Help....Can't run Spybot etc
I have downloaded spybot 2.4 and was able to perform the update. When I click on system scan I get the box asking if I want to allow and click yes but then nothing happens. I am pretty sure there is a virus or malware on my computer not allowing it to run. I have also tried booting in safe mode with networking and it does the same thing. Any advice? Thanks. I am also unable to install any other anti-virus software such as malwarebytes. It also won't let me update windows defender. They download but won't install. I downloaded and ran farbar and pasted the log here along with the addition.txt. I was able to download aswMBR.exe but it would not let me run it. I also did the registry backup.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Jeff (administrator) on JEFF-HP (02-02-2016 08:43:42)
Running from C:\Users\Jeff\Downloads
Loaded Profiles: Jeff (Available Profiles: Jeff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome SxS\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 208.175.140.1 1.1.1.1 208.175.142.1
Tcpip\..\Interfaces\{5D7DA511-E35C-46EA-8E1A-16A1B741A0A3}: [DhcpNameServer] 208.175.140.1 1.1.1.1 208.175.142.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {142178A3-85A5-4BBE-BA75-33E50F4698C7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {142178A3-85A5-4BBE-BA75-33E50F4698C7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000 -> {142178A3-85A5-4BBE-BA75-33E50F4698C7} URL =
SearchScopes: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: DataScrambler -> {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} -> C:\Program Files (x86)\Europ Assistance USA\Online Data Protection Suite\epbho64.dll [2011-11-23] (Europ Assistance USA)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-01] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-01] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO: PhishBlock -> {ff507020-a257-4527-a222-b6f5732e55ee} -> C:\Program Files (x86)\Europ Assistance USA\Online Data Protection Suite\plbho64.dll [2011-11-23] (Europ Assistance USA)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: DataScrambler -> {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} -> C:\Program Files (x86)\Europ Assistance USA\Online Data Protection Suite\epbho32.dll [2011-11-23] (Europ Assistance USA)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-11-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-11-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: PhishBlock -> {ff507020-a257-4527-a222-b6f5732e55ee} -> C:\Program Files (x86)\Europ Assistance USA\Online Data Protection Suite\plbho32.dll [2011-11-23] (Europ Assistance USA)
DPF: HKLM-x32 {0D062C61-F69C-11D6-A718-00C0F02CC8EE} hxxps://lpss.amerus.com/amu/reports/control/amurptview.cab
DPF: HKLM-x32 {3D4C3992-ABD6-4F85-9A1B-8568E3B4DB3E} hxxps://lpss.amerus.com/amu/InsMark/imkctl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://rainhail.webex.com/client/WBXclient-T27L10NSP28EP2-12243/support/ieatgpc1.cab
Handler-x32: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll [2012-05-18] (TODO: <Company name>)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\wl3xs6zf.default
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-11-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @update.sentrybay.com/SentryBay Update;version=8 -> C:\Program Files (x86)\SentryBay\Update\1.0.0.6878\npSentryBayOneClick8.dll [2013-09-11] (SentryBay)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1260689961-1639968932-1441414306-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Jeff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-1260689961-1639968932-1441414306-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-1260689961-1639968932-1441414306-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1260689961-1639968932-1441414306-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [sss@sentrybay.com] - C:\Program Files (x86)\Europ Assistance USA\Online Data Protection Suite\ffext
FF Extension: Online Data Protection Suite - C:\Program Files (x86)\Europ Assistance USA\Online Data Protection Suite\ffext [2013-09-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sss@sentrybay.com] - C:\Program Files (x86)\Europ Assistance USA\Online Data Protection Suite\ffext
FF HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\Firefox\Extensions: [{65B2113D-01CD-11E2-8271-B8AC6F996F26}] - C:\Users\Jeff\AppData\Local\{65B2113D-01CD-11E2-8271-B8AC6F996F26}
FF Extension: Mozilla Safe Browsing - C:\Users\Jeff\AppData\Local\{65B2113D-01CD-11E2-8271-B8AC6F996F26} [2012-10-01] [not signed]
Chrome:
=======
CHR HomePage: Default -> about:blank
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-27]
CHR Extension: (PhishBlock) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjaehcnihbogidpfieaepehilfecnodk [2013-09-16]
CHR Extension: (YouTube) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Search) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-17]
CHR Extension: (Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR HKLM-x32\...\Chrome\Extension: [bjaehcnihbogidpfieaepehilfecnodk] - C:\Program Files (x86)\Europ Assistance USA\Online Data Protection Suite\phishlock.crx [2011-11-23]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S4 EntryProtect; C:\Program Files (x86)\Europ Assistance USA\Online Data Protection Suite\epservice.exe [44392 2011-11-23] (Europ Assistance USA)
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2007-09-05] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
S4 sbupdate; C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [138600 2013-09-11] (SentryBay)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 Thn32svc; C:\Program Files\ThinPrint Client\Thn32svc.exe [1153864 2011-05-13] (ThinPrint AG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 epfilter; C:\Windows\system32\drivers\epfilter.sys [21312 2013-09-11] (SentryBay)
S2 mrtRate; no ImagePath
S3 BS3258844186; \??\C:\Users\Jeff\AppData\Local\Temp\NTFS.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Jeff\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-02 08:43 - 2016-02-02 08:44 - 00022866 _____ C:\Users\Jeff\Downloads\FRST.txt
2016-02-02 08:42 - 2016-02-02 08:42 - 02370560 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
2016-02-02 08:41 - 2016-02-02 08:41 - 01721856 _____ (Farbar) C:\Users\Jeff\Downloads\FRST.exe
2016-02-02 08:40 - 2016-02-02 08:40 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JEFF-HP-Windows-7-Home-Premium-(64-bit).dat
2016-02-02 08:40 - 2016-02-02 08:40 - 00000000 ____D C:\RegBackup
2016-02-02 08:39 - 2016-02-02 08:39 - 00016383 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-02-02 08:39 - 2016-02-02 08:39 - 00002241 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-02-02 08:39 - 2016-02-02 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-02-02 08:39 - 2016-02-02 08:39 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-02-02 08:38 - 2016-02-02 08:38 - 04777232 _____ (Tweaking.com) C:\Users\Jeff\Downloads\tweaking.com_registry_backup_setup.exe
