Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Tom (administrator) on TOM-PC on 19-02-2015 09:53:24
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available profiles: Tom)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHOA.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\HP\Button Manager\BM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\A6100\A6100.EXE
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-03-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7780696 2013-08-22] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKLM\...\Policies\Explorer: [DontSetAutoplayCheckbox] 0
HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [EPSON5EE03E (Artisan 837) Wireless] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [283232 2014-06-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [Artisan 837(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [283232 2014-06-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHOA.EXE [283232 2014-06-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
ShortcutTarget: HP Button Manager.lnk -> C:\Program Files (x86)\HP\Button Manager\BM.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk
ShortcutTarget: NETGEAR A6100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (Realtek Semiconductor Corp.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cbsnews.com/
HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {1B12CB9C-A4E6-4C9C-84DA-557C2E933407} URL =
http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {57B6DE56-5995-4CD6-867A-47EF04C0109C} URL =
http://www.howjsay.com/index.php?word={searchTerms}&submit=Submit
SearchScopes: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> {D45176CD-A3FB-4A0C-83F7-E92636E0F9AB} URL =
https://duckduckgo.com/?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1862415566-3628807105-2020376286-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533}
https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {2703049B-D81D-4763-A3C6-AF8932FCBD8F}
https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F2CD9B04-2AC5-4210-8D4C-77BE0C17D0FB}: [NameServer] 95.169.183.219,89.41.60.38
FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c5wpjdrg.default-1364492973437
FF DefaultSearchEngine: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Binkiland
FF Homepage: hxxp://www.foxnews.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @dahuatech.com/npmedia3.0.0.1,version=3.0.0.1 -> C:\Program Files (x86)\webrec\P2PClient\1.01.31.0\npmedia.dll ()
FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\3.1.0.4\npmedia.dll ()
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\DVR32\3.1.0.4\npTimeGrid.dll (Unauthorized copy)
FF Plugin-x32: @IPC/npmedia3.0.0.1,version=3.0.0.1 -> C:\Program Files (x86)\webrec\Torch\3.0.0.1\npmedia3.0.0.1.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Private Tab - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\c5wpjdrg.default-1364492973437\Extensions\
[email protected] [2014-03-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-02-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-02-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-17]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013-05-24]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF Extension: Kaspersky виртуелна тастатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013-05-24]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013-05-24]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013-05-24]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected] [2013-05-24]
FF HKU\S-1-5-21-1862415566-3628807105-2020376286-1001\...\Firefox\Extensions: [
[email protected]] - C:\Users\Tom\AppData\Local\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Users\Tom\AppData\Local\PasswordBox\Firefox [2013-03-24]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] -
https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-05-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 ASTSRV; C:\Windows\SysWOW64\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CareMon; C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [146792 2011-11-15] ()
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [63488 2010-10-03] (Nalpeiron Ltd.) [File not signed]
R2 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (Realtek Semiconductor Corp.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 SessionLauncher; C:\Users\Tom\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 A6100; C:\Windows\System32\DRIVERS\A6100.sys [2944216 2013-07-08] (Realtek Semiconductor Corporation )
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-02-13] (Conexant Systems, Inc.)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2013-02-08] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221184 2012-05-10] (Renesas Electronics Corporation)
S3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS36.SYS [287744 2009-06-10] (Conexant Systems, Inc.)
R2 supersafer64; C:\Windows\SysWOW64\drivers\supersafer64.sys [238072 2011-11-15] (Spotmau)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-16] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-02-16] (Acronis)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-02-16] (Acronis International GmbH)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-16] (CyberLink Corp.)
