 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-20 21:41 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-20 21:41 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-20 21:41 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-20 21:24 - 2015-07-20 22:32 - 00000000 ____D C:\Qoobox
2015-07-20 21:24 - 2015-07-20 22:29 - 00000000 ____D C:\Windows\erdnt
2015-07-20 21:23 - 2015-07-20 21:23 - 05632853 ____R (Swearware) C:\Users\Wilson\Desktop\ComboFix.exe
2015-07-20 21:20 - 2015-07-20 21:20 - 00000135 _____ C:\Windows\version.ini
2015-07-20 18:38 - 2015-07-20 18:39 - 00000000 ____D C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-19 15:33 - 2015-07-19 15:33 - 00688992 ____R (Swearware) C:\Users\Wilson\Downloads\dds.scr
2015-07-19 15:33 - 2015-07-19 15:33 - 00032381 _____ C:\Users\Wilson\Desktop\dds.txt
2015-07-19 15:33 - 2015-07-19 15:33 - 00023950 _____ C:\Users\Wilson\Desktop\attach.txt
2015-07-19 09:54 - 2015-07-19 09:54 - 04721376 _____ (Avira Operations GmbH & Co. KG) C:\Users\Dan\Downloads\avira_en_av_5729464629__ws.exe
2015-07-17 14:04 - 2015-07-17 14:04 - 00058925 _____ C:\Users\Dan\Downloads\Attachments_2015717.zip
2015-07-14 22:09 - 2015-07-27 20:26 - 00029838 _____ C:\Users\Wilson\Downloads\FRST.txt
2015-07-14 22:09 - 2015-07-14 22:10 - 00054521 _____ C:\Users\Wilson\Downloads\Addition.txt
2015-07-14 22:08 - 2015-07-27 20:26 - 00000000 ____D C:\FRST
2015-07-14 21:32 - 2015-07-14 21:32 - 00029573 _____ C:\Users\Wilson\Documents\AdwCleaner[S0].txt
2015-07-14 21:22 - 2015-07-14 21:29 - 00000000 ____D C:\AdwCleaner
2015-07-14 21:19 - 2015-07-14 21:19 - 02248704 _____ C:\Users\Wilson\Downloads\AdwCleaner.exe
2015-07-14 21:17 - 2015-07-14 21:17 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Wilson\Downloads\mbam-setup-2.1.8.1057 (2).exe
2015-07-14 21:17 - 2015-07-14 21:17 - 03034989 _____ (Malwarebytes Corporation) C:\Users\Wilson\Downloads\JRT (1).exe
2015-07-14 21:14 - 2015-07-14 21:14 - 00044147 _____ C:\Users\Wilson\Documents\JRT.txt
2015-07-14 21:11 - 2015-07-14 21:11 - 00044147 _____ C:\Users\Wilson\Desktop\JRT.txt
2015-07-14 21:09 - 2015-07-14 21:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-WILSON-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-14 21:09 - 2015-07-14 21:09 - 00000000 ____D C:\RegBackup
2015-07-14 21:08 - 2015-07-14 21:08 - 03034989 _____ (Malwarebytes Corporation) C:\Users\Wilson\Downloads\JRT.exe
2015-07-14 21:02 - 2015-07-14 21:03 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Wilson\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-07-14 19:52 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 19:52 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 19:52 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 19:52 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 19:52 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 19:52 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 19:52 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 19:52 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 19:52 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 19:52 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 19:52 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 19:52 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 19:52 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 19:52 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 19:52 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 19:52 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 19:52 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 19:52 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 19:52 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 19:52 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 19:52 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 19:52 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 19:52 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 19:52 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-14 19:52 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 19:52 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 19:52 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 19:52 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 19:52 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 19:52 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 19:51 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 19:51 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 19:51 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 19:51 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 19:51 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 19:51 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 19:51 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 19:51 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 19:51 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 19:51 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 19:51 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 19:51 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 19:51 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 19:51 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 19:51 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 19:51 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 19:51 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 19:51 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 19:51 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 19:51 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 19:51 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 19:51 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 19:51 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 19:51 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 19:51 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 19:51 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 19:51 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 19:51 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 19:51 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-14 19:51 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 19:51 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 19:51 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 19:51 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 19:51 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-14 19:51 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 19:51 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 19:51 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 19:51 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 19:51 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 19:51 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 19:51 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 19:51 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-14 19:51 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 19:51 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 19:50 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 19:50 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 19:50 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 19:50 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 19:50 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 19:50 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 19:50 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 19:50 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 19:50 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 19:50 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 19:50 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 19:50 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 19:50 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 19:50 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 19:50 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 19:50 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 19:50 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 19:50 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 19:50 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 19:50 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 19:50 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 19:50 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 19:50 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 19:50 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 19:50 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 19:50 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 19:50 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 19:50 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 19:50 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 19:50 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 19:50 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 19:50 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 19:50 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 19:50 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 19:50 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 19:50 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-14 19:50 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-14 19:50 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-14 19:50 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-14 19:50 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-14 19:50 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-14 19:50 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-14 19:50 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-14 19:49 - 2015-07-09 13:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 19:49 - 2015-07-09 13:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 19:49 - 2015-07-09 13:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 19:49 - 2015-07-09 13:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 19:49 - 2015-07-09 13:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 19:49 - 2015-07-09 13:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 19:49 - 2015-07-09 13:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 19:49 - 2015-07-09 13:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 19:38 - 2015-07-20 21:29 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 19:37 - 2015-07-15 06:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-14 19:37 - 2015-07-15 06:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-14 19:37 - 2015-07-14 19:37 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-14 19:37 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-14 19:37 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-14 19:37 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-14 19:35 - 2015-07-14 19:36 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Wilson\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-12 13:33 - 2015-07-12 13:33 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Opera Software