2016-02-01 14:26 - 2016-02-01 14:26 - 00022147 _____ C:\Users\Jeff\Downloads\PPZFCOPY_79848796765050_16814141ACP GLO 721-(00000537).pdf
2016-02-01 14:25 - 2016-02-01 14:25 - 00055310 _____ C:\Users\Jeff\Downloads\PPZFCOPY_79858969765570_16814140ACP WCD 720-(00000557).pdf
2016-02-01 14:24 - 2016-02-01 14:24 - 00366952 _____ C:\Users\Jeff\Downloads\PPZFCOPY_79848796765050_16814141ACP WCD 721-(00000541).pdf
2016-02-01 09:47 - 2016-02-01 09:47 - 00435466 _____ C:\Users\Jeff\Downloads\PPZNWAG_79839894997195_41153306FPK FMPA726-(00002757).pdf
2016-01-31 13:29 - 2016-01-31 13:29 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-01-31 13:29 - 2016-01-31 13:29 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-01-31 13:29 - 2016-01-31 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-01-31 13:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-01-31 13:10 - 2016-01-31 13:24 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jeff\Downloads\spybot-2.4.exe
2016-01-29 19:37 - 2016-01-29 19:37 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-29 12:45 - 2016-01-29 12:45 - 00229131 _____ C:\Users\Jeff\Desktop\Crop Ed.pdf
2016-01-28 17:44 - 2016-01-29 13:10 - 00030208 _____ C:\Users\Jeff\Documents\Zuhlke Farms.xls
2016-01-26 11:22 - 2016-01-26 11:22 - 00002348 _____ C:\Windows\system32\ScanResults.xml
2016-01-26 11:20 - 2016-01-31 12:48 - 00000464 _____ C:\Windows\system32\ScannerSettings
2016-01-25 12:20 - 2016-01-26 08:05 - 00000000 _____ C:\Windows\system32\reimage.rep
2016-01-25 12:02 - 2016-01-25 12:02 - 13770752 _____ C:\HKEY_LOCAL_MACHINE_rei_SCHEMA
2016-01-25 12:01 - 2016-01-25 12:02 - 38764544 _____ C:\HKEY_LOCAL_MACHINE_rei_COMPONENTS
2016-01-25 12:01 - 2016-01-25 12:01 - 15007744 _____ C:\HKEY_LOCAL_MACHINE_SYSTEM
2016-01-25 11:50 - 2009-06-10 14:35 - 00145792 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G6032E.sys
2016-01-25 11:50 - 2009-06-10 12:45 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2016-01-25 11:49 - 2010-11-20 19:24 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2016-01-25 11:46 - 2016-01-25 12:20 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2016-01-25 10:44 - 2016-01-25 13:52 - 00012710 _____ C:\Windows\system32\Native.exe
2016-01-21 10:54 - 2016-01-21 10:54 - 00000000 ____D C:\ProgramData\TweakBit
2016-01-21 10:19 - 2016-01-25 11:38 - 00000640 ____H C:\ProgramData\@system3.att
2016-01-21 09:54 - 2016-01-27 13:09 - 00000167 _____ C:\Windows\Reimage.ini
2016-01-21 09:41 - 2016-01-21 09:41 - 00020876 _____ C:\ComboFix.txt
2016-01-21 09:15 - 2016-01-21 09:41 - 00000000 ____D C:\Qoobox
2016-01-21 09:15 - 2016-01-21 09:21 - 00000000 ____D C:\Windows\erdnt
2016-01-21 09:15 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-21 09:15 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-21 09:15 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-21 09:15 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-21 09:15 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-21 09:15 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-21 09:15 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-21 09:15 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-21 09:09 - 2016-02-02 08:43 - 00000000 ____D C:\FRST
2016-01-19 10:47 - 2016-01-19 10:47 - 00000000 ____D C:\Windows\SoftwareDistribution.BAK
2016-01-19 10:46 - 2016-01-19 11:04 - 00000000 ____D C:\Windows\system32\catroot2.BAK
2016-01-19 10:46 - 2016-01-19 10:46 - 00000000 ____D C:\ProgramData\FixBackups
2016-01-18 08:36 - 2011-11-03 18:38 - 17786368 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-18 08:36 - 2011-11-03 17:59 - 10886656 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-18 08:36 - 2011-11-03 17:53 - 02309120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-18 08:36 - 2011-11-03 17:46 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-18 08:36 - 2011-11-03 17:44 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-18 08:36 - 2011-11-03 17:44 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-18 08:36 - 2011-11-03 17:43 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-01-18 08:36 - 2011-11-03 17:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-18 08:36 - 2011-11-03 17:39 - 00818688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-18 08:36 - 2011-11-03 17:36 - 02144256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-18 08:36 - 2011-11-03 17:35 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-18 08:36 - 2011-11-03 17:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-18 08:36 - 2011-11-03 17:30 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-18 08:36 - 2011-11-03 15:02 - 12279808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-18 08:36 - 2011-11-03 14:47 - 01798144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-18 08:36 - 2011-11-03 14:46 - 09705472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-18 08:36 - 2011-11-03 14:40 - 01427456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-18 08:36 - 2011-11-03 14:40 - 01103360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-18 08:36 - 2011-11-03 14:39 - 01127424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-18 08:36 - 2011-11-03 14:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-01-18 08:36 - 2011-11-03 14:37 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-18 08:36 - 2011-11-03 14:35 - 00716800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-18 08:36 - 2011-11-03 14:32 - 01792000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-18 08:36 - 2011-11-03 14:32 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-18 08:36 - 2011-11-03 14:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-18 08:36 - 2011-11-03 14:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-18 08:36 - 2011-02-17 10:36 - 00697344 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-18 08:36 - 2011-02-17 10:36 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-18 08:36 - 2011-02-17 10:36 - 00580608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-18 08:36 - 2011-02-17 10:36 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-18 08:36 - 2011-02-17 10:36 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-18 08:36 - 2011-02-17 10:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-18 08:36 - 2011-02-17 10:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-18 08:36 - 2011-02-17 10:36 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-18 08:36 - 2011-02-17 10:36 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-18 08:36 - 2011-02-17 10:36 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-18 08:36 - 2011-02-17 10:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-18 08:36 - 2011-02-17 10:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-18 08:36 - 2011-02-17 10:36 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-01-18 08:36 - 2011-02-17 10:36 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-01-18 08:36 - 2011-02-17 10:36 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-01-18 08:36 - 2011-02-17 10:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-01-18 08:36 - 2011-02-17 10:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-01-18 08:36 - 2011-02-17 10:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-01-15 14:35 - 2016-01-15 14:35 - 00009764 _____ C:\Users\Jeff\Documents\Payroll 2016.xlsx