S3 cpuz134; \??\C:\Users\Tom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-19 09:53 - 2015-02-19 09:53 - 00030796 _____ () C:\Users\Tom\Desktop\FRST.txt
2015-02-19 09:52 - 2015-02-19 09:52 - 02086912 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2015-02-19 09:52 - 2015-02-19 09:52 - 00000000 ____D () C:\Users\Tom\Desktop\FRST-OlderVersion
2015-02-19 09:51 - 2015-02-19 09:51 - 00468480 _____ () C:\Users\Tom\Desktop\CKScanner.exe
2015-02-19 02:33 - 2015-02-19 02:33 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2015-02-19 02:33 - 2015-02-19 02:33 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2015-02-19 02:32 - 2015-02-19 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-18 22:37 - 2015-02-18 22:37 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\32029
2015-02-18 16:47 - 2015-02-18 16:47 - 00002159 _____ () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Diamond 10.7 Win7Vista Installation.lnk
2015-02-18 16:47 - 2015-02-18 16:47 - 00002135 _____ () C:\Users\Tom\Desktop\Diamond 10.7 Win7Vista Installation.lnk
2015-02-18 16:47 - 2015-02-18 16:47 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diamond 10.7 Win7Vista Installation
2015-02-18 16:47 - 2015-02-18 16:47 - 00000000 ____D () C:\Program Files (x86)\Diamond 10.7 Win7Vista Installation
2015-02-18 13:55 - 2015-02-19 09:32 - 00001279 _____ () C:\Windows\setupact.log
2015-02-18 13:55 - 2015-02-18 13:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-18 12:03 - 2015-02-19 09:53 - 00000000 ____D () C:\FRST
2015-02-18 00:05 - 2015-02-18 00:05 - 00509440 _____ (Tech Support Guy System) C:\Users\Tom\Downloads\SysInfo.exe
2015-02-17 23:38 - 2015-02-17 23:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-17 16:03 - 2015-02-17 22:36 - 00000000 ____D () C:\AdwCleaner
2015-02-17 15:47 - 2015-02-17 15:47 - 02112512 _____ () C:\Users\Tom\Downloads\AdwCleaner.exe
2015-02-17 12:50 - 2015-02-18 18:01 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForTom.job
2015-02-16 21:09 - 2015-02-17 20:42 - 00000000 ____D () C:\ProgramData\Acronis
2015-02-16 21:09 - 2015-02-16 21:09 - 01464096 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tdrpman.sys
2015-02-16 21:09 - 2015-02-16 21:09 - 01120032 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2015-02-16 21:09 - 2015-02-16 21:09 - 00367200 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys
2015-02-16 21:09 - 2015-02-16 21:09 - 00269600 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2015-02-16 21:09 - 2015-02-16 21:09 - 00183224 _____ (Acronis) C:\Windows\system32\Drivers\tib_mounter.sys
2015-02-16 21:09 - 2015-02-16 21:09 - 00161568 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vididr.sys
2015-02-16 21:09 - 2015-02-16 21:09 - 00117024 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vidsflt.sys
2015-02-16 21:09 - 2015-02-16 21:09 - 00116000 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2015-02-16 21:09 - 2015-02-16 21:09 - 00001219 _____ () C:\Users\Public\Desktop\Acronis True Image 2014.lnk
2015-02-16 18:04 - 2015-02-16 18:04 - 00000064 _____ () C:\Users\Tom\AppData\Local\994cffa945bdb0707e97c9bcaab38356
2015-02-16 15:59 - 2015-02-16 18:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\59F9300A.sys
2015-02-16 14:27 - 2015-02-16 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2015-02-16 14:27 - 2015-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\Acronis
2015-02-16 01:46 - 2015-02-16 01:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6A49234B.sys
2015-02-16 01:29 - 2015-02-16 01:29 - 00000000 ___RD () C:\Users\Tom\Sync
2015-02-15 23:54 - 2015-02-15 23:54 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\07E26A0A-0BFA-4152-9D3F-32525F7E6E64
2015-02-15 22:01 - 2015-02-15 22:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\79C77719.sys
2015-02-15 01:18 - 2015-02-15 01:18 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\16338
2015-02-12 23:06 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-12 23:06 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-12 23:06 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-12 23:06 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 14:01 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 14:01 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 14:01 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 14:01 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 04:16 - 2015-02-11 04:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\022F0F6C.sys
2015-02-10 21:11 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 21:11 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 21:11 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 21:11 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 21:11 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 21:11 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 21:11 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 21:11 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 21:11 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 21:11 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 21:11 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 21:11 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 21:11 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 21:11 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 21:11 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 21:11 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 21:11 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 21:11 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 21:11 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 