2015-07-12 13:33 - 2015-07-12 13:33 - 00000000 ____D C:\Users\Dan\AppData\Local\Opera Software
2015-07-12 13:31 - 2015-07-12 14:21 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-12 09:06 - 2015-07-12 14:33 - 00001606 _____ C:\ProgramData\tempimage.bmp
2015-07-12 09:03 - 2015-07-20 22:10 - 00000000 ____D C:\Program Files (x86)\428378b5-151d-4aad-aa8f-0aac63b0763d
2015-07-12 09:03 - 2015-07-12 09:03 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-11 23:38 - 2015-07-09 23:18 - 00221184 _____ (drms media group) C:\Windows\Updatesvc.exe
2015-07-11 23:38 - 2015-07-09 23:17 - 00271360 _____ (drms media group) C:\Windows\Provider.dll
2015-07-11 18:10 - 2015-07-24 01:09 - 00000000 ____D C:\ProgramData\MSNetCore
2015-07-11 18:06 - 2015-07-15 06:58 - 00000000 ____D C:\Program Files (x86)\TechVedic
2015-07-11 17:47 - 2015-07-11 19:06 - 00536228 _____ C:\Users\Dan\AppData\Local\census.cache
2015-07-11 17:47 - 2015-07-11 19:06 - 00215957 _____ C:\Users\Dan\AppData\Local\ars.cache
2015-07-11 17:31 - 2015-07-11 17:33 - 00236080 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-07-11 12:46 - 2015-07-15 06:58 - 00000000 ___RD C:\Users\Jeffro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-11 09:41 - 2015-07-11 17:45 - 00000010 _____ C:\Users\Dan\AppData\Local\sponge.last.runtime.cache
2015-07-11 09:29 - 2015-07-11 09:29 - 00000036 _____ C:\Users\Dan\AppData\Local\housecall.guid.cache
2015-07-11 09:29 - 2013-09-27 22:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-07-11 09:27 - 2015-07-11 09:27 - 02494944 _____ (Trend Micro Inc.) C:\Users\Dan\Downloads\HousecallLauncher64(1).exe
2015-07-11 07:54 - 2015-07-11 07:54 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-07-10 14:36 - 2015-07-10 14:36 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
2015-07-10 14:35 - 2015-07-15 06:58 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\4C4C4544-1436553340-5210-804A-CAC04F4E5331
2015-07-10 14:35 - 2015-07-15 06:58 - 00000000 ____D C:\Program Files (x86)\ODMDownloader
2015-07-10 14:34 - 2015-07-10 14:34 - 00618800 _____ C:\Users\Jeffro\Downloads\SetupODM.exe
2015-07-10 14:34 - 2015-07-10 14:34 - 00000003 _____ C:\Users\Jeffro\Downloads\1.txt
2015-07-03 23:34 - 2015-07-15 06:58 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\Trove
2015-07-03 18:36 - 2015-07-15 06:58 - 00000000 ____D C:\Users\Jeffro\Documents\ArcheAge
2015-07-03 18:36 - 2015-07-03 18:36 - 00000000 ____D C:\ArcheAge
2015-07-03 12:24 - 2015-07-15 06:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 11:27 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-07-03 11:27 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-07-03 11:27 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-07-03 11:27 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-07-03 11:27 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-07-03 11:27 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-07-03 11:27 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-07-03 11:27 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-07-03 11:27 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-07-03 11:27 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-07-03 11:27 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-07-03 11:27 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-07-03 11:27 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-07-03 11:27 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-07-03 11:27 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-07-03 11:27 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-07-03 11:27 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-07-03 11:27 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-07-03 11:27 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-07-03 11:27 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-07-03 11:27 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-07-03 11:27 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-07-03 11:27 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-07-03 11:27 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-07-03 11:27 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-07-03 11:27 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-07-03 11:27 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-07-03 11:27 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-07-03 11:27 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-07-03 11:27 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-07-03 11:27 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-07-03 11:27 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-07-03 11:27 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-07-03 11:27 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-07-03 11:27 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-07-03 11:27 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-07-03 11:27 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-07-03 11:27 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-07-03 11:27 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-07-03 11:27 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-07-03 11:27 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-07-03 11:27 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-07-03 11:27 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-07-03 11:27 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-07-03 11:27 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-07-03 11:27 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-07-03 11:27 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-07-03 11:27 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-07-03 11:27 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-07-03 11:27 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-07-03 11:27 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-07-03 11:27 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-07-03 11:27 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-07-03 11:27 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-07-03 11:27 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-07-03 11:27 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-07-03 11:27 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-07-03 11:27 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-07-03 11:27 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-07-03 11:27 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-07-03 11:27 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-07-03 11:27 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-07-03 11:27 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-07-03 11:27 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-07-03 11:27 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-07-03 11:27 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-07-03 11:27 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-07-03 11:27 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-07-03 11:27 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-07-03 11:27 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-07-03 11:27 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-07-03 11:27 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-07-03 11:27 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-07-03 11:27 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-07-03 11:27 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-07-03 11:27 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-07-03 11:27 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-07-03 11:27 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-07-03 11:27 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-07-03 11:27 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-07-03 11:27 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-07-03 11:27 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-07-03 11:27 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-07-03 11:27 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-07-03 11:27 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-07-03 11:27 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-07-03 11:27 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-07-03 11:27 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-07-03 11:27 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-07-03 11:27 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-07-03 11:27 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-07-03 11:27 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-07-03 11:27 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-07-03 11:27 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-07-03 11:27 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-07-03 11:27 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-07-03 11:27 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-07-03 11:27 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-07-03 11:27 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-07-03 11:27 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-07-03 11:27 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-07-03 11:27 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-07-03 11:27 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-07-03 11:27 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-07-03 11:27 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-07-03 11:26 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-07-03 11:26 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-07-03 11:26 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-07-03 11:26 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-07-03 11:26 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-07-03 11:26 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-07-03 11:26 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-07-03 11:26 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-07-03 11:26 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-07-03 11:26 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-07-03 11:26 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-07-03 11:26 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-07-03 11:26 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-07-03 11:26 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-07-03 11:26 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-07-03 11:26 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-07-03 11:22 - 2015-07-03 11:27 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-07-03 11:20 - 2015-07-15 06:58 - 00000000 ____D C:\Users\Jeffro\AppData\Local\Glyph
