1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hard drive fills up on its own

Discussion in 'Virus & Other Malware Removal' started by ksfiddler, May 24, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. ksfiddler

    ksfiddler Thread Starter

    Joined:
    May 24, 2015
    Messages:
    15
    My hard drive fills up without my adding anything to it. I have deleted everything I can think that would be large, but still my C drive is almost full. Every time i delete stuff, the next day it has begun to fill it back up, to the tune of a gig per day or more. Please help! This is a fairly new PC.
    Thanks

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz, Intel64 Family 6 Model 60 Stepping 3
    Processor Count: 4
    RAM: 16265 Mb
    Graphics Card: Intel(R) HD Graphics 4600, -1984 Mb
    Hard Drives: C: Total - 462008 MB, Free - 72054 MB; D: Total - 11851 MB, Free - 1302 MB; E: Total - 2040 MB, Free - 2017 MB;
    Motherboard: Hewlett-Packard, 1942
    Antivirus: Microsoft Security Essentials, Updated and Enabled
     
  2. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello ksfiddler,

    Please download Farbar Recovery Scan Tool from here and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called (FRST.txt) in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.
     
  3. ksfiddler

    ksfiddler Thread Starter

    Joined:
    May 24, 2015
    Messages:
    15
    Thank you for your prompt reply! Here are the results:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
    Ran by Matthew (administrator) on MATTHEW-HP on 25-05-2015 16:27:12
    Running from C:\Users\Matthew\Desktop
    Loaded Profiles: Matthew (Available Profiles: Matthew)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (CryptoMill Technologies Ltd.) C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Windows\System32\LogonUI.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (FSPro Labs) C:\My Programs\MyLockbox\My Lockbox\mylbx.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Wondershare) C:\My Programs\video converter\Wondershare\Player\WSPlayer.exe
    (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    () C:\My Programs\video converter\Wondershare\Player\WsTaskLoad.exe
    (Dropbox, Inc.) C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunes.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-07-04] (IDT, Inc.)
    HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [147160 2013-08-02] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [mylbx] => C:\My Programs\MyLockbox\My Lockbox\mylbx.exe [2308872 2014-04-14] (FSPro Labs)
    HKLM\...\Run: [CryptoMill Refresh] => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-08-15] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] (Qualcomm®Atheros®)
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Run: [Dropbox Update] => C:\Users\Matthew\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-15] (Dropbox, Inc.)
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\MountPoints2: {c5a999fa-0547-11e4-8751-b8ee655403ce} - G:\TL-Bootstrap.exe
    AppInit_DLLs: Files Files => Files Files File not found
    AppInit_DLLs-x32: c:\program files c:\program files c:\program files c:\program files c:\program files => "c:\program files c:\program files c:\program files c:\program files c:\program files" File not found
    Lsa: [Notification Packages] DPPassFilter scecli
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-21]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-06]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-08-22] (CryptoMill Technologies Ltd.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-08-22] (CryptoMill Technologies Ltd.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-23] (Dropbox, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/1
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/1
    URLSearchHook: [S-1-5-21-2252185676-2155325459-2988092858-1001] ATTENTION ==> Default URLSearchHook is missing
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-20] (DVDVideoSoft Ltd.)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.10.106\McAfeeMSS_IE.dll [2014-11-04] (McAfee, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-22] (DVDVideoSoft Ltd.)
    Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File
    Tcpip\Parameters: [DhcpNameServer] 64.250.48.6 64.250.48.10

    FireFox:
    ========
    FF ProfilePath: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\cpjtb539.default
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2252185676-2155325459-2988092858-1001: @client.dropbox.com/Dropbox Update;version=3 -> C:\Users\Matthew\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-15] (Dropbox, Inc.)
    FF Plugin HKU\S-1-5-21-2252185676-2155325459-2988092858-1001: @client.dropbox.com/Dropbox Update;version=9 -> C:\Users\Matthew\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-15] (Dropbox, Inc.)
    FF user.js: detected! => C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\cpjtb539.default\user.js [2015-02-01]
    FF Extension: EPUBReader - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\cpjtb539.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-03-26]
    FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-04-01]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
    FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-05-09]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
    FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2014-06-15]
    FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\My Programs\video converter\Wondershare\Video Converter Free\SVRFirefoxExt
    FF Extension: Wondershare Video Converter Ultimate - C:\My Programs\video converter\Wondershare\Video Converter Free\SVRFirefoxExt [2014-08-06]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Player\[email protected]
    FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\[email protected] [2014-08-06]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
    FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014-09-19]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014-09-19]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014-09-19]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014-09-19]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014-09-19]
    FF HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\My Programs\video converter\Wondershare\Video Converter Free\SVRFirefoxExt
    FF HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
    FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-13]
    FF HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-10-27]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-12]
    CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-12]
    CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-12]
    CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-12]
    CHR Extension: (Readium) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-08-09]
    CHR Extension: (Bookmark Manager DEV) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
    CHR Extension: (Google Play Books) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-05-03]
    CHR Extension: (Google Wallet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-12]
    CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-12]
    CHR HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider) []
    R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
    R2 CreoService; C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [1366488 2013-08-22] (CryptoMill Technologies Ltd.)
    R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-07] () []
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-07-15] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-07-15] (CyberLink)
    R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
    R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-08-05] (DigitalPersona, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-08] (Hewlett-Packard Company) []
    R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) []
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-26] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.10.106\McCHSvc.exe [289256 2014-11-04] (McAfee, Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2013-07-04] (IDT, Inc.) []
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) []