2016-01-15 13:31 - 2016-01-15 13:37 - 00000000 ___DC C:\Users\Jeff\AppData\Local\MigWiz
2016-01-15 10:51 - 2012-10-02 11:40 - 00000860 _____ C:\Windows\system32\Drivers\etc\hosts.20160115-105155.backup
2016-01-15 10:25 - 2016-01-31 13:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-15 10:25 - 2016-01-15 10:25 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-01-15 10:05 - 2016-01-25 11:38 - 00000904 ____H C:\ProgramData\@system.temp
2016-01-14 15:05 - 2016-01-14 15:05 - 00000000 ____D C:\ProgramData\TechUtilities64
2016-01-14 14:22 - 2016-01-14 14:22 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2016-01-14 14:22 - 2016-01-14 14:22 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2016-01-14 14:22 - 2016-01-14 14:22 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2016-01-14 14:22 - 2016-01-14 14:22 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2016-01-14 14:22 - 2016-01-14 14:22 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2016-01-14 14:22 - 2016-01-14 14:22 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2016-01-14 14:22 - 2016-01-14 14:22 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2016-01-14 14:22 - 2016-01-14 14:22 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-01-14 14:22 - 2016-01-14 14:22 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-14 14:22 - 2016-01-14 14:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2016-01-14 14:22 - 2016-01-14 14:22 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-01-14 14:22 - 2016-01-14 14:22 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2016-01-14 14:22 - 2016-01-14 14:22 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2016-01-14 14:22 - 2016-01-14 14:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-01-14 14:22 - 2016-01-14 14:22 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2016-01-14 14:22 - 2016-01-14 14:22 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2016-01-14 13:30 - 2010-11-20 19:24 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-01-14 13:30 - 2010-11-20 19:24 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-01-14 13:30 - 2010-11-20 19:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-14 13:30 - 2010-11-20 19:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-14 13:30 - 2010-11-20 19:23 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-01-14 13:30 - 2010-11-20 19:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-14 13:30 - 2010-11-20 19:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-14 13:30 - 2010-11-20 19:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-14 13:30 - 2009-07-13 17:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-01-14 13:30 - 2009-07-13 17:40 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2016-01-14 13:30 - 2009-07-13 17:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2016-01-14 13:30 - 2009-07-13 17:14 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-14 13:29 - 2010-11-20 19:24 - 03715584 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 02341376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 01456128 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 01371136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 01154048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-01-14 13:29 - 2010-11-20 19:24 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-01-14 13:29 - 2010-11-20 19:24 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-01-14 13:29 - 2010-11-20 19:24 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-01-14 13:29 - 2010-11-20 19:23 - 03215872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-01-14 13:29 - 2010-11-20 19:23 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-01-14 13:29 - 2010-11-20 19:23 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2016-01-14 13:29 - 2010-11-20 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-01-14 13:29 - 2009-07-13 17:41 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-01-14 13:29 - 2009-07-13 17:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-01-14 13:29 - 2009-07-13 17:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-01-14 13:29 - 2009-07-13 17:40 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-01-14 13:29 - 2009-07-13 17:29 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-01-14 13:29 - 2009-07-13 17:15 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-01-14 13:29 - 2009-07-13 17:15 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2016-01-14 13:29 - 2009-07-13 17:07 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-01-14 13:28 - 2015-12-08 13:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-14 13:28 - 2015-12-08 13:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-14 13:28 - 2015-12-08 12:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-14 13:28 - 2015-12-08 12:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-14 13:28 - 2015-12-08 12:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-14 13:28 - 2015-07-22 18:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-01-14 13:28 - 2015-07-22 10:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-01-14 13:28 - 2010-11-20 19:25 - 03207680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-14 13:28 - 2010-11-20 19:25 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-14 13:28 - 2010-11-20 19:25 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-14 13:28 - 2010-11-20 19:25 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-14 13:28 - 2010-11-20 19:25 - 00902656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-14 13:28 - 2010-11-20 19:25 - 00830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-14 13:28 - 2010-11-20 19:25 - 00738816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-14 13:28 - 2010-11-20 19:25 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-14 13:28 - 2010-11-20 19:25 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-14 13:28 - 2010-11-20 19:25 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 04120064 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-14 13:28 - 2010-11-20 19:24 - 01881088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 01792000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 01390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-14 13:28 - 2010-11-20 19:24 - 01171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-14 13:28 - 2010-11-20 19:24 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-14 13:28 - 2010-11-20 19:24 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-14 13:28 - 2010-11-20 19:24 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-14 13:28 - 2010-11-20 19:24 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-14 13:28 - 2010-11-20 19:24 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-14 