2015-07-03 11:20 - 2015-07-15 06:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-07-03 11:20 - 2015-07-15 06:58 - 00000000 ____D C:\ProgramData\Glyph
2015-07-03 11:20 - 2015-07-04 17:14 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-07-03 11:20 - 2015-07-03 11:20 - 00000999 _____ C:\Users\Jeffro\Desktop\Glyph.lnk
2015-07-03 11:17 - 2015-07-03 11:19 - 32035192 _____ (Trion Worlds Inc.) C:\Users\Jeffro\Downloads\GlyphInstall-0-120.exe
2015-07-01 15:58 - 2015-07-16 21:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-01 15:58 - 2015-07-01 15:58 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-27 20:08 - 2012-07-14 22:39 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-27 19:54 - 2012-08-24 23:03 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1004UA.job
2015-07-27 19:46 - 2012-07-14 16:34 - 00000000 ____D C:\Users\Wilson\Documents\Bluetooth Folder
2015-07-27 19:40 - 2012-08-30 21:57 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1003UA.job
2015-07-27 19:37 - 2012-07-14 22:22 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000UA.job
2015-07-27 19:36 - 2015-06-22 18:31 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000UA.job
2015-07-27 15:47 - 2012-04-28 01:55 - 01154994 _____ C:\Windows\WindowsUpdate.log
2015-07-27 15:40 - 2012-08-30 21:57 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1003Core.job
2015-07-27 15:37 - 2012-07-14 22:22 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000Core.job
2015-07-27 15:36 - 2015-06-22 18:31 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000Core.job
2015-07-27 14:04 - 2012-04-28 02:11 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-07-27 13:11 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-27 13:11 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-27 12:08 - 2012-07-14 22:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-26 20:54 - 2012-08-24 23:03 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1004Core.job
2015-07-26 19:00 - 2014-12-22 15:57 - 00000000 ___RD C:\Users\Wilson\Dropbox
2015-07-26 19:00 - 2014-12-22 15:55 - 00000000 ____D C:\Users\Wilson\AppData\Roaming\Dropbox
2015-07-26 18:35 - 2012-04-28 02:28 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-07-26 18:35 - 2012-04-28 02:28 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-07-26 18:35 - 2012-04-28 02:16 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-07-26 18:35 - 2012-04-28 02:11 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-07-26 18:34 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-26 18:34 - 2009-07-14 00:51 - 00177980 _____ C:\Windows\setupact.log
2015-07-26 18:33 - 2012-07-14 16:27 - 00000000 ____D C:\Users\Wilson
2015-07-26 18:33 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-26 18:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-26 09:56 - 2014-09-08 12:41 - 00007891 _____ C:\Windows\BRRBCOM.INI
2015-07-25 17:19 - 2013-03-12 22:23 - 00000000 ____D C:\Users\Dan\Documents\Bluetooth Folder
2015-07-25 13:17 - 2012-08-24 23:10 - 00002359 _____ C:\Users\Dan\Desktop\Google Chrome.lnk
2015-07-25 13:16 - 2012-07-14 22:26 - 00002374 _____ C:\Users\Wilson\Desktop\Google Chrome.lnk
2015-07-25 06:12 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-22 22:33 - 2012-09-02 17:17 - 00000000 ____D C:\Users\Wilson\Documents\Temp-on Doug's memory card
2015-07-22 22:03 - 2013-08-28 22:40 - 00000000 ____D C:\Users\Dan\Documents\Job applications
2015-07-22 03:18 - 2009-07-14 00:45 - 05027064 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 03:17 - 2010-11-20 23:47 - 01299054 _____ C:\Windows\PFRO.log
2015-07-20 23:03 - 2013-01-15 15:36 - 00000000 ____D C:\ProgramData\Avira
2015-07-20 22:32 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-07-20 22:19 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2015-07-20 22:18 - 2009-07-13 22:34 - 95420416 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-20 22:18 - 2009-07-13 22:34 - 47448064 _____ C:\Windows\system32\config\components.bak
2015-07-20 22:18 - 2009-07-13 22:34 - 20185088 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-20 22:18 - 2009-07-13 22:34 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-20 22:18 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-20 22:18 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-07-20 22:10 - 2012-04-28 02:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-20 21:05 - 2012-09-10 17:23 - 00432640 ___SH C:\Users\Wilson\Documents\Thumbs.db
2015-07-20 20:56 - 2014-12-28 09:40 - 00000000 ____D C:\Users\Wilson\Documents\computer
2015-07-19 15:32 - 2012-07-14 22:22 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000UA
2015-07-19 15:32 - 2012-07-14 22:22 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000Core
2015-07-19 15:31 - 2015-06-22 18:31 - 00003898 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000UA
2015-07-19 15:31 - 2015-06-22 18:31 - 00003502 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1000Core
2015-07-18 03:00 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-17 12:03 - 2012-07-14 22:39 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 12:03 - 2012-07-14 22:39 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 20:59 - 2014-12-28 14:05 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 20:49 - 2012-08-24 23:03 - 00003870 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1004UA
2015-07-15 20:49 - 2012-08-24 23:03 - 00003474 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2788050178-582097163-3900234372-1004Core
2015-07-15 06:58 - 2014-12-10 04:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 06:58 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 06:58 - 2014-02-05 10:41 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2015-07-15 06:58 - 2014-01-29 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-15 06:58 - 2012-08-30 22:01 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-15 06:58 - 2012-08-24 23:10 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-15 06:58 - 2012-07-18 07:51 - 00000000 ____D C:\Users\Dan
2015-07-15 06:58 - 2012-07-15 18:15 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\Microsoft\Windows\Start Menu\PDF Reader
2015-07-15 06:58 - 2012-07-14 22:26 - 00000000 ____D C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-15 06:58 - 2012-07-14 17:56 - 00000000 ____D C:\Users\Jeffro
2015-07-15 06:58 - 2012-04-28 02:37 - 00000000 ____D C:\ProgramData\Atheros
2015-07-15 06:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-15 06:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-15 06:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 06:58 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-15 06:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-07-15 03:17 - 2012-07-21 21:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 03:12 - 2013-07-18 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 19:37 - 2013-08-28 08:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-14 19:31 - 2009-07-14 01:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-12 14:22 - 2012-07-18 16:31 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2015-07-12 14:21 - 2014-12-07 13:19 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieBrowserModeList
2015-07-12 14:21 - 2014-05-28 12:09 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieUserList
2015-07-12 14:21 - 2014-05-28 12:09 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieSiteList
2015-07-12 14:21 - 2012-07-18 07:52 - 00001415 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-11 12:46 - 2012-07-14 17:56 - 00000000 ____D C:\Users\Jeffro\Documents\Bluetooth Folder
2015-07-11 05:51 - 2012-07-14 21:41 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6AF24388-F1D8-45C8-A36A-301A327DE957}
2015-07-10 22:19 - 2012-07-15 17:51 - 00000000 ____D C:\Users\Jeffro\AppData\Roaming\.minecraft
2015-07-07 13:42 - 2012-08-30 22:01 - 00002374 _____ C:\Users\Jeffro\Desktop\Google Chrome.lnk
2015-07-06 11:17 - 2012-07-18 07:52 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Adobe
2015-07-06 11:16 - 2012-07-23 15:31 - 00000000 ____D C:\Users\Dan\AppData\Local\Adobe
2015-07-03 11:27 - 2012-04-28 02:22 - 00010430 _____ C:\Windows\DirectX.log
2015-07-03 08:43 - 2012-07-18 19:37 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 20:37 - 2015-04-15 05:55 - 00000000 ____D C:\Users\Wilson\AppData\Local\UmmyVideoDownloader
2015-07-02 19:28 - 2015-02-08 00:06 - 00000000 ____D C:\Users\Jeffro\Documents\Boy Scouts
2015-07-01 15:58 - 2012-04-28 02:25 - 00000000 ____D C:\ProgramData\Adobe
2015-06-29 22:02 - 2012-09-02 17:13 - 00000000 ____D C:\Users\Wilson\Documents\Recipes
2015-06-27 17:57 - 2012-10-15 17:37 - 00009728 ___SH C:\Users\Dan\Thumbs.db