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
    R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
    R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-04] (FSPro Labs)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-30] (Intel Corporation)
    R3 IceKore; C:\Windows\System32\DRIVERS\IceKore.sys [397784 2013-08-19] (CryptoMill Technologies Inc.)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
    R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-09] (Kaspersky Lab ZAO)
    R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-09] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
    S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2013-06-28] (Atheros)
    R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2013-07-16] (WinMagic Inc.)
    S3 PRESONUS_AUDIOBOX_MIDI; C:\Windows\System32\drivers\psabusbm.sys [37496 2014-06-14] (Ploytec GmbH)
    S3 PRESONUS_AUDIOBOX_USB; C:\Windows\System32\Drivers\psabusbu.sys [462968 2014-06-14] (Ploytec GmbH)
    S3 PRESONUS_AUDIOBOX_WDM; C:\Windows\System32\drivers\psabusba.sys [50808 2014-06-14] (Ploytec GmbH)
    S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [476888 2014-08-15] (Realsil Semiconductor Corporation)
    R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8873688 2013-08-02] (Realtek Semiconductor Corp.)
    R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2013-07-16] (WinMagic Inc.)
    R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2013-07-16] (WinMagic Inc.)
    S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-19] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [34544 2013-08-19] (Synaptics Incorporated)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-25 16:27 - 2015-05-25 16:27 - 00028990 _____ () C:\Users\Matthew\Desktop\FRST.txt
    2015-05-25 16:26 - 2015-05-25 16:27 - 00000000 ____D () C:\FRST
    2015-05-25 16:25 - 2015-05-25 16:25 - 02108928 _____ (Farbar) C:\Users\Matthew\Desktop\FRST64.exe
    2015-05-24 18:26 - 2015-05-24 18:26 - 00509440 _____ (Tech Support Guy System) C:\Users\Matthew\Downloads\SysInfo.exe
    2015-05-23 17:30 - 2015-05-23 17:30 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-05-18 18:35 - 2015-05-18 18:35 - 04978664 _____ (Hewlett-Packard Company ) C:\Users\Matthew\Downloads\sp70648-BCU_Repair_Utility.exe
    2015-05-17 19:39 - 2015-05-17 19:41 - 29179779 _____ () C:\Users\Matthew\Downloads\'It Is Well With My Soul' By The Issacs (FULL).wmv
    2015-05-16 16:01 - 2015-05-16 16:01 - 00000173 _____ () C:\Users\Matthew\Desktop\Shopping.url
    2015-05-16 10:39 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-16 10:39 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-15 05:11 - 2015-05-25 16:16 - 00000926 _____ () C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001UA.job
    2015-05-15 05:11 - 2015-05-25 09:57 - 00000874 _____ () C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001Core.job
    2015-05-15 05:11 - 2015-05-15 05:11 - 00003900 _____ () C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001UA
    2015-05-15 05:11 - 2015-05-15 05:11 - 00003504 _____ () C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001Core
    2015-05-15 05:11 - 2015-05-15 05:11 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Dropbox
    2015-05-15 05:11 - 2015-05-15 05:11 - 00000000 ____D () C:\ProgramData\Dropbox
    2015-05-12 19:19 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-05-12 19:19 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-05-12 19:19 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-12 19:19 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-05-12 19:19 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-05-12 19:19 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-05-12 19:19 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-12 19:19 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-12 19:19 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-05-12 19:19 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-12 19:19 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-05-12 19:19 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-05-12 19:19 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-05-12 19:19 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-12 19:19 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-12 19:19 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-05-12 19:19 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-05-12 19:19 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-05-12 19:19 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-12 19:19 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-05-12 19:19 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-05-12 19:19 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-12 19:19 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-05-12 19:19 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-05-12 19:19 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-12 19:19 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-05-12 19:19 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-05-12 19:19 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-12 19:19 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-05-12 19:19 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-12 19:19 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-05-12 19:19 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-12 19:19 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-12 19:19 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-05-12 19:19 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-05-12 19:19 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-05-12 19:19 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-12 19:19 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-05-12 19:19 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-05-12 19:19 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-12 19:19 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-05-12 19:19 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-05-12 19:19 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-05-12 19:19 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-12 19:19 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-05-12 19:19 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-12 19:19 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-05-12 19:19 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-12 19:19 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-12 19:19 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-12 19:19 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-12 19:19 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-12 19:19 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-12 19:19 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-05-12 19:19 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-12 19:19 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-12 19:19 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-05-12 19:19 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-12 19:19 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-12 19:19 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-05-12 19:09 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-12 19:09 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-12 19:09 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-12 19:09 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-05-12 19:05 - 2015-04-27 14:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-05-12 19:05 - 2015-04-27 14:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-05-12 19:05 - 2015-04-27 14:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-05-12 19:05 - 2015-04-27 14:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-05-12 19:05 - 2015-04-27 14:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-05-12 19:05 - 2015-04-27 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-05-12 19:05 - 2015-04-27 14:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-05-12 19:05 - 2015-04-27 14:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-05-12 19:05 - 2015-04-27 14:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-05-12 19:05 - 2015-04-27 14:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-05-12 19:05 - 2015-04-27 14:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-05-12 19:05 - 2015-04-27 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-05-12 19:05 - 2015-04-27 14:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-05-12 19:05 - 2015-04-27 14:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-05-12 19:05 - 2015-04-27 14:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-05-12 19:05 - 2015-04-27 14:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-05-12 19:05 - 2015-04-27 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-05-12 19:05 - 2015-04-27 14:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-05-12 19:05 - 2015-04-27 14:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-05-12 19:05 - 2015-04-27 14:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-05-12 19:05 - 2015-04-27 13:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-05-12 19:05 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-12 19:04 - 2015-04-27 14:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-05-12 19:04 - 2015-04-27 14:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-05-12 19:04 - 2015-04-27 14:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-05-12 19:04 - 2015-04-27 14:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-05-12 19:04 - 2015-04-27 14:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-05-12 19:04 - 2015-04-27 14:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-05-12 19:04 - 2015-04-27 14:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-05-12 19:04 - 2015-04-27 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-05-12 19:04 - 2015-04-27 14:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-05-12 19:04 - 2015-04-27 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-05-12 19:04 - 2015-04-27 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-05-12 19:04 - 2015-04-27 14:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-05-12 19:04 - 2015-04-27 14:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 12:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-05-12 19:04 - 2015-04-27 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-05-12 19:04 - 2015-04-27 12:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 12:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-12 19:04 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-12 19:04 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-12 19:04 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-12 19:04 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-05-12 19:04 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-05-12 19:04 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-05-12 19:04 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-05-12 19:04 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-05-12 19:01 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-05-12 19:01 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-05-12 19:01 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-05-12 19:01 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-05-12 19:01 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-05-12 19:01 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-05-12 19:01 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-05-12 19:01 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-05-12 19:01 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-25 16:25 - 2014-06-11 10:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-05-25 16:25 - 2014-03-18 02:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-05-25 16:25 - 2014-03-18 02:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-25 15:53 - 2014-06-12 09:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-25 15:42 - 2014-06-11 09:14 - 01282242 _____ () C:\Windows\WindowsUpdate.log
    2015-05-25 14:54 - 2009-07-14 00:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-25 09:53 - 2014-06-12 09:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-25 09:48 - 2014-06-12 09:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-05-25 09:48 - 2014-06-12 09:28 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-23 17:31 - 2014-06-15 18:34 - 00000000 ___RD () C:\Users\Matthew\Dropbox
    2015-05-23 17:31 - 2014-06-15 18:11 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Dropbox
    2015-05-23 10:46 - 2009-07-13 23:45 - 00026816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-23 10:46 - 2009-07-13 23:45 - 00026816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-23 10:31 - 2014-06-22 10:22 - 00000000 ____D () C:\Users\Matthew\AppData\Local\CrashDumps
    2015-05-22 20:19 - 2009-07-13 23:51 - 00098406 _____ () C:\Windows\setupact.log
    2015-05-22 20:01 - 2015-01-08 21:07 - 00000000 _____ () C:\Users\Matthew\Desktop\blank (2).txt
    2015-05-21 05:20 - 2015-04-05 15:17 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-05-21 05:20 - 2015-04-05 15:17 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-05-20 06:13 - 2014-03-18 02:59 - 00000000 ____D () C:\ProgramData\PDFC
    2015-05-18 18:39 - 2014-06-15 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-05-18 18:39 - 2014-03-18 02:56 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
    2015-05-18 18:38 - 2011-02-11 11:32 - 00000000 ____D () C:\SWSETUP
    2015-05-17 20:09 - 2014-07-07 20:18 - 00000193 _____ () C:\Users\Matthew\AppData\Roaming\default.rss
    2015-05-17 20:02 - 2014-08-06 22:04 - 00000000 ____D () C:\ProgramData\Wondershare Player
    2015-05-16 17:14 - 2014-12-20 18:43 - 00000000 _____ () C:\Users\Matthew\Desktop\New Text Document.txt
    2015-05-16 14:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-05-16 13:14 - 2014-09-07 19:38 - 00000000 ___RD () C:\Users\Matthew\Google Drive
    2015-05-16 13:11 - 2014-05-09 06:43 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.log
    2015-05-16 13:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-16 13:10 - 2014-06-18 06:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-05-16 13:10 - 2009-07-13 23:45 - 00443856 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-16 13:08 - 2014-05-09 06:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-16 13:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
    2015-05-16 10:59 - 2014-07-07 22:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-05-16 10:57 - 2014-10-22 06:04 - 00002144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-05-16 10:57 - 2014-03-18 02:59 - 00002154 _____ () C:\Windows\epplauncher.mif
    2015-05-16 10:56 - 2014-10-22 06:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2015-05-16 10:56 - 2014-03-18 02:59 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-05-16 10:54 - 2014-06-14 04:49 - 00000000 ____D () C:\Windows\system32\MRT
    2015-05-16 10:45 - 2014-06-14 04:49 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-05-16 10:39 - 2014-06-18 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-05-16 10:37 - 2014-06-18 06:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-05-08 23:10 - 2014-09-07 19:35 - 00002065 _____ () C:\Users\Public\Desktop\Google Slides.lnk
    2015-05-08 23:10 - 2014-09-07 19:35 - 00002063 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
    2015-05-08 23:10 - 2014-09-07 19:35 - 00002053 _____ () C:\Users\Public\Desktop\Google Docs.lnk
    2015-05-08 23:10 - 2014-09-07 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-05-08 21:25 - 2014-05-09 06:43 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.001
    2015-05-06 05:37 - 2014-06-15 18:34 - 00001033 _____ () C:\Users\Matthew\Desktop\Dropbox.lnk
    2015-05-03 19:21 - 2015-02-24 20:18 - 00010581 _____ () C:\Users\Matthew\Desktop\software_removal_tool.log
    2015-05-03 07:45 - 2015-01-21 20:07 - 00000000 ____D () C:\ProgramData\hnpofgpbbdpjglndokpgfdlnjgailggd
    2015-05-02 10:06 - 2014-05-09 06:43 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.002
    2015-04-25 19:02 - 2014-05-09 06:43 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.003
    2015-04-25 19:01 - 2014-08-25 07:26 - 00000000 ____D () C:\Windows\Minidump
    2015-04-25 19:00 - 2014-06-12 02:10 - 00370010 ____N () C:\Windows\Minidump\042515-126407-01.dmp