21:11 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 21:11 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 21:11 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 21:11 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 21:11 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 21:11 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 21:11 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 21:11 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 21:11 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 21:11 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 21:11 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 21:11 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 21:11 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 21:11 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 21:11 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 21:11 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 21:11 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 21:11 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 21:11 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 21:11 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 21:11 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 21:10 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 21:10 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 21:10 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 21:10 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 21:10 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 21:10 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 21:10 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 21:10 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 21:10 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 21:10 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 21:10 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 21:10 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 21:10 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 21:10 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 21:10 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 21:10 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 21:10 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 21:10 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 21:10 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 21:10 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 21:10 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 21:10 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 21:10 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 21:10 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 21:10 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 21:10 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 21:10 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 21:10 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 21:10 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 21:10 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 21:10 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 21:10 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 21:10 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 21:10 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 21:10 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 21:10 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 21:10 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 21:10 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 21:10 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 21:10 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 21:10 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 21:10 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 21:10 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 21:10 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 21:10 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 21:10 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 21:10 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 21:10 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 21:10 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 21:10 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 21:10 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 21:10 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 21:10 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 21:10 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 21:10 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 21:10 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 21:10 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 21:10 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 21:10 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 21:10 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 21:10 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 21:10 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 21:10 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 21:10 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 21:09 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 21:09 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 21:09 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 21:09 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-05 23:27 - 2015-02-05 23:31 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-05 23:27 - 2015-02-05 23:27 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-05 23:27 - 2015-02-05 23:27 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-05 23:27 - 2015-02-05 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-05 22:31 - 2015-02-05 22:32 - 00149384 _____ () C:\Users\Tom\Documents\cc_20150205_223137.reg