==================== Files in the root of some directories =======

2012-10-29 23:29 - 2013-01-21 16:51 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-03-07 22:01 - 2015-05-23 14:36 - 0115864 _____ () C:\Users\Wilson\AppData\Local\ars.cache
2013-03-07 22:02 - 2015-05-23 14:36 - 14494736 _____ () C:\Users\Wilson\AppData\Local\census.cache
2013-03-07 21:52 - 2013-03-07 21:52 - 0000036 _____ () C:\Users\Wilson\AppData\Local\housecall.guid.cache
2013-04-17 22:42 - 2013-04-17 22:42 - 0000727 _____ () C:\Users\Wilson\AppData\Local\recently-used.xbel
2014-03-08 17:52 - 2015-05-23 14:33 - 0000010 _____ () C:\Users\Wilson\AppData\Local\sponge.last.runtime.cache
2013-11-02 11:42 - 2013-11-02 11:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-11-02 11:55 - 2015-04-12 11:57 - 0007559 _____ () C:\ProgramData\hpzinstall.log
2015-07-12 09:06 - 2015-07-12 14:33 - 0001606 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
C:\Users\Wilson\AppData\Local\Temp\avgnt.exe
C:\Users\Wilson\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplwyjcd.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-23 03:27

==================== End of log ============================
Attached Files
File Type: txt Addition.txt (46.8 KB, 15 views)
ddbjwilson is offline  
Old 07-27-2015, 07:59 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ddbjwilson. You're very welcome. Glad to hear Avira is working again.