    ==================== Files in the root of some directories =======

    2014-07-07 20:18 - 2015-05-17 20:09 - 0000193 _____ () C:\Users\Matthew\AppData\Roaming\default.rss
    2014-06-15 17:43 - 2014-06-15 17:43 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-04-05 16:33 - 2015-04-05 19:28 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    Some files in TEMP:
    ====================
    C:\Users\Matthew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfpdznh.dll
    C:\Users\Matthew\AppData\Local\Temp\Extract.exe
    C:\Users\Matthew\AppData\Local\Temp\FreeStudio.exe
    C:\Users\Matthew\AppData\Local\Temp\ICReinstall_FlvPlayerSetup.exe
    C:\Users\Matthew\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
    C:\Users\Matthew\AppData\Local\Temp\optprosetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-16 13:53

    ==================== End of log ============================
     
  4. ksfiddler

    ksfiddler Thread Starter

    Joined:
    May 24, 2015
    Messages:
    15
    And the Addition results:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
    Ran by Matthew at 2015-05-25 16:28:30
    Running from C:\Users\Matthew\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2252185676-2155325459-2988092858-500 - Administrator - Disabled)
    Guest (S-1-5-21-2252185676-2155325459-2988092858-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2252185676-2155325459-2988092858-1003 - Limited - Enabled)
    Matthew (S-1-5-21-2252185676-2155325459-2988092858-1001 - Administrator - Enabled) => C:\Users\Matthew

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
    AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
    Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
    Amazon Kindle (HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Amazon Kindle) (Version: - Amazon)
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    AudioBox USB driver (HKLM\...\USB_AUDIO_DEusb-audio.depresonusAudioBoxUSB) (Version: - )
    B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: 1.5.86.4889 - Catalina Group Ltd)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2921 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3115 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.4224 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    dBpowerAMP Music Converter (HKLM-x32\...\dBpowerAMP Music Converter) (Version: - )
    dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 8 - Illustrate)
    dBpowerAMP WMA V9.1 Codec (HKLM-x32\...\dBpowerAMP WMA V9.1 Codec) (Version: - )
    DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
    Dropbox (HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Dropbox) (Version: 3.6.3 - Dropbox, Inc.)
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    Free M4a to MP3 Converter 5.9 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
    Free MP3 Tag Editor (HKLM-x32\...\{6FBFD000-6B64-4378-8AB5-2B7D97841AF0}) (Version: 1.0.0 - Media Freeware)
    Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 1.80 - Philipp Winterberg)
    Free Studio version 6.4.0.1122 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
    Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Gorilla 2 (HKLM-x32\...\Gorilla 2) (Version: - )
    Hewlett-Packard ACLM.NET v1.2.2.2 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{84663FDA-1374-4048-9869-DD4A8784785A}) (Version: 6.0.16.1 - Hewlett-Packard Company)
    HP BIOS Configuration Utility (HKLM-x32\...\{36FCBBEE-7BCE-4603-A4F5-56E73C43C820}) (Version: 4.0.11.1 - Hewlett-Packard Company)
    HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.2.0.1663 - Hewlett-Packard Company)
    HP Connection Manager (HKLM-x32\...\{7ED7BF91-D145-480A-B206-6891576F6935}) (Version: 4.6.12.1 - Hewlett-Packard Company)
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
    HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Documentation (HKLM-x32\...\{7940DAB9-AC72-4422-8908-DCF58C2C1D21}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.1.160 - Hewlett-Packard Company)
    HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
    HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.11.1 - Hewlett-Packard Company)
    HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
    HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company)
    HP PageLift (HKLM-x32\...\{708ABF62-5D7A-4550-823A-1F9EFA63645A}) (Version: 1.0.11.1 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
    HP SoftPaq Download Manager (HKLM-x32\...\{5C2D96B7-0468-4450-8BD9-63AB796D72CF}) (Version: 3.4.11.0 - Hewlett-Packard Company)
    HP Software Setup (HKLM-x32\...\{7EF08127-4C30-4C05-8CEB-544F8A71C080}) (Version: 8.7.1.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{A3B64280-DE4C-40F0-86BB-CCB2A6056BA2}) (Version: 7.3.32.6 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
    HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
    HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.2.0.9 - Hewlett-Packard Company)
    HP Trust Circles (HKLM-x32\...\HP Trust Circles) (Version: 8.2.15.16418 - CryptoMill Technologies)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
    ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3324 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
    Know Your Bible 2001 (HKLM-x32\...\Know Your Bible 2001) (Version: 3.00.3004 - Heavenly Software)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.10.106.1 - McAfee, Inc.)
    Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
    Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MuseScore 1.2 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.2.0 - Werner Schweer and Others)
    My Lockbox 3.2.1 (HKLM\...\My Lockbox_is1) (Version: 3.2.1 - )
    Nero 9 (HKLM-x32\...\{6dc79af8-ae41-4ffa-bb3d-8fbd68390586}) (Version: - Nero AG)
    Ogg Vorbis SSE2 (HKLM-x32\...\Ogg Vorbis SSE2) (Version: - )
    OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
    PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
    PreSonus Studio One x64 (HKLM\...\PreSonus Studio One) (Version: 1.6.4.14644 - PreSonus Audio Electronics)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype&#8482; 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SoundTrax (x32 Version: 4.4.37.1 - Nero AG) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
    TagScanner 5.1.649 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
    TaxACT 2014 - 1040 Edition (HKLM-x32\...\TaxACT 2014 - 1040 Edition) (Version: 1.06 - TaxACT, Inc.)
    TaxACT 2014 Kansas (HKLM-x32\...\TaxACT 2014 Kansas) (Version: 1.0 - TaxACT, Inc.)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Wondershare Player(Build 1.6.0) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.6.0.3 - Wondershare)
    Wondershare Video Converter Free(Build 6.5.1.0) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.5.1.0 - Wondershare Software)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    24-05-2015 15:26:08 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1957FB7A-79F4-4125-86D4-333D77A0CE00} - System32\Tasks\{C0DC9C06-7C55-416F-85D1-F20601D1BD26} => pcalua.exe -a C:\Users\Matthew\Downloads\wlsetup-web.exe -d C:\Users\Matthew\Downloads
    Task: {1C8CA606-64EC-41E7-9A35-2A3AF0879A66} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
    Task: {3100EFE8-AC1B-4258-A8A7-758C9F781145} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
    Task: {3731E708-63CD-424C-BF6B-AC4E8D1320D2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {4197122F-9E55-4E73-A87F-1C1A715ABA91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {4B23AE01-8B6C-4EB0-972A-C71757339CA8} - System32\Tasks\{9387888D-84E4-4B4A-A099-F100EAACEAEF} => pcalua.exe -a C:\Users\Matthew\Downloads\sp64284.exe -d C:\Users\Matthew\Downloads
    Task: {4FC9FE00-31ED-48D1-BF88-E04CBD13947E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-08] (Hewlett-Packard Company)
    Task: {68DB6D62-FCEB-421C-B048-01EEE56B0AC5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001Core => C:\Users\Matthew\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)
    Task: {73FFCA2D-5688-4DCD-9836-B90BCC27E75F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18] (Adobe Systems Incorporated)
    Task: {75778042-FE0D-4125-829C-9BF6C692F754} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
    Task: {92587215-70D1-4C58-B472-1343B07EB771} - System32\Tasks\{A9CCA6B3-FBF8-45F9-A072-7D9E7DB2D50C} => pcalua.exe -a C:\Users\Matthew\Downloads\wlsetup-web.exe -d C:\Users\Matthew\Downloads
    Task: {C402AE26-7ACE-4038-9411-8F44852756F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-08] (Hewlett-Packard Company)
    Task: {EFD31499-528C-427D-89FF-E05813D35A3B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001UA => C:\Users\Matthew\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001Core.job => C:\Users\Matthew\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001UA.job => C:\Users\Matthew\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-05-22 15:21 - 2013-05-22 15:21 - 00299832 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-08-07 17:02 - 2013-08-07 17:02 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
    2011-06-08 16:57 - 2011-06-08 16:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
    2014-08-06 22:04 - 2013-07-30 19:16 - 00941992 _____ () C:\Windows\SysWOW64\WPShellExt64.dll
    2014-08-06 22:02 - 2013-03-25 12:57 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
    2013-08-07 16:01 - 2013-08-07 16:01 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
    2013-06-28 08:00 - 2013-06-28 08:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
    2013-06-28 08:08 - 2013-06-28 08:08 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
    2014-08-06 22:04 - 2013-05-02 18:01 - 02217248 _____ () C:\My Programs\video converter\Wondershare\Player\WsTaskLoad.exe
    2015-02-13 05:20 - 2015-02-13 05:20 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    2014-03-06 17:00 - 2014-03-06 17:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll
    2015-05-16 13:13 - 2015-05-16 13:13 - 00098816 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32api.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00110080 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\pywintypes27.dll
    2015-05-16 13:13 - 2015-05-16 13:13 - 00364544 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\pythoncom27.dll
    2015-05-16 13:13 - 2015-05-16 13:13 - 00045568 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\_socket.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 01161216 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\_ssl.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00320512 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32com.shell.shell.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00713216 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\_hashlib.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 01175040 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\wx._core_.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00805888 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\wx._gdi_.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00811008 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\wx._windows_.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 01062400 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\wx._controls_.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00735232 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\wx._misc_.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00682496 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\pysqlite2._sqlite.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00128512 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\_elementtree.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00127488 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\pyexpat.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00087552 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\_ctypes.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00119808 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32file.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00108544 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32security.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00007168 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\hashobjs_ext.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00017408 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\usb_ext.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00167936 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32gui.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00018432 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32event.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00013824 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\common.time34.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00036864 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\_psutil_windows.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00038912 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32inet.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00011264 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32crypt.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00070656 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\wx._html2.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00027136 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\_multiprocessing.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00020480 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\_yappi.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00035840 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32process.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00686080 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\unicodedata.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00122368 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\wx._wizard.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00024064 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32pipe.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00010240 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\select.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00025600 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32pdh.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00525640 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\windows._lib_cacheinvalidation.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00017408 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32profile.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00022528 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\win32ts.pyd
    2015-05-16 13:13 - 2015-05-16 13:13 - 00078336 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI52362\wx._animate.pyd
    2013-06-05 13:35 - 2013-06-05 13:35 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
    2014-05-09 06:20 - 2013-07-26 00:24 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00203776 _____ () C:\My Programs\video converter\Wondershare\Player\WS_Log.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00060416 _____ () C:\My Programs\video converter\Wondershare\Player\COMSupport.dll
    2014-08-06 22:04 - 2013-04-26 13:14 - 00187904 _____ () C:\My Programs\video converter\Wondershare\Player\WS_MutFileInfo.dll
    2014-08-06 22:04 - 2013-04-23 15:26 - 00057344 _____ () C:\My Programs\video converter\Wondershare\Player\HardWareFilter.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00077824 _____ () C:\My Programs\video converter\Wondershare\Player\WsSimplePlayer.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00275968 _____ () C:\My Programs\video converter\Wondershare\Player\DVDPlayer.dll
    2014-08-06 22:04 - 2013-09-25 16:54 - 00125952 _____ () C:\My Programs\video converter\Wondershare\Player\ComLoad.dll
    2014-08-06 22:04 - 2013-09-25 16:54 - 06755840 _____ () C:\My Programs\video converter\Wondershare\Player\WS_ImageProc.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00257024 _____ () C:\My Programs\video converter\Wondershare\Player\MediaDecoderMgr.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00065024 _____ () C:\My Programs\video converter\Wondershare\Player\MediaInfo.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 01837056 _____ () C:\My Programs\video converter\Wondershare\Player\WS_Image.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00060416 _____ () C:\My Programs\video converter\Wondershare\Player\WS_Utility.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00096768 _____ () C:\My Programs\video converter\Wondershare\Player\MPDECSrc.dll
    2014-08-06 22:04 - 2013-09-24 19:11 - 04788736 _____ () C:\My Programs\video converter\Wondershare\Player\libMPKernal.dll
    2014-08-06 22:04 - 2013-09-24 19:11 - 13924321 _____ () C:\My Programs\video converter\Wondershare\Player\kernaldec.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00115200 _____ () C:\My Programs\video converter\Wondershare\Player\DVD_DEC.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00276480 _____ () C:\My Programs\video converter\Wondershare\Player\DVDReader.dll
    2014-08-06 22:04 - 2013-09-25 16:54 - 00050688 _____ () C:\My Programs\video converter\Wondershare\Player\DecoderMgr.dll
    2014-08-06 22:04 - 2013-04-23 15:26 - 00216064 _____ () C:\My Programs\video converter\Wondershare\Player\WS_VideoSrc.dll
    2014-08-06 22:04 - 2013-09-25 16:54 - 00155648 _____ () C:\My Programs\video converter\Wondershare\Player\PlayControl.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00125952 _____ () C:\My Programs\video converter\Wondershare\Player\ImageDec.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00512512 _____ () C:\My Programs\video converter\Wondershare\Player\WS_Text.dll
    2014-08-06 22:04 - 2013-09-25 16:54 - 00091648 _____ () C:\My Programs\video converter\Wondershare\Player\StreamPlayer.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 10073600 _____ () C:\My Programs\video converter\Wondershare\Player\WSPlayerPro.dll
    2014-08-06 22:04 - 2013-07-26 16:22 - 00192512 _____ () C:\My Programs\video converter\Wondershare\Player\D3DVideoRender.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 02229248 _____ () C:\My Programs\video converter\Wondershare\Player\WS_MediaInfoLib.dll
    2014-08-06 22:04 - 2013-09-25 16:54 - 00081920 _____ () C:\My Programs\video converter\Wondershare\Player\VideoAdjust.dll
    2014-08-06 22:04 - 2013-09-25 16:54 - 00194048 _____ () C:\My Programs\video converter\Wondershare\Player\WS_ImageDataprocess.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00098816 _____ () C:\My Programs\video converter\Wondershare\Player\WS_SubPicCompositor.dll
    2014-08-06 22:04 - 2013-09-25 16:54 - 00281600 _____ () C:\My Programs\video converter\Wondershare\Player\WS_DataProcess.dll
    2014-08-06 22:04 - 2013-09-25 16:55 - 00096256 _____ () C:\My Programs\video converter\Wondershare\Player\WS_AudioCompositor.dll
    2014-08-06 22:04 - 2013-07-24 11:24 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2015-05-23 17:31 - 2015-05-23 17:31 - 00043008 _____ () c:\users\matthew\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfpdznh.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00750080 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00047616 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00865280 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00200704 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00010240 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00726016 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00010240 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
    2015-05-22 19:42 - 2015-05-13 11:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
    2015-05-22 19:42 - 2015-05-13 11:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
    2013-09-05 02:14 - 2013-09-05 02:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
    2014-03-31 23:35 - 2014-03-31 23:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-04-23 18:05 - 2014-04-23 18:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-05-22 19:42 - 2015-05-13 11:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Matthew\Documents\Grace Website:com.dropbox.attributes

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\com -> hxxp://*.Wondershare.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 64.250.48.6 - 64.250.48.10

    ==================== MSCONFIG/TASK MANAGER Error getting ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: AccelerometerSysTrayApplet => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
    MSCONFIG\startupreg: BrowserPlugInHelper => C:\My Programs\video converter\Wondershare\Video Converter Free\BrowserPlugInHelper.exe
    MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
    MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
    MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Player\DelayPluginI.exe
    MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: WinampAgent => "C:\My Programs\Winamp\winampa.exe"
    MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
    MSCONFIG\startupreg: YouCam Tray => "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{10962329-4628-4F2E-8DDF-14E506649F68}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{B4B1E54A-9943-447C-B0AB-1C55F8EEC2B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B33111A2-48ED-4EAF-A725-CBAE64B6706A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B8CCCF1F-32C6-4867-8253-5203C4E455AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{ED47C0E9-5CCF-4556-9433-32A34A93672A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{2C3EA8F9-C1F1-470D-920B-36EA39C8EB0C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{35552276-B5FA-465F-9E49-6E18A424D792}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{72C76EFB-A8FB-4325-A9AB-466DDAC0CAA5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{78AC9436-EC03-4BBD-AC65-C7595D529720}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{6702BFE6-A8A0-4303-8FB5-E2A33ED64401}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{A1E24630-0A58-4B9C-A5FE-8E9F5042F5C0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{4F8DB2B5-5F9A-4DA0-8BEE-6AC89BA2C026}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{ADD957A9-6E24-4BD3-B4CF-4C3EC019EA94}] => (Allow) LPort=2869
    FirewallRules: [{F7A0FC9D-0B82-4F0C-B469-D7771ECB78A7}] => (Allow) LPort=1900
    FirewallRules: [{CB0255DF-E140-4A08-A597-18D4E0253B89}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
    FirewallRules: [{8D879E79-59B3-42E0-A573-22885B530D5D}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{FFE80044-ABC0-43BD-B8E8-71817D5A0C49}] => (Allow) C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{1960487E-5CFF-43D3-90FC-5BF9455FEF20}] => (Allow) C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{7CF24676-F084-406D-8BEA-946D698F997D}] => (Allow) C:\My Programs\Winamp\winamp.exe
    FirewallRules: [{0312A415-9BC4-41B3-93D8-4928A60B9402}] => (Allow) C:\My Programs\Winamp\winamp.exe
    FirewallRules: [TCP Query User{633FAB2C-B787-4893-A712-73AD4B4CB924}C:\users\matthew\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\matthew\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{8BAE86E0-3C57-4FEA-9707-D17690573F9D}C:\users\matthew\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\matthew\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [TCP Query User{59926718-D6A5-4456-B5FA-FF795932C69E}C:\my games\halo\h.c.e. by matancianas\halo custom edition\haloce.exe] => (Allow) C:\my games\halo\h.c.e. by matancianas\halo custom edition\haloce.exe
    FirewallRules: [UDP Query User{2A699B7C-3275-488B-AD51-6937E245D9EB}C:\my games\halo\h.c.e. by matancianas\halo custom edition\haloce.exe] => (Allow) C:\my games\halo\h.c.e. by matancianas\halo custom edition\haloce.exe
    FirewallRules: [{0B595D20-B96B-43B3-BE5E-2C325A45F86F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{59A3912B-50BB-40C5-84A7-875BBD538493}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{96BEFBEB-7DC0-4FEB-AFA3-7561B21A5A64}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{FE1615B1-C385-49E4-A23C-35F2395895F3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{E004C885-9E90-45B6-BEB2-65EC60D3C19F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{D3C842DB-FECD-40CB-9A6D-9EC4F73CE573}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{CA5B4EA6-ED40-4842-8329-D59A61A58CF4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{1685AE21-60E5-4370-8B5A-CD8FFE46B6BB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{6AAC2FE5-3096-4E20-A64F-775511E9F640}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{8CB97A09-6D49-41A6-86DF-F918D7B78497}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/25/2015 03:07:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

    Error: (05/25/2015 03:07:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1045

    Error: (05/25/2015 03:07:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/25/2015 02:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1061

    Error: (05/25/2015 02:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1061

    Error: (05/25/2015 02:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/25/2015 01:39:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1076

    Error: (05/25/2015 01:39:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1076

    Error: (05/25/2015 01:39:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/25/2015 11:56:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1108


    System errors:
    =============
    Error: (05/25/2015 03:07:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 33 time(s).

    Error: (05/25/2015 02:57:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 32 time(s).

    Error: (05/25/2015 02:53:28 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer AUDREY-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CED97949-D296-4CEF-9013-DADD0C231EA8}.
    The master browser is stopping or an election is being forced.

    Error: (05/25/2015 01:39:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 31 time(s).

    Error: (05/25/2015 11:56:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 30 time(s).

    Error: (05/25/2015 10:50:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 29 time(s).

    Error: (05/24/2015 08:45:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 28 time(s).

    Error: (05/24/2015 08:19:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 27 time(s).

    Error: (05/24/2015 06:48:55 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer AUDREY-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CED97949-D296-4CEF-9013-DADD0C231EA8}.
    The master browser is stopping or an election is being forced.

    Error: (05/24/2015 05:38:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 26 time(s).


    Microsoft Office:
    =========================
    Error: (05/25/2015 03:07:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

    Error: (05/25/2015 03:07:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1045

    Error: (05/25/2015 03:07:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/25/2015 02:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1061

    Error: (05/25/2015 02:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1061

    Error: (05/25/2015 02:57:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/25/2015 01:39:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1076

    Error: (05/25/2015 01:39:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1076

    Error: (05/25/2015 01:39:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/25/2015 11:56:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1108


    CodeIntegrity Errors:
    ===================================
    Date: 2014-09-19 20:09:23.938
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:09:23.878
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:33.271
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:33.269
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:31.069
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:31.068
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:30.941
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:30.940
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:03.568
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:03.560
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz
    Percentage of memory in use: 33%
    Total physical RAM: 16265.11 MB
    Available physical RAM: 10844.85 MB
    Total Pagefile: 21004.25 MB
    Available Pagefile: 13033.28 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:451.18 GB) (Free:65.87 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:11.57 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 84D5B52C)
    Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=451.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=11.6 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

    ==================== End of log ============================
     
  5. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello ksfiddler,

    You have Kaspersky and Microsoft Security Essentials running in real time. You also have McAfee Security Scan Plus which I suspect has been foisted on your machine without your permission.

    Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You may end up with little or no protection.

    Please uninstall the following:

    Either Microsoft Security Essentials or Kaspersky. If Kaspersky has an up to date subscription, then that is the one to keep.

    and, if you haven't installed it yourself.

    McAfee Security Scan Plus

    Next

    The FRST scan shows that you have the dev: build version of Chrome. Replacing your browser with the development build is a technique used by malware to gain access to your browser.

    If you haven't installed the dev: build then your Chrome browser has a nasty infection. It's quite recent and to fix it we need to uninstall and reinstall Chrome. Depending on how long you have had the infection we may need further work after the reinstall.

    If you installed dev build yourself and want to keep it, tell me. Otherwise follow the instructions below:

    Firstly

    You might like to backup your bookmarks. Go to the link below to learn how to export Chrome's bookmarks. You can save them somewhere you can find them and import them back to Chrome when you reinstall.

    https://support.google.com/chrome/answer/96816?hl=en

    Step 2

    Go to the link below for instructions to uninstall Google Chrome. Use the Windows instructions for Windows Vista/ Windows 7/ Windows 8

    Note: To remove this infection properly you must remove your profile information so make sure you tick the "Also delete your browsing data" check box.

    Step 3

    Download and reinstall Google Chrome.

    After that

    Open notepad.

    Please copy the contents of the code box below.

    To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

    Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    Code:
    HKLM-x32\...\Run: [] => [X]
    AppInit_DLLs: Files Files => Files Files File not found
    AppInit_DLLs-x32: c:\program files c:\program files c:\program files c:\program files c:\program files => "c:\program files c:\program files c:\program files c:\program files c:\program files" File not found
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    URLSearchHook: [S-1-5-21-2252185676-2155325459-2988092858-1001] ATTENTION ==> Default URLSearchHook is missing
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File
    C:\Users\Matthew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfpdznh.dll
    C:\Users\Matthew\AppData\Local\Temp\Extract.exe
    C:\Users\Matthew\AppData\Local\Temp\FreeStudio.exe
    C:\Users\Matthew\AppData\Local\Temp\ICReinstall_FlvPlayerSetup.exe
    C:\Users\Matthew\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
    C:\Users\Matthew\AppData\Local\Temp\optprosetup.exe
    CMD: ipconfig /flushdns
    EmptyTemp:
    
    This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Finally in this post

    Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

    So when you return please post
    • Fixlog.txt
    • FRST.txt
    • Addition.txt
     
  6. ksfiddler

    ksfiddler Thread Starter

    Joined:
    May 24, 2015
    Messages:
    15
    Here is the fixlog:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
    Ran by Matthew at 2015-05-26 19:37:59 Run:1
    Running from C:\Users\Matthew\Desktop
    Loaded Profiles: Matthew (Available Profiles: Matthew)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    AppInit_DLLs: Files Files => Files Files File not found
    AppInit_DLLs-x32: c:\program files c:\program files c:\program files c:\program files c:\program files => "c:\program files c:\program files c:\program files c:\program files c:\program files" File not found
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    URLSearchHook: [S-1-5-21-2252185676-2155325459-2988092858-1001] ATTENTION ==> Default URLSearchHook is missing
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File
    C:\Users\Matthew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfpdznh.dll
    C:\Users\Matthew\AppData\Local\Temp\Extract.exe
    C:\Users\Matthew\AppData\Local\Temp\FreeStudio.exe
    C:\Users\Matthew\AppData\Local\Temp\ICReinstall_FlvPlayerSetup.exe
    C:\Users\Matthew\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
    C:\Users\Matthew\AppData\Local\Temp\optprosetup.exe
    CMD: ipconfig /flushdns
    EmptyTemp:
    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
    "Files Files" => value data Removed successfully.
    "c:\program files c:\program files c:\program files c:\program files c:\program files" => value data Removed successfully.
    "HKLM\SOFTWARE\Policies\Google" => key Removed successfully
    Error setting Default URLSearchHook.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key Removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key Removed successfully
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    "HKCR\PROTOCOLS\Handler\WSIEChrome" => key Removed successfully
    C:\Users\Matthew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfpdznh.dll => Moved successfully.
    C:\Users\Matthew\AppData\Local\Temp\Extract.exe => Moved successfully.
    C:\Users\Matthew\AppData\Local\Temp\FreeStudio.exe => Moved successfully.
    C:\Users\Matthew\AppData\Local\Temp\ICReinstall_FlvPlayerSetup.exe => Moved successfully.
    C:\Users\Matthew\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.
    C:\Users\Matthew\AppData\Local\Temp\optprosetup.exe => Moved successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => Removed 1.3 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 19:42:30 ====
     
  7. ksfiddler

    ksfiddler Thread Starter

    Joined:
    May 24, 2015
    Messages:
    15
    Here is the FRST (after the fix):

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
    Ran by Matthew (administrator) on MATTHEW-HP on 26-05-2015 19:55:46
    Running from C:\Users\Matthew\Desktop
    Loaded Profiles: Matthew (Available Profiles: Matthew)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (CryptoMill Technologies Ltd.) C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (FSPro Labs) C:\My Programs\MyLockbox\My Lockbox\mylbx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Dropbox, Inc.) C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
    (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-07-04] (IDT, Inc.)
    HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [147160 2013-08-02] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [mylbx] => C:\My Programs\MyLockbox\My Lockbox\mylbx.exe [2308872 2014-04-14] (FSPro Labs)
    HKLM\...\Run: [CryptoMill Refresh] => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-08-15] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] (Qualcomm®Atheros®)
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Run: [Dropbox Update] => C:\Users\Matthew\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-15] (Dropbox, Inc.)
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\MountPoints2: {c5a999fa-0547-11e4-8751-b8ee655403ce} - G:\TL-Bootstrap.exe
    Lsa: [Notification Packages] DPPassFilter scecli
    Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-06]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-08-22] (CryptoMill Technologies Ltd.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-08-22] (CryptoMill Technologies Ltd.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-23] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-23] (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/1
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/1
    URLSearchHook: [S-1-5-21-2252185676-2155325459-2988092858-1001] ATTENTION ==> Default URLSearchHook is missing
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-20] (DVDVideoSoft Ltd.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-22] (DVDVideoSoft Ltd.)
    Tcpip\Parameters: [DhcpNameServer] 64.250.48.6 64.250.48.10

    FireFox:
    ========
    FF ProfilePath: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\cpjtb539.default
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2252185676-2155325459-2988092858-1001: @client.dropbox.com/Dropbox Update;version=3 -> C:\Users\Matthew\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-15] (Dropbox, Inc.)
    FF Plugin HKU\S-1-5-21-2252185676-2155325459-2988092858-1001: @client.dropbox.com/Dropbox Update;version=9 -> C:\Users\Matthew\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-15] (Dropbox, Inc.)
    FF user.js: detected! => C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\cpjtb539.default\user.js [2015-02-01]
    FF Extension: EPUBReader - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\cpjtb539.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-26]
    FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-04-01]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
    FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-05-09]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
    FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2014-06-15]
    FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\My Programs\video converter\Wondershare\Video Converter Free\SVRFirefoxExt
    FF Extension: Wondershare Video Converter Ultimate - C:\My Programs\video converter\Wondershare\Video Converter Free\SVRFirefoxExt [2014-08-06]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Player\[email protected]
    FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\[email protected] [2014-08-06]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
    FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014-09-19]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014-09-19]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014-09-19]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014-09-19]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected]
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2014-09-19]
    FF HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\My Programs\video converter\Wondershare\Video Converter Free\SVRFirefoxExt
    FF HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
    FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-13]

    Chrome:
    =======
    CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-26]
    CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-26]
    CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-26]
    CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]
    CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
    CHR HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider) []
    R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
    R2 CreoService; C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [1366488 2013-08-22] (CryptoMill Technologies Ltd.)
    R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-07] () []
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-07-15] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-07-15] (CyberLink)
    R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
    R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-08-05] (DigitalPersona, Inc.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-08] (Hewlett-Packard Company) []
    R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) []
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-26] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2013-07-04] (IDT, Inc.) []
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) []

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
    R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
    R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-04] (FSPro Labs)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-30] (Intel Corporation)
    R3 IceKore; C:\Windows\System32\DRIVERS\IceKore.sys [397784 2013-08-19] (CryptoMill Technologies Inc.)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
    R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-09] (Kaspersky Lab ZAO)
    R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-09] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
    S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2013-06-28] (Atheros)
    R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
    R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2013-07-16] (WinMagic Inc.)
    S3 PRESONUS_AUDIOBOX_MIDI; C:\Windows\System32\drivers\psabusbm.sys [37496 2014-06-14] (Ploytec GmbH)
    S3 PRESONUS_AUDIOBOX_USB; C:\Windows\System32\Drivers\psabusbu.sys [462968 2014-06-14] (Ploytec GmbH)
    S3 PRESONUS_AUDIOBOX_WDM; C:\Windows\System32\drivers\psabusba.sys [50808 2014-06-14] (Ploytec GmbH)
    S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [476888 2014-08-15] (Realsil Semiconductor Corporation)
    R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8873688 2013-08-02] (Realtek Semiconductor Corp.)
    R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2013-07-16] (WinMagic Inc.)
    R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2013-07-16] (WinMagic Inc.)
    S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-19] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [34544 2013-08-19] (Synaptics Incorporated)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-26 19:29 - 2015-05-26 19:29 - 00001256 _____ () C:\Users\Matthew\Desktop\notepad - Shortcut.lnk
    2015-05-26 19:22 - 2015-05-26 19:22 - 00002278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-05-26 19:22 - 2015-05-26 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-05-26 19:19 - 2015-05-26 19:19 - 00880208 _____ (Google Inc.) C:\Users\Matthew\Downloads\ChromeSetup(1).exe
    2015-05-26 19:11 - 2015-05-26 19:11 - 00880208 _____ (Google Inc.) C:\Users\Matthew\Downloads\ChromeSetup.exe
    2015-05-26 18:50 - 2015-05-26 18:50 - 00056734 _____ () C:\Users\Matthew\Documents\bookmarks_5_26_15.html
    2015-05-25 16:28 - 2015-05-25 16:29 - 00051299 _____ () C:\Users\Matthew\Desktop\Addition.txt
    2015-05-25 16:27 - 2015-05-26 19:55 - 00024354 _____ () C:\Users\Matthew\Desktop\FRST.txt
    2015-05-25 16:26 - 2015-05-26 19:55 - 00000000 ____D () C:\FRST
    2015-05-25 16:25 - 2015-05-25 16:25 - 02108928 _____ (Farbar) C:\Users\Matthew\Desktop\FRST64.exe
    2015-05-24 18:26 - 2015-05-24 18:26 - 00509440 _____ (Tech Support Guy System) C:\Users\Matthew\Downloads\SysInfo.exe
    2015-05-23 17:30 - 2015-05-23 17:30 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-05-18 18:35 - 2015-05-18 18:35 - 04978664 _____ (Hewlett-Packard Company ) C:\Users\Matthew\Downloads\sp70648-BCU_Repair_Utility.exe
    2015-05-17 19:39 - 2015-05-17 19:41 - 29179779 _____ () C:\Users\Matthew\Downloads\'It Is Well With My Soul' By The Issacs (FULL).wmv
    2015-05-16 16:01 - 2015-05-16 16:01 - 00000173 _____ () C:\Users\Matthew\Desktop\Shopping.url
    2015-05-16 10:39 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-16 10:39 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-15 05:11 - 2015-05-26 19:16 - 00000926 _____ () C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001UA.job
    2015-05-15 05:11 - 2015-05-26 05:42 - 00000874 _____ () C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001Core.job
    2015-05-15 05:11 - 2015-05-15 05:11 - 00003900 _____ () C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001UA
    2015-05-15 05:11 - 2015-05-15 05:11 - 00003504 _____ () C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001Core
    2015-05-15 05:11 - 2015-05-15 05:11 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Dropbox
    2015-05-15 05:11 - 2015-05-15 05:11 - 00000000 ____D () C:\ProgramData\Dropbox
    2015-05-12 19:19 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-05-12 19:19 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-05-12 19:19 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-12 19:19 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-05-12 19:19 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-05-12 19:19 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-05-12 19:19 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-12 19:19 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-12 19:19 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-05-12 19:19 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-12 19:19 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-05-12 19:19 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-05-12 19:19 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-05-12 19:19 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-12 19:19 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-12 19:19 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-05-12 19:19 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-05-12 19:19 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-05-12 19:19 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-12 19:19 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-05-12 19:19 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-05-12 19:19 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-12 19:19 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-05-12 19:19 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-05-12 19:19 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-12 19:19 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-05-12 19:19 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-05-12 19:19 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-12 19:19 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-05-12 19:19 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-12 19:19 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-05-12 19:19 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-12 19:19 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-12 19:19 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-05-12 19:19 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-05-12 19:19 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-05-12 19:19 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-12 19:19 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-05-12 19:19 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-05-12 19:19 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-12 19:19 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-05-12 19:19 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-05-12 19:19 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-05-12 19:19 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-12 19:19 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-05-12 19:19 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-12 19:19 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-05-12 19:19 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-12 19:19 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-12 19:19 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-12 19:19 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-12 19:19 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-12 19:19 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-12 19:19 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-05-12 19:19 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-12 19:19 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-12 19:19 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-05-12 19:19 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-12 19:19 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-12 19:19 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-05-12 19:09 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-12 19:09 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-12 19:09 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-12 19:09 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-05-12 19:05 - 2015-04-27 14:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-05-12 19:05 - 2015-04-27 14:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-05-12 19:05 - 2015-04-27 14:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-05-12 19:05 - 2015-04-27 14:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-05-12 19:05 - 2015-04-27 14:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-05-12 19:05 - 2015-04-27 14:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-05-12 19:05 - 2015-04-27 14:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-05-12 19:05 - 2015-04-27 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-05-12 19:05 - 2015-04-27 14:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-05-12 19:05 - 2015-04-27 14:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-05-12 19:05 - 2015-04-27 14:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-05-12 19:05 - 2015-04-27 14:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-05-12 19:05 - 2015-04-27 14:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-05-12 19:05 - 2015-04-27 14:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-05-12 19:05 - 2015-04-27 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-05-12 19:05 - 2015-04-27 14:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-05-12 19:05 - 2015-04-27 14:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-05-12 19:05 - 2015-04-27 14:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-05-12 19:05 - 2015-04-27 14:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-05-12 19:05 - 2015-04-27 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-05-12 19:05 - 2015-04-27 14:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-05-12 19:05 - 2015-04-27 14:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-05-12 19:05 - 2015-04-27 14:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-05-12 19:05 - 2015-04-27 13:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-05-12 19:05 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-12 19:04 - 2015-04-27 14:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-05-12 19:04 - 2015-04-27 14:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-05-12 19:04 - 2015-04-27 14:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-05-12 19:04 - 2015-04-27 14:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-05-12 19:04 - 2015-04-27 14:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-05-12 19:04 - 2015-04-27 14:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-05-12 19:04 - 2015-04-27 14:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 14:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-05-12 19:04 - 2015-04-27 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-05-12 19:04 - 2015-04-27 14:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-05-12 19:04 - 2015-04-27 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-05-12 19:04 - 2015-04-27 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-05-12 19:04 - 2015-04-27 14:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-05-12 19:04 - 2015-04-27 14:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 12:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-05-12 19:04 - 2015-04-27 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-05-12 19:04 - 2015-04-27 12:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 12:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-27 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-05-12 19:04 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-12 19:04 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-12 19:04 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-12 19:04 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-12 19:04 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-05-12 19:04 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-05-12 19:04 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-05-12 19:04 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-05-12 19:04 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-05-12 19:01 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-05-12 19:01 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-05-12 19:01 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-05-12 19:01 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-05-12 19:01 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-05-12 19:01 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-05-12 19:01 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-05-12 19:01 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-05-12 19:01 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-26 19:55 - 2009-07-14 00:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-26 19:54 - 2014-06-11 09:14 - 01371164 _____ () C:\Windows\WindowsUpdate.log
    2015-05-26 19:53 - 2014-06-12 09:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-26 19:51 - 2014-06-15 18:34 - 00000000 ___RD () C:\Users\Matthew\Dropbox
    2015-05-26 19:51 - 2014-06-15 18:11 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Dropbox
    2015-05-26 19:50 - 2014-09-07 19:38 - 00000000 ___RD () C:\Users\Matthew\Google Drive
    2015-05-26 19:50 - 2014-06-11 10:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-05-26 19:48 - 2014-06-12 09:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-26 19:48 - 2014-05-09 06:43 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.log
    2015-05-26 19:48 - 2014-03-18 02:59 - 00000000 ____D () C:\ProgramData\PDFC
    2015-05-26 19:47 - 2014-03-18 02:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-26 19:47 - 2010-11-20 22:47 - 00200150 _____ () C:\Windows\PFRO.log
    2015-05-26 19:47 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-26 19:47 - 2009-07-13 23:51 - 00098462 _____ () C:\Windows\setupact.log
    2015-05-26 19:46 - 2009-07-13 23:45 - 00026816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-26 19:46 - 2009-07-13 23:45 - 00026816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-26 19:25 - 2014-03-18 02:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-05-26 19:22 - 2014-06-12 09:28 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Google
    2015-05-26 19:22 - 2014-06-12 09:28 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-05-26 18:41 - 2014-03-18 02:59 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-05-25 09:48 - 2014-06-12 09:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-05-25 09:48 - 2014-06-12 09:28 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-23 10:31 - 2014-06-22 10:22 - 00000000 ____D () C:\Users\Matthew\AppData\Local\CrashDumps
    2015-05-22 20:01 - 2015-01-08 21:07 - 00000000 _____ () C:\Users\Matthew\Desktop\blank (2).txt
    2015-05-21 05:20 - 2015-04-05 15:17 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-05-21 05:20 - 2015-04-05 15:17 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-05-18 18:39 - 2014-06-15 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-05-18 18:39 - 2014-03-18 02:56 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
    2015-05-18 18:38 - 2011-02-11 11:32 - 00000000 ____D () C:\SWSETUP
    2015-05-17 20:09 - 2014-07-07 20:18 - 00000193 _____ () C:\Users\Matthew\AppData\Roaming\default.rss
    2015-05-17 20:02 - 2014-08-06 22:04 - 00000000 ____D () C:\ProgramData\Wondershare Player
    2015-05-16 17:14 - 2014-12-20 18:43 - 00000000 _____ () C:\Users\Matthew\Desktop\New Text Document.txt
    2015-05-16 14:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-05-16 13:11 - 2014-05-09 06:43 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.001
    2015-05-16 13:10 - 2014-06-18 06:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-05-16 13:10 - 2009-07-13 23:45 - 00443856 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-16 13:08 - 2014-05-09 06:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-16 13:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
    2015-05-16 10:59 - 2014-07-07 22:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-05-16 10:54 - 2014-06-14 04:49 - 