2015-02-05 11:41 - 2015-02-05 11:41 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\3865
2015-01-31 12:46 - 2015-01-31 12:46 - 00000000 ____D () C:\Users\Tom\AppData\Local\Skype
2015-01-31 12:45 - 2015-01-31 12:45 - 00002727 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-31 12:45 - 2015-01-31 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-29 17:30 - 2015-02-19 03:17 - 00004942 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Tom-PC-Tom Tom-PC
2015-01-27 19:46 - 2015-01-27 19:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\576A4359.sys
2015-01-24 15:48 - 2015-01-24 15:48 - 00002039 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk
2015-01-24 15:47 - 2015-02-15 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2015-01-24 15:47 - 2015-01-24 15:47 - 00000000 ____D () C:\Program Files (x86)\PDF995
2015-01-24 15:47 - 2015-01-24 15:47 - 00000000 ____D () C:\Program Files (x86)\HRBlock2014
2015-01-22 21:18 - 2015-01-22 21:18 - 00003066 _____ () C:\Windows\System32\Tasks\{56D49925-4F9B-4486-81EF-637E67F37047}
2015-01-21 20:48 - 2015-01-21 20:48 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\7547
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-19 09:33 - 2013-05-24 23:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-19 09:32 - 2014-04-17 22:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-19 07:04 - 2014-05-17 08:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 03:38 - 2010-12-18 20:46 - 01844159 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 02:36 - 2013-07-26 22:29 - 00000499 _____ () C:\Users\Tom\Desktop\Regions Online Banking.website
2015-02-19 02:34 - 2013-03-29 20:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 02:32 - 2014-11-10 23:24 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-19 02:32 - 2012-06-05 20:37 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 02:32 - 2012-06-05 20:31 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-19 02:26 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-19 02:26 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-19 02:24 - 2009-07-14 00:13 - 00800226 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-19 02:19 - 2013-03-04 00:45 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-19 02:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-19 02:11 - 2013-02-22 18:09 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\uTorrent
2015-02-18 20:28 - 2012-08-14 15:15 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CC66B13F-6B8B-4DC5-B336-3B56F70127A2}
2015-02-18 18:03 - 2011-01-05 18:17 - 00000000 ____D () C:\Users\Tom\AppData\Local\CrashDumps
2015-02-18 17:40 - 2014-03-03 17:47 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTom
2015-02-18 13:55 - 2012-07-30 08:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-18 00:28 - 2014-08-09 23:55 - 00000000 ____D () C:\Users\Tom\Documents\My DVD Covers
2015-02-17 22:33 - 2014-04-20 22:42 - 00000000 ____D () C:\Users\Tom\Documents\My Saved Software
2015-02-17 15:38 - 2014-10-08 16:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-17 15:37 - 2010-12-18 18:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-17 15:35 - 2010-12-25 14:47 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-17 15:34 - 2012-04-25 14:31 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-02-17 12:58 - 2013-05-02 01:24 - 00177864 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-02-16 18:40 - 2011-12-10 18:38 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Azureus
2015-02-16 17:48 - 2014-07-21 16:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-16 15:07 - 2010-12-18 18:00 - 00000000 ____D () C:\Users\Tom
2015-02-16 14:19 - 2011-05-20 22:00 - 00000000 ___RD () C:\Users\Tom\Desktop\Unused Icons
2015-02-15 21:45 - 2011-01-09 19:58 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Hoyle
2015-02-15 02:48 - 2013-02-24 18:21 - 00000000 ____D () C:\temp
2015-02-15 01:37 - 2014-06-18 15:25 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 Non USA
2015-02-15 01:37 - 2014-06-12 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-02-14 21:55 - 2013-11-10 20:46 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-14 21:48 - 2014-10-17 08:59 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-14 21:48 - 2014-10-17 08:59 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-14 21:48 - 2014-10-17 08:59 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-14 21:48 - 2014-10-17 08:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-14 21:48 - 2014-10-17 08:58 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-13 00:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 03:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 18:21 - 2010-12-19 21:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-11 18:21 - 2010-12-19 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-02-11 18:19 - 2010-12-18 19:43 - 00000000 ____D () C:\ProgramData\EPSON
2015-02-11 03:43 - 2009-07-13 23:45 - 05005632 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 03:40 - 2014-12-10 03:38 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 03:40 - 2014-05-03 02:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 03:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 03:17 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 03:13 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:03 - 2010-12-20 03:47 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 10:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Cursors