Have you intentionally disabled Security Center Alerts with a manual regfix? Not going to scold you, just asking.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    IE trusted site: HKU\S-1-5-21-2788050178-582097163-3900234372-1000\...\genieo.com -> hxxp://yahoo.genieo.com
    CHR Extension: (Babylon Toolbar) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2012-09-05]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    2015-07-11 18:10 - 2015-07-24 01:09 - 00000000 ____D C:\ProgramData\MSNetCore
    2015-07-11 18:06 - 2015-07-15 06:58 - 00000000 ____D C:\Program Files (x86)\TechVedic
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:

Code:
@echo off
for %%g in (
"C:\Windows\SysWOW64\wininit.exe"
) do zip Files_for_submission %%g
del %0
Save this as submit.bat Choose to Save type as - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on submit.bat and choose 'Run as administrator' to allow it to run. This batchfile will create a Files_for_submission.zip file in the same location where the batchfile was saved.

Please submit it to this site ==> Submit Malware Sample

Please let me know if you successfully submitted the file. Thanks.

------------------------------------------------------

Your Windows 7 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this

Before you go any further, protect this system and re-enable that feature. Click Start > Control Panel > User Accounts > Change User Account Control settings and set it back to Always Notify.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the scan log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java 7 Update 67
Java 8 Update 25


These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

Fixlog.txt
MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-30-2015, 03:15 AM   #15
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: windows 7



Hello Chemist - I have not intentionally disabled Security Center Alerts with a manual regfix. Is it now fixed with the change to user account control being enabled?
I ran FRST and fixlog is below.
I ran submit.bat, joined bleeping computer, and did the file for submission.
I enabled Windows 7 User Account Control.
I ran malwarebytes and the log is attached.
I uninstalled the two older java updates, and installed java as new. There were 3 options (instead of 2) in the delete files window, and I left the third one unchecked.
I ran eset scan and the log is below.
I did everything in that order.
Thanks again.

+++++++++++++++++++++++++++++++

Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Wilson (2015-07-29 21:14:18) Run:3
Running from C:\Users\Wilson\Downloads
Loaded Profiles: Wilson (Available Profiles: Wilson & Jeffro & Dan & Baxter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
IE trusted site: HKU\S-1-5-21-2788050178-582097163-3900234372-1000\...\genieo.com -> hxxp://yahoo.genieo.com
CHR Extension: (Babylon Toolbar) - C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2012-09-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
2015-07-11 18:10 - 2015-07-24 01:09 - 00000000 ____D C:\ProgramData\MSNetCore
2015-07-11 18:06 - 2015-07-15 06:58 - 00000000 ____D C:\Program Files (x86)\TechVedic
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-2788050178-582097163-3900234372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\genieo.com" => key removed successfully
C:\Users\Wilson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhkplhfnhceodhffomolpfigojocbpcb => moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
C:\ProgramData\MSNetCore => moved successfully.
C:\Program Files (x86)\TechVedic => moved successfully.
EmptyTemp: => 330.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:14:39 ====

+++++++++++++++++++++++++++++++++++++++++

Below is the eset log:

+++++++++++++++++++++++++++++++++++++++++

C:\AdwCleaner\Quarantine\C\Users\Baxter\AppData\Local\AskToolbar\Downloaded Program Files\AviraWebSecurity.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabMaint.x.vir a variant of Win32/Toolbar.Babylon.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll.vir Win32/Toolbar.Babylon.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BUSolution.dll.vir a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\extensionData\plugins\19.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\js\aad2d3a35c3e576a1779995a1d3636f4.js.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\js\api\246271dab335d365cebe037c626ee01f.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\js\api\832bf5d18341842761f116c6688f3e7a.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\js\api\af87a37b570c758818b1adf96f72a63a.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\js\lib\3a587e858067b4ef3b4fe05b3c1cb8cd.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\js\lib\5bedab7be0a38aa33eef071609fd84bb.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\js\lib\5eba5ebd22b89ecb175e2083f89ccebb.js.vir JS/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\js\lib\8c022ce1d312e02ab4510ccf350fa31c.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\js\lib\8d099d8f3ec6da39e189e7f8dd9949d5.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\js\lib\b263624838d88b6887f6e29ef8da2d29.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.88_0\js\lib\e354943d29a2d6c27e15f3d738e4b6c9.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jeffro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabMaint.x.vir a variant of Win32/Toolbar.Babylon.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jeffro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll.vir Win32/Toolbar.Babylon.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Jeffro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BUSolution.dll.vir a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Wilson\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe.vir Win32/Toolbar.Babylon potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\MSNetCore\cached\ms_chromeupda_118.exe a variant of Win32/InstallCore.TR potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\MSNetCore\cached\ms_chromupdat_106.exe a variant of Win32/DownloadAdmin.M potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\MSNetCore\cached\ms_chromupdat_192.exe a variant of Win32/DownloadAdmin.M potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\MSNetCore\cached\ms_chromupdat_266.exe a variant of Win32/DownloadAdmin.M potentially unwanted application
C:\FRST\Quarantine\C\Users\Wilson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll a variant of Win32/Toolbar.Babylon.Q potentially unwanted application
C:\Program Files\Family Tree Maker 2014\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnet.exe a variant of MSIL/Adware.Dowsserve.A application
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe a variant of Win32/Adware.Dowsserve.A application
C:\Program Files (x86)\ODMDownloader\VOPackage.exe multiple threats
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\zwjlm2v2y3m4bgf.sys-k.mbam a variant of Win64/NetFilter.A potentially unsafe application
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\zwjlm2v2y3m4bgf.sys-r.mbam a variant of Win64/NetFilter.A potentially unsafe application
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\zwjlm2v2y3m4bgf.sys-u.mbam a variant of Win64/NetFilter.A potentially unsafe application
C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files (x86)\428378b5-151d-4aad-aa8f-0aac63b0763d\22209261-ab1e-4fbd-b66a-70d4580fd2a5.dll.vir a variant of Win64/Toolbar.Crossrider.P potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Adobe\428378b5-151d-4aad-aa8f-0aac63b0763d.dll.vir a variant of Win64/Toolbar.Crossrider.P potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Dan\AppData\Local\nss15C0.tmp.vir Win32/AnyProtect.G potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Dan\AppData\Local\nsvF2D3.tmp.vir Win32/AnyProtect.G potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Dan\AppData\Local\nszCE1.tmp.vir Win32/AnyProtect.G potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Program Files\pcreg\pcreg.exe Win32/Conduit.SearchProtect.X potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\System Volume Information\SystemRestore\FRStaging\Users\Baxter\AppData\Local\AskToolbar\Downloaded Program Files\AviraWebSecurity.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\System Volume Information\SystemRestore\FRStaging\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll Win32/Toolbar.Babylon.Q potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Jeffro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BabylonChromeToolBar.dll Win32/Toolbar.Babylon.Q potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Jeffro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Jeffro\AppData\Local\Temp\is357113909\dp.exe a variant of Win32/DealPly.I potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Jeffro\AppData\Roaming\.minecraft\texturepacks\7zip_freely_d157185.exe a variant of Win32/InstallIQ.A potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Wilson\AppData\Local\Temp\file_3840357349.exe a variant of Win32/AdWare.SpeedingUpMyPC.G application
C:\System Volume Information\SystemRestore\FRStaging\Users\Wilson\AppData\Local\Temp\file_to_run551677.exe multiple threats
C:\System Volume Information\SystemRestore\FRStaging\Users\Wilson\AppData\Local\Temp\swupdateRunnable.exe Win32/AdWare.AddLyrics.AU application
C:\System Volume Information\SystemRestore\FRStaging\Users\Wilson\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Wilson\AppData\Local\Temp\nszDC4\SpSetup.exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Wilson\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Wilson\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Wilson\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\System Volume Information\SystemRestore\FRStaging\Users\Wilson\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\zwjlm2v2y3m4bgf.sys-k.mbam a variant of Win64/NetFilter.A potentially unsafe application
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\zwjlm2v2y3m4bgf.sys-r.mbam a variant of Win64/NetFilter.A potentially unsafe application
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\zwjlm2v2y3m4bgf.sys-u.mbam a variant of Win64/NetFilter.A potentially unsafe application
C:\Users\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Dan\AppData\Local\Mozilla\Firefox\Profiles\soybqma3.default\cache2\entries\FDCF9EE985925A24B99BB66E970788277782B150 HTML/FakeAlert.AK trojan
C:\Users\Dan\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Jeffro\AppData\Roaming\4C4C4544-1436553340-5210-804A-CAC04F4E5331\rnsuDB3F.exe a variant of Win32/Adware.ConvertAd.US application
C:\Users\Jeffro\AppData\Roaming\4C4C4544-1436553340-5210-804A-CAC04F4E5331\vnskC1CA.tmp a variant of Win32/Adware.ConvertAd.UL application
C:\Users\Jeffro\Downloads\install_24_flashplayer16x32ax_ver.2.0031.sd_update.exe.vbs VBS/TrojanDropper.Agent.NCQ trojan
C:\Users\Jeffro\Downloads\MediaPlayerClassic (1).exe a variant of Win32/Verti.B potentially unwanted application
C:\Users\Jeffro\Downloads\MediaPlayerClassic (2).exe a variant of Win32/Verti.B potentially unwanted application
C:\Users\Jeffro\Downloads\MediaPlayerClassic (3).exe a variant of Win32/Verti.B potentially unwanted application
C:\Users\Jeffro\Downloads\MediaPlayerClassic.exe a variant of Win32/Verti.B potentially unwanted application
C:\Users\Jeffro\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe a variant of Win32/Verti.G potentially unwanted application
C:\Users\Jeffro\Downloads\Video_Converter_TSV43S8RB.exe a variant of Win32/Toolbar.Conduit.AE potentially unwanted application
C:\Users\Wilson\Documents\Downloads\boomer.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Wilson\Documents\Downloads\yu2011setupcnet7.3.2011.2.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Users\Wilson\Downloads\PhotoScape_V3.7.exe Win32/OpenCandy potentially unsafe application
C:\Windows\Installer\582f548.msi a variant of Win32/Toolbar.Babylon.Q potentially unwanted application
D:\Donna\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Donna\Local Settings\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\My Documents\Downloads\boomer.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\My Documents\Downloads\yu2011setupcnet7.3.2011.2.exe Win32/Toolbar.Zugo potentially unwanted application
D:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Program Files\Avira\AntiVir Desktop\apnstub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
Attached Files
File Type: txt MAMlog.txt (1.3 KB, 13 views)
ddbjwilson is offline  
Old 07-30-2015, 01:06 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ddbjwilson. You're very welcome. Thanks for submitting the file.