13:28 - 2010-11-20 19:24 - 00112000 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-01-14 13:28 - 2010-11-20 19:24 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-01-14 13:28 - 2010-11-20 19:23 - 01927680 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-01-14 13:28 - 2010-11-20 19:23 - 01572352 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-14 13:28 - 2010-11-20 19:23 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-14 13:28 - 2010-11-20 19:23 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-14 13:28 - 2010-11-20 19:23 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-14 13:28 - 2009-07-13 17:41 - 02643456 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-14 13:28 - 2009-07-13 17:41 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-14 13:28 - 2009-07-13 17:41 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 00844800 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-01-14 13:28 - 2009-07-13 17:41 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 00430592 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-14 13:28 - 2009-07-13 17:41 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-14 13:28 - 2009-07-13 17:41 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-14 13:28 - 2009-07-13 17:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-14 13:28 - 2009-07-13 17:40 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-14 13:28 - 2009-07-13 17:40 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-14 13:28 - 2009-07-13 17:39 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-01-14 13:28 - 2009-07-13 17:39 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-01-14 13:28 - 2009-07-13 17:39 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-14 13:28 - 2009-07-13 17:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-14 13:28 - 2009-07-13 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-01-14 13:28 - 2009-07-13 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-01-14 13:28 - 2009-07-13 17:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-14 13:28 - 2009-07-13 17:16 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-14 13:28 - 2009-07-13 17:16 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-14 13:28 - 2009-07-13 17:16 - 00812032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-14 13:28 - 2009-07-13 17:16 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-14 13:28 - 2009-07-13 17:16 - 00606720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-01-14 13:28 - 2009-07-13 17:16 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-14 13:28 - 2009-07-13 17:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-14 13:28 - 2009-07-13 17:16 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-14 13:28 - 2009-07-13 17:15 - 02134016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-14 13:28 - 2009-07-13 17:15 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-14 13:28 - 2009-07-13 17:15 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-14 13:28 - 2009-07-13 17:15 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-14 13:28 - 2009-07-13 17:15 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-14 13:28 - 2009-07-13 17:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-14 13:28 - 2009-07-13 17:15 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-14 13:28 - 2009-07-13 17:15 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-14 13:28 - 2009-07-13 17:15 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-14 13:28 - 2009-07-13 17:15 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-14 13:28 - 2009-07-13 17:15 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-14 13:28 - 2009-07-13 17:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-14 13:28 - 2009-07-13 17:15 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-14 13:28 - 2009-07-13 17:14 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-01-14 13:28 - 2009-07-13 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-14 13:28 - 2009-07-13 17:14 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-14 13:28 - 2009-07-13 17:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-01-14 13:28 - 2009-07-13 17:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-01-14 13:28 - 2009-07-13 17:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-14 13:27 - 2015-11-16 19:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-14 13:27 - 2015-11-16 19:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-14 13:27 - 2015-11-16 19:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-14 13:27 - 2015-11-16 19:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-14 13:27 - 2015-11-16 19:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-14 13:27 - 2015-11-16 19:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-14 13:27 - 2011-11-23 20:52 - 03145216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-14 13:27 - 2011-10-25 21:21 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-14 13:27 - 2011-07-15 21:41 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-14 13:27 - 2011-07-15 21:41 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-14 13:27 - 2011-07-15 21:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-14 13:27 - 2011-07-15 21:39 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-14 13:27 - 2011-07-15 21:37 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-14 13:27 - 2011-07-15 21:37 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:29 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-14 13:27 - 2011-07-15 20:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-14 13:27 - 2011-07-15 20:24 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-14 13:27 - 2011-07-15 20:24 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-14 13:27 - 2011-07-15 20:24 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 20:15 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 18:21 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-14 13:27 - 2011-07-15 18:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-14 13:27 - 2011-07-15 18:17 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 18:17 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 18:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-14 13:27 - 2011-07-15 18:17 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-14 13:27 - 2011-07-08 18:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-14 13:27 - 2011-06-23 21:34 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-14 13:27 - 2011-06-23 21:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-14 13:27 - 2011-06-22 21:43 - 05561216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-14 13:27 - 2011-06-22 20:33 - 03967872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-14 13:27 - 2011-06-22 20:33 - 03912576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-14 13:27 - 2011-04-26 18:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-14 13:27 - 2011-04-26 18:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-14 13:27 - 2011-02-19 04:03 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-01-14 13:27 - 2011-02-19 01:00 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-01-14 13:27 - 2011-02-18 22:30 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-01-14 13:27 - 2011-02-18 20:34 - 00294912 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-01-14 13:27 - 2010-12-17 03:40 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-14 13:27 - 2010-12-16 23:07 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-14 13:27 - 2010-11-20 19:25 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-14 13:27 - 2010-11-20 19:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-14 13:27 - 2010-11-20 19:24 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 01292096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 01219584 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00152960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-14 13:27 - 2010-11-20 19:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00095616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-14 13:27 - 2010-11-20 19:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-14 13:27 - 2010-11-20 19:24 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-14 13:27 - 2010-11-20 19:23 - 01731936 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-14 13:27 - 2010-09-30 02:42 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-01-14 13:27 - 2010-09-29 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-01-14 13:27 - 2009-07-13 17:41 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-14 13:27 - 2009-07-13 17:41 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-14 13:27 - 2009-07-13 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-14 13:27 - 2009-07-13 17:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-01-14 13:27 - 2009-07-13 17:40 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-14 13:27 - 2009-07-13 17:40 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-14 13:27 - 2009-07-13 17:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-14 13:27 - 2009-07-13 17:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-01-14 13:27 - 2009-07-13 17:39 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-14 13:27 - 2009-07-13 17:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-14 13:27 - 2009-07-13 17:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-14 13:27 - 2009-07-13 17:29 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-14 13:27 - 2009-07-13 17:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-14 13:27 - 2009-07-13 17:24 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-14 13:27 - 2009-07-13 17:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-14 13:27 - 2009-07-13 17:16 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-14 13:27 - 2009-07-13 17:16 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-14 13:27 - 2009-07-13 17:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-14 13:27 - 2009-07-13 17:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-14 13:27 - 2009-07-13 17:15 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-01-14 13:27 - 2009-07-13 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-14 13:27 - 2009-07-13 17:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-01-14 13:27 - 2009-07-13 17:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-14 13:27 - 2009-07-13 17:06 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-14 13:27 - 2009-07-13 17:03 - 00680448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-14 13:27 - 2009-07-13 17:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-14 13:20 - 2010-11-20 19:24 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-01-12 14:42 - 2016-01-13 08:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-12 14:42 - 2016-01-12 14:42 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-12 14:42 - 2016-01-12 14:42 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-12 14:42 - 2016-01-12 14:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-08 16:30 - 2016-01-14 14:52 - 00001449 _____ C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-08 16:30 - 2016-01-14 14:52 - 00001415 _____ C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-01-08 15:18 - 2016-01-19 10:55 - 02274586 _____ C:\Users\Jeff\AppData\Local\IconCache.db_Fix_Backup
2016-01-07 08:56 - 2016-02-01 11:05 - 00030720 _____ C:\Users\Jeff\Documents\2015 Tax.xls
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-02 08:27 - 2011-09-27 13:15 - 00000000 ____D C:\Users\Jeff\AppData\Local\TMPEZ
2016-02-02 08:27 - 2011-09-27 12:11 - 00000000 ____D C:\EAPPW
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Jeff (2016-02-02 08:44:29)
Running from C:\Users\Jeff\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-09-26 18:38:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1260689961-1639968932-1441414306-500 - Administrator - Disabled)
Guest (S-1-5-21-1260689961-1639968932-1441414306-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1260689961-1639968932-1441414306-1002 - Limited - Enabled)
Jeff (S-1-5-21-1260689961-1639968932-1441414306-1000 - Administrator - Enabled) => C:\Users\Jeff
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
.print Client Windows (RDP) (HKLM\...\{864EE2DE-BC86-4F70-8C19-0B1A3C46E405}) (Version: 8.0.93 - ThinPrint AG)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Brother MFL-Pro Suite MFC-9560CDW (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.0.30.0 - Brother Industries, Ltd.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DreamMail 4.6 (HKLM-x32\...\DreamMail 4.6) (Version: 4.6.8.6 - DreamStudio)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FAST Resources (HKLM-x32\...\FAST_Resources_and_Tools_1.0) (Version: - University of Illinois)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome Canary (HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\Google Chrome SxS) (Version: 49.0.2622.0 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
insuranceware pdf (novaPDF 6.4 printer) (HKLM\...\insuranceware pdf_is1) (Version: - Softland)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Excel 97 (HKLM-x32\...\Excel) (Version: - )
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook 97 (HKLM-x32\...\Outlook) (Version: - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 2000 (HKLM-x32\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NACIS (x32 Version: 16.2 - North American Company) Hidden
NACIS (x32 Version: 16.3.2 - North American Company) Hidden
NACIS (x32 Version: 16.4 - North American Company) Hidden
NACIS (x32 Version: 17.1 - North American Company) Hidden
NACIS (x32 Version: 17.3 - North American Company) Hidden
NACIS (x32 Version: 19.2 - North American Company) Hidden
NACIS (x32 Version: 19.3 - North American Company) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Online Data Protection Suite (HKLM-x32\...\{A3217415-0BD4-4252-BF9F-3AF4A267B04C}) (Version: 5.5.0.6885 - Europ Assistance USA)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
QuickBooks Pro 2008 (HKLM-x32\...\{8ECB8220-F422-4BEB-9596-97033C533702}) (Version: 18.0.4001.606 - Intuit Inc.)
Quicken 2004 (HKLM-x32\...\InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}) (Version: 13.00.0000 - Intuit)
Quicken 2004 (x32 Version: 13.00.0000 - Intuit) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Scansoft PDF Professional (x32 Version: - ) Hidden
ScrewDrivers Client v4 with Citrix Receiver Web 3.4 (HKLM-x32\...\{216D6E63-197C-469A-837A-A3C741F4C2B1}) (Version: 4.6.01.09 - triCerat, Inc.)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
SentryBay Update Helper (x32 Version: 1.0.0.6878 - SentryBay) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Simplicityii LTC Illustration System (HKLM-x32\...\Simplicityii LTC Illustration System) (Version: - Creative Software Alliance Inc.)
Simplifile Extensions 1.9 (HKLM-x32\...\Simplifile Extensions_is1) (Version: - Simplifile, LLC)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
ThinPrint Client Windows 8.6 (HKLM\...\{9AD41A70-1C18-48BD-A527-F54E548D3886}) (Version: 8.6.50 - ThinPrint AG)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
UNL (HKLM-x32\...\{C88DA931-4BB1-4B66-BBBF-58413B81A7BB}) (Version: 15.11.12 - Micro Software, Inc.)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlex (HKLM-x32\...\WinFlex) (Version: - )
WinFlex 6 (HKLM-x32\...\WinFlex 6_is1) (Version: 6.113.0.22 - Ebix Exchange, INC)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Jeff\AppData\Local\Google\Chrome SxS\Application\49.0.2622.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0222D99E-D495-4FCB-9F6B-E202D3FFDDEE} - System32\Tasks\{F286F61D-B6E5-4181-8CE7-46588C771C5E} => C:\Program Files (x86)\WinMail\WinMail.exe [2008-01-20] (Microsoft Corporation)
Task: {1275F75D-81AA-4F2F-B130-724D1E9902F5} - System32\Tasks\{9C63C4A1-13DC-41D2-B9DA-5014C9FCC274} => C:\Program Files (x86)\WinMail\WinMail.exe [2008-01-20] (Microsoft Corporation)
Task: {1B2E3610-BD70-430C-A455-12DEC9F242F8} - System32\Tasks\{3AB94D70-4D21-4F1F-9BE4-59C4CCA36751} => pcalua.exe -a "C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY8DDZ11\v4506_web_combo (1).exe" -d C:\Users\Jeff\Desktop
Task: {1F18B365-E3A0-4718-9636-7CACC910245D} - System32\Tasks\{854EB71D-D119-4595-B3AC-17A9DBE85E35} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Office\Office\Setup\AcmeOtlk.exe" -c /w Outlook.stf
Task: {3C6BDB40-ACB9-4934-BAF6-89D9F44CD192} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {402ACBA3-74E2-4903-9431-00921D6C842F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {49F140D1-7C0D-4C9B-93B0-31B01F79FADF} - System32\Tasks\SentryBayUpdateTaskMachineCore => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [2013-09-11] (SentryBay)
Task: {4F71AFE4-BC19-40DC-8494-8FF46F31D752} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {987FE82C-98DA-498D-881F-1F621787CBFF} - System32\Tasks\{773C8353-35C3-4BD8-B27F-C2CA7E5D51D3} => C:\Program Files (x86)\WinMail\WinMail.exe [2008-01-20] (Microsoft Corporation)
Task: {A60EAE4C-51B0-4350-958C-71501ACE71CE} - System32\Tasks\{90DD83D3-C7C3-446F-8131-2CCB3D4CCDB0} => C:\Program Files (x86)\WinMail\WinMail.exe [2008-01-20] (Microsoft Corporation)
Task: {B5C2E0C8-EBA3-4B2D-B6AB-1E0511FFA015} - System32\Tasks\SentryBayUpdateTaskMachineUA => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe [2013-09-11] (SentryBay)
Task: {BB03815E-BAA5-471D-90F6-6BB41A76C6C9} - System32\Tasks\{3C850FC6-26ED-4B72-81B5-806A76BE1CE8} => pcalua.exe -a E:\EappClass\Setupws.exe -d E:\EappClass
Task: {C603EC86-46FD-4758-B59D-A997A59759DC} - System32\Tasks\{BF82D9DF-6869-4F84-961A-A9887CEE0744} => C:\EAPPW\eappw.exe [2012-05-01] (Agency Software, Inc.)
Task: {C9EFB8B9-150F-4836-9429-E78B7A3F45E1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D4675672-38BC-4A13-8554-11E36274DB57} - System32\Tasks\{83A00793-9EC9-4921-A555-478C76B28E08} => C:\Users\Jeff\Downloads\mbam-setup-2.2.0.1024.exe
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E2D38AAF-6A4B-47BD-AB2E-165704774EA3} - System32\Tasks\{745008B9-F20D-4B07-9ED5-7AC7377EDF50} => C:\Program Files (x86)\WinMail\WinMail.exe [2008-01-20] (Microsoft Corporation)
Task: {E59C0DD2-3B0F-47C6-BCB2-E15E9FF49E94} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {FF3CF9D4-2216-4419-A783-C15EBB786C8B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {FF40A5F3-A5B6-4CDE-AD98-85C3898EE82A} - System32\Tasks\{C687E7F3-2ADF-462B-8620-37DDD5C231D2} => pcalua.exe -a "C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY8DDZ11\v4506_web_combo.exe" -d C:\Users\Jeff\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\SentryBayUpdateTaskMachineCore.job => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe
Task: C:\Windows\Tasks\SentryBayUpdateTaskMachineUA.job => C:\Program Files (x86)\SentryBay\Update\SentryBayUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-11-23 14:54 - 2011-02-28 16:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-01-15 08:05 - 2016-01-15 09:24 - 02143048 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome SxS\Application\49.0.2622.0\libglesv2.dll
2016-01-15 08:05 - 2016-01-15 09:24 - 00100168 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome SxS\Application\49.0.2622.0\libegl.dll
2011-09-26 15:15 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-01-24 17:14 - 2011-04-20 17:49 - 00978944 ____N () C:\Program Files (x86)\ControlCenter4\BrImgProc.dll
2016-01-29 19:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-29 19:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-29 19:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-31 13:29 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-31 13:29 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
IE trusted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\imtins.com -> hxxps://www.imtins.com
IE trusted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\motoristsgroup.com -> hxxps://secure.motoristsgroup.com
IE trusted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\rainhail.com -> hxxps://biz.rainhail.com
IE trusted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\remititonline.com -> hxxps://remititonline.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\...\123simsen.com -> www.123simsen.com
There are 7863 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1260689961-1639968932-1441414306-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.175.140.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: atashost => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: EntryProtect => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: PDFProFiltSrvPP => 2
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\Services: sbupdate => 2
MSCONFIG\Services: Thn32svc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk => C:\Windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk => C:\Windows\pss\Quicken Scheduled Updates.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DreamMail.lnk => C:\Windows\pss\DreamMail.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AuthHost_32 => "C:\PROGRA~3\AuthHost_32.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: BrowserMe => C:\Users\Jeff\AppData\Roaming\BrowserMe\GoogleUpdate.exe
MSCONFIG\startupreg: BrowserUpdate => C:\Users\Jeff\AppData\Roaming\BrowserMe\GoogleUpdate.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: Chrome => C:\PROGRA~3\taskhost.exe
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: Data Protection Suite => "C:\Program Files (x86)\Europ Assistance USA\Online Data Protection Suite\dps.exe"
MSCONFIG\startupreg: dCgGX4396E37 => regsvr32.exe /s "C:\PROGRA~3\dCgGX4396E37.dll"
MSCONFIG\startupreg: Google Update => "C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: igfxCUIService => "C:\PROGRA~3\igfxCUIService.exe"
MSCONFIG\startupreg: igfxEM_64 => "C:\PROGRA~3\igfxEM_64.exe"
MSCONFIG\startupreg: igfxEM_86 => "C:\PROGRA~3\igfxEM_86.exe"
MSCONFIG\startupreg: igfxext => "C:\PROGRA~3\igfxext.exe"
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: java-rmi_32 => "C:\PROGRA~3\java-rmi_32.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: PhishLock => "C:\Program Files (x86)\Europ Assistance USA\Online Data Protection Suite\pl.exe"
MSCONFIG\startupreg: PPort12reminder => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: SBRegRebootCleaner => "C:\Program Files (x86)\STOPzilla!\sbrc.exe"
MSCONFIG\startupreg: ScrewDrivers RDP Plugin => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{D15793AC-FCA2-46DC-A641-974A52950311}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{4D32986E-2427-4646-9EA6-B09785AC698C}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{3659C5A5-25FE-4431-970C-25A2F421EB29}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{7C5910C4-D913-41F9-94D9-10171C57E819}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{CCA4454F-309F-4406-A17E-03332B0B4487}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{0F8B2EE2-16CE-4C33-928E-3C155CFBDB74}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{1663F99C-89A1-4298-BFBF-F71BA66DDA93}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{907D8450-03A6-4BCA-9C13-82D23A7C6A2D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{928CB9C9-3FD0-4475-A031-17C28560B06E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{84F38FD0-B15B-4588-96E9-503519799D3B}] => (Allow) LPort=2869
FirewallRules: [{871566AA-D148-4216-9FEF-5B4AFE28662C}] => (Allow) LPort=1900
FirewallRules: [{806C39F6-94CC-48BF-B625-788CEAC8912A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2A4D2BA9-E31B-4E62-BE4A-DA00EE5FECA2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{77CC9A48-22CB-4DFF-A0CF-EF282358ED3B}] => (Allow) C:\Program Files\ThinPrint Client\Thn32svc.exe
FirewallRules: [TCP Query User{E34172F0-D83C-4633-9ADF-4BE20F2927FC}C:\program files (x86)\scansoft\paperport\pplinks.exe] => (Allow) C:\program files (x86)\scansoft\paperport\pplinks.exe
FirewallRules: [UDP Query User{BCDCE141-F3DA-4640-AB0B-6D757D616E67}C:\program files (x86)\scansoft\paperport\pplinks.exe] => (Allow) C:\program files (x86)\scansoft\paperport\pplinks.exe
FirewallRules: [TCP Query User{16BBF1BB-1757-49F3-8E1D-A8419B35181A}C:\program files (x86)\nuance\paperport\pplinks.exe] => (Allow) C:\program files (x86)\nuance\paperport\pplinks.exe
FirewallRules: [UDP Query User{2EAA39F4-8D94-4BFB-BE12-F01A68BFF241}C:\program files (x86)\nuance\paperport\pplinks.exe] => (Allow) C:\program files (x86)\nuance\paperport\pplinks.exe
FirewallRules: [{E236361D-2CE8-43D1-8ED2-B6D0FB089BFE}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\7ZipSfx.000\scremote.exe
FirewallRules: [{E830DC6D-3C39-4BDF-A0DE-B934EF22EB18}] => (Allow) C:\Users\Jeff\AppData\Local\Temp\7ZipSfx.000\scremote.exe
FirewallRules: [TCP Query User{06FD8BD3-C9E5-4F07-B5F2-8C94F7118B44}C:\users\jeff\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\jeff\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{7AC89179-D61E-4408-865F-2EF3FE9EC6BA}C:\users\jeff\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\jeff\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{4BB6D278-1779-4433-9561-405E5E644573}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{AAC5031E-113F-4CA8-AF5B-18C7B292B809}] => (Allow) C:\Windows\Explorer.EXE
FirewallRules: [TCP Query User{42156A62-53A0-459B-AC86-B8B289DE65BA}C:\program files (x86)\noguska\nolapro\apache\bin\httpd.exe] => (Allow) C:\program files (x86)\noguska\nolapro\apache\bin\httpd.exe
FirewallRules: [UDP Query User{9011F1BA-0103-45E0-8889-186414DE89C2}C:\program files (x86)\noguska\nolapro\apache\bin\httpd.exe] => (Allow) C:\program files (x86)\noguska\nolapro\apache\bin\httpd.exe
FirewallRules: [{094EC8E2-3B3B-4694-B2C0-204A273B1EC1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7832DA26-CE10-4887-BE1F-6CD5A8E52157}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
25-01-2016 10:48:11 Reimage Repair Restore Point
25-01-2016 13:57:02 Reimage Repair Restore Point
27-01-2016 13:20:36 Reimage Repair Restore Point
28-01-2016 15:05:22 Windows Update
29-01-2016 07:56:50 Windows Modules Installer
29-01-2016 07:58:01 Windows Modules Installer
29-01-2016 08:01:31 Windows Modules Installer
29-01-2016 08:02:01 Windows Modules Installer
29-01-2016 08:03:33 Windows Modules Installer
29-01-2016 15:41:23 Windows Modules Installer
29-01-2016 18:22:34 Windows Modules Installer
29-01-2016 20:02:37 Restore Operation
==================== Faulty Device Manager Devices =============
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/01/2016 02:31:00 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/02/01 14:31:00.835]: [00004800]: Initialize TwdsMain Class failed!
Error: (02/01/2016 02:31:00 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/02/01 14:31:00.835]: [00004800]: ##### Fatal ERROR!! Create STI-device failed! #####
Error: (02/01/2016 01:00:25 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/02/01 13:00:25.256]: [00004800]: Initialize TwdsMain Class failed!
Error: (02/01/2016 01:00:25 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/02/01 13:00:25.256]: [00004800]: ##### Fatal ERROR!! Create STI-device failed! #####
Error: (02/01/2016 11:28:24 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/02/01 11:28:24.985]: [00004800]: Initialize TwdsMain Class failed!
Error: (02/01/2016 11:28:24 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/02/01 11:28:24.985]: [00004800]: ##### Fatal ERROR!! Create STI-device failed! #####
Error: (02/01/2016 11:14:17 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/02/01 11:14:17.637]: [00004800]: Initialize TwdsMain Class failed!
Error: (02/01/2016 11:14:17 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/02/01 11:14:17.637]: [00004800]: ##### Fatal ERROR!! Create STI-device failed! #####
Error: (02/01/2016 10:24:51 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksQBAddins (first time)
QBMenuItem (9 times)
AddTo (first time) ('AddCreateWorkOrdersHere'): Lookup value not found
Error: (02/01/2016 10:24:48 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
System errors:
=============
Error: (01/31/2016 01:05:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE
Error: (01/31/2016 01:04:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058
Error: (01/31/2016 01:04:45 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
Error: (01/31/2016 01:04:45 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
Error: (01/31/2016 01:04:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2
Error: (01/31/2016 01:04:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sbapifs service failed to start due to the following error:
%%2
Error: (01/29/2016 08:21:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE
Error: (01/29/2016 08:21:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058
Error: (01/29/2016 08:21:40 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
Error: (01/29/2016 08:21:40 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
CodeIntegrity:
===================================
Date: 2016-01-21 09:20:34.429
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-01-21 09:20:34.373
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 840T Processor
Percentage of memory in use: 43%
Total physical RAM: 3839.29 MB
Available physical RAM: 2167.48 MB
Total Virtual: 7678.57 MB
Available Virtual: 5509.98 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:920.22 GB) (Free:852.3 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.19 GB) (Free:1.32 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2FBF2F44)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
AdwCleaner
Run as administrator to run the programme.
Originally Posted by JHammer33
Malwarebytes Anti-Rootkit
icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)