2015-02-09 17:14 - 2013-11-08 21:23 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-09 07:59 - 2011-01-12 16:36 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype
2015-02-07 20:41 - 2010-12-18 22:54 - 00000000 ____D () C:\Users\Tom\AppData\Local\DVD Profiler
2015-02-05 23:37 - 2010-12-21 21:25 - 00000000 ____D () C:\Windows\pss
2015-02-05 15:32 - 2014-04-17 22:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 15:32 - 2014-04-17 22:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 15:32 - 2014-04-17 22:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 13:00 - 2014-06-10 10:37 - 00000000 ____D () C:\Users\Tom\AppData\Local\Deployment
2015-02-01 11:21 - 2013-01-20 16:33 - 00000000 ____D () C:\Users\Tom\Documents\HRBlock
2015-01-31 15:51 - 2011-01-10 14:41 - 00792348 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-31 12:46 - 2013-03-02 22:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-31 12:45 - 2011-01-12 16:36 - 00000000 ____D () C:\ProgramData\Skype
2015-01-24 16:17 - 2010-12-18 18:39 - 00116616 _____ () C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-24 15:49 - 2011-01-17 23:15 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\TaxCut
2015-01-24 15:44 - 2011-01-17 23:12 - 00000000 ____D () C:\ProgramData\TaxCut
2015-01-22 17:10 - 2014-11-07 16:51 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\VMware
==================== Files in the root of some directories =======
2010-12-18 19:02 - 2014-10-08 13:41 - 0038438 _____ () C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).ADR
2010-12-18 19:04 - 2014-10-08 13:30 - 0012970 _____ () C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).CAL
2010-12-18 19:03 - 2010-12-18 19:03 - 0009299 _____ () C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).EML
2014-07-20 23:56 - 2014-07-20 23:56 - 0001045 _____ () C:\Users\Tom\AppData\Roaming\decorde.dat
2012-06-08 21:39 - 2014-07-21 11:17 - 176687260 _____ () C:\Users\Tom\AppData\Roaming\hkey_local_machine.reg
2014-05-02 20:51 - 2014-05-02 20:51 - 0099384 _____ () C:\Users\Tom\AppData\Roaming\inst.exe
2014-05-20 11:41 - 2014-05-20 11:41 - 0000056 _____ () C:\Users\Tom\AppData\Roaming\mbam.context.scan
2014-05-02 20:51 - 2014-05-02 20:51 - 0007859 _____ () C:\Users\Tom\AppData\Roaming\pcouffin.cat
2014-05-02 20:51 - 2014-05-02 20:51 - 0001167 _____ () C:\Users\Tom\AppData\Roaming\pcouffin.inf
2014-05-02 20:51 - 2014-05-02 20:51 - 0000034 _____ () C:\Users\Tom\AppData\Roaming\pcouffin.log
2014-05-02 20:51 - 2014-05-02 20:51 - 0082816 _____ (VSO Software) C:\Users\Tom\AppData\Roaming\pcouffin.sys
2013-02-02 14:06 - 2013-02-02 14:06 - 22706384 _____ (Pixbyte Development SL) C:\Users\Tom\AppData\Roaming\RangerSetup.exe
2015-02-16 18:04 - 2015-02-16 18:04 - 0000064 _____ () C:\Users\Tom\AppData\Local\994cffa945bdb0707e97c9bcaab38356
2012-01-13 22:32 - 2012-01-13 22:32 - 0017920 _____ () C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-04 21:27 - 2013-01-06 12:22 - 0007608 _____ () C:\Users\Tom\AppData\Local\resmon.resmoncfg
2010-12-18 22:00 - 2014-04-13 19:28 - 0000081 ___SH () C:\ProgramData\.zreglib
2011-01-12 16:37 - 2011-01-12 16:37 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Files to move or delete:
====================
C:\Users\Tom\en_res.dll
C:\Users\Tom\es_res.dll
C:\Users\Tom\fr_res.dll
C:\Users\Tom\grm_res.dll
C:\Users\Tom\it_res.dll
C:\Users\Tom\jp_res.dll
C:\Users\Tom\mfc80u.dll
C:\Users\Tom\msvcr80.dll
C:\Users\Tom\PCPE Setup.exe
C:\Users\Tom\pt_res.dll
C:\Users\Tom\ru_res.dll
C:\Users\Tom\zh_res.dll
Some content of TEMP:
====================
C:\Users\Tom\AppData\Local\Temp\Quarantine.exe
C:\Users\Tom\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 00:34
==================== End Of Log ============================
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\blue-cloner.exe
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\readme.txt
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from divxhunt.me.txt
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from 1337x.org.txt
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from ahashare.com.txt
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from digtorrent.org.txt
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from flashtorrents.org.txt
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from h33t.to.txt
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from kickass.to.txt
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from thepiratebay.sx.txt
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\torrent downloaded from torreviver torrents at bts.to.txt
c:\users\tom\documents\my saved software\blue-cloner 4.60 build 616+crack-cerberus\crack\bdcloner.exe
c:\users\tom\documents\my saved software\cyberlink powerdvd 12.0.1905.56 ultra (eng-rus) cracked [chingliu]\cyberlink_powerdvd_ultra_12.0.1905.exe
c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\chingliu.install.notes.nfo
c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\cyberlink_powerdvd14_ultra_dvd130813-01.exe
c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\how to open nfo files.txt
c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\cracks\activate.exe
c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\cracks\activate_x64.reg
c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\cracks\activate_x86.reg
c:\users\tom\documents\my saved software\cyberlink powerdvd ultra 14.0.3917.58 (crack kindly) [chingliu]\cracks\powerdvd.sim
c:\windows\autokms\autokms.exe
scanner sequence 3.ZZ.11.FDNAMZ
----- EOF -----