UAC is different than Security Center Alerts. It'll get fixed with FRST.

------------------------------------------------------

It appears you posted an MBAM Protection Log, not a Scan Log.

Open MBAM > History > Application Logs and double-click the latest Scan Log > Export > Text file(*.txt) > name it > save it, then post the contents of the log in your next reply. Thanks.

------------------------------------------------------

Qoobox is ComboFix's quarantine folder. System Volume Information is where Windows keeps old system restore points. Both will get deleted when we uninstall ComboFix.

Most of the rest are already quarantined by AdwCleaner and FRST. Those will also get deleted when we uninstall AdwCleaner and FRST.

The Dell DataSafe and MBAM finds are false positives by ESET.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnet.exe
    C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
    C:\Program Files (x86)\ODMDownloader\VOPackage.exe
    C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res
    C:\Users\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res
    C:\Users\Dan\AppData\Local\Mozilla\Firefox\Profiles\soybqma3.default\cache2\entries\FDCF9EE985925A24B99BB66E970788277782B150
    C:\Users\Dan\Downloads\avira_free_antivirus_en.exe
    C:\Users\Jeffro\AppData\Roaming\4C4C4544-1436553340-5210-804A-CAC04F4E5331
    C:\Users\Jeffro\Downloads\install_24_flashplayer16x32ax_ver.2.0031.sd_update.exe.vbs
    C:\Users\Jeffro\Downloads\MediaPlayerClassic (1).exe
    C:\Users\Jeffro\Downloads\MediaPlayerClassic (2).exe
    C:\Users\Jeffro\Downloads\MediaPlayerClassic (3).exe
    C:\Users\Jeffro\Downloads\MediaPlayerClassic.exe
    C:\Users\Jeffro\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe
    C:\Users\Jeffro\Downloads\Video_Converter_TSV43S8RB.exe
    C:\Users\Wilson\Documents\Downloads\boomer.exe
    C:\Users\Wilson\Documents\Downloads\yu2011setupcnet7.3.2011.2.exe
    C:\Users\Wilson\Downloads\PhotoScape_V3.7.exe
    C:\Windows\Installer\582f548.msi
    D:\Donna\Local Settings\Temp\AskSLib.dll
    D:\Donna\Local Settings\Temp\setup.exe
    D:\My Documents\Downloads\boomer.exe
    D:\My Documents\Downloads\yu2011setupcnet7.3.2011.2.exe
    D:\Program Files\Avira\AntiVir Desktop\apnic.dll
    D:\Program Files\Avira\AntiVir Desktop\apnstub.exe
    D:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe
    Reg: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer" /v HideSCAHealth /f
    Reg: reg delete "HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer" /v HideSCAHealth /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-31-2015, 08:14 PM   #17
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: windows 7



Hello Chemist - When I opened the malwarebytes application logs, it only had performance logs for recent activity, and one scan log dated July 14, before I posted here for the first time. I ran another scan, without taking action, and it created a scan log. It's attached.

I ran FRST with the fixlist and the fixlog is below.
Thanks for your help.

Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Wilson (2015-07-31 22:55:14) Run:4
Running from C:\Users\Wilson\Downloads
Loaded Profiles: Wilson & (Available Profiles: Wilson & Jeffro & Dan & Baxter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnet.exe
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
C:\Program Files (x86)\ODMDownloader\VOPackage.exe
C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res
C:\Users\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res
C:\Users\Dan\AppData\Local\Mozilla\Firefox\Profiles\soybqma3.default\cache2\entries\FDCF9EE985925A24B99BB66E970788277782B150
C:\Users\Dan\Downloads\avira_free_antivirus_en.exe
C:\Users\Jeffro\AppData\Roaming\4C4C4544-1436553340-5210-804A-CAC04F4E5331
C:\Users\Jeffro\Downloads\install_24_flashplayer16x32ax_ver.2.0031.sd_update.exe.vbs
C:\Users\Jeffro\Downloads\MediaPlayerClassic (1).exe
C:\Users\Jeffro\Downloads\MediaPlayerClassic (2).exe
C:\Users\Jeffro\Downloads\MediaPlayerClassic (3).exe
C:\Users\Jeffro\Downloads\MediaPlayerClassic.exe
C:\Users\Jeffro\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe
C:\Users\Jeffro\Downloads\Video_Converter_TSV43S8RB.exe
C:\Users\Wilson\Documents\Downloads\boomer.exe
C:\Users\Wilson\Documents\Downloads\yu2011setupcnet7.3.2011.2.exe
C:\Users\Wilson\Downloads\PhotoScape_V3.7.exe
C:\Windows\Installer\582f548.msi
D:\Donna\Local Settings\Temp\AskSLib.dll
D:\Donna\Local Settings\Temp\setup.exe
D:\My Documents\Downloads\boomer.exe
D:\My Documents\Downloads\yu2011setupcnet7.3.2011.2.exe
D:\Program Files\Avira\AntiVir Desktop\apnic.dll
D:\Program Files\Avira\AntiVir Desktop\apnstub.exe
D:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe
Reg: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer" /v HideSCAHealth /f
Reg: reg delete "HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer" /v HideSCAHealth /f
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnet.exe => moved successfully.
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe => moved successfully.
C:\Program Files (x86)\ODMDownloader\VOPackage.exe => moved successfully.
C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res => moved successfully.
"C:\Users\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res" => File/Folder not found.
C:\Users\Dan\AppData\Local\Mozilla\Firefox\Profiles\soybqma3.default\cache2\entries\FDCF9EE985925A24B99BB66E970788277782B150 => moved successfully.
C:\Users\Dan\Downloads\avira_free_antivirus_en.exe => moved successfully.
C:\Users\Jeffro\AppData\Roaming\4C4C4544-1436553340-5210-804A-CAC04F4E5331 => moved successfully.
C:\Users\Jeffro\Downloads\install_24_flashplayer16x32ax_ver.2.0031.sd_update.exe.vbs => moved successfully.
C:\Users\Jeffro\Downloads\MediaPlayerClassic (1).exe => moved successfully.
C:\Users\Jeffro\Downloads\MediaPlayerClassic (2).exe => moved successfully.
C:\Users\Jeffro\Downloads\MediaPlayerClassic (3).exe => moved successfully.
C:\Users\Jeffro\Downloads\MediaPlayerClassic.exe => moved successfully.
C:\Users\Jeffro\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe => moved successfully.
C:\Users\Jeffro\Downloads\Video_Converter_TSV43S8RB.exe => moved successfully.
C:\Users\Wilson\Documents\Downloads\boomer.exe => moved successfully.
C:\Users\Wilson\Documents\Downloads\yu2011setupcnet7.3.2011.2.exe => moved successfully.
C:\Users\Wilson\Downloads\PhotoScape_V3.7.exe => moved successfully.
C:\Windows\Installer\582f548.msi => moved successfully.
D:\Donna\Local Settings\Temp\AskSLib.dll => moved successfully.
D:\Donna\Local Settings\Temp\setup.exe => moved successfully.
D:\My Documents\Downloads\boomer.exe => moved successfully.
D:\My Documents\Downloads\yu2011setupcnet7.3.2011.2.exe => moved successfully.
D:\Program Files\Avira\AntiVir Desktop\apnic.dll => moved successfully.
D:\Program Files\Avira\AntiVir Desktop\apnstub.exe => moved successfully.
D:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe => moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer" /v HideSCAHealth /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer" /v HideSCAHealth /f =========

The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => 202.2 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 22:55:58 ====
Attached Files
File Type: txt malwarescan.txt (52.3 KB, 13 views)
ddbjwilson is offline  
Old 08-01-2015, 03:28 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ddbjwilson. You're very welcome. Please run MBAM and click Remove Selected to allow MBAM to clean what was detected.

Please post that new Scan log in your next reply.

Any remaining problems? Let me know and I will give you some final instructions.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-02-2015, 07:27 AM   #19
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: windows 7



Hello Chemist - I ran the malwarebytes and the log is below. From the log, looks like nothing was found, but during the search it finds PUA - downloadAdmin and Crossrider. So should I not worry about the PUAs?
Also, what do you recommend for future prevention? Should I scan weekly? Or use one of these periodically - malwarebytes, FRST?
Thanks a lot for all your effort! I really appreciate it.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/1/2015
Scan Time: 6:57 PM
Logfile: malware2.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.01.06
Rootkit Database: v2015.07.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Wilson

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 556423
Time Elapsed: 32 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
ddbjwilson is offline  
Old 08-02-2015, 12:33 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, ddbjwilson.

Quote:
From the log, looks like nothing was found, but during the search it finds PUA - downloadAdmin and Crossrider. So should I not worry about the PUAs?
What do you mean during the search? MBAM? Anything found should show in the log.

Open MBAM > Settings > Detection and Protection > Non-Malware Protection and under both PUP and PUM make sure 'Treat detections as malware' is selected.

If you had to change them, run MBAM again.

If you still have trouble, can you post a pic of what you see?

------------------------------------------------------

As far as future prevention, I will give you some information when we cleanup.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Used RealPlayer Download, various threats
Since using RealPlayer to download video from a web page, I noticed the C/Documents and settings/network service, folder has been working over time. Its cookies folder is constantly filling up with "@system.blah blah blah" and is accompanied by several serious threats: jpeg attached.. This is...
musodude Resolved HJT Threads 13 04-07-2012 06:49 PM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
Virus Removal Assistance Requested
I am helping my Fiances cousin with her desktop. She told me she thought she had a virus (or malware) and she definitely does. It appears she's infected with the "Windows Restore" virus (or malware). I have ran DDS and attached what I could. I would run GMER on the machine both in safe mode and...
tigerfansince84 Resolved HJT Threads 13 04-26-2011 06:56 PM
.dll files missing, browser opens new tabs, google search redirects.
Hello, I'm a complete computer novice, but I know things are not right. At startup I get two pop-ups stating some .dll files are missing. I've googled these files and only got a couple of hits, it seems they're some kind of virus. My browser also opens up new tabs on it's own, and google search...
jtatauburn Resolved HJT Threads 24 04-02-2011 09:38 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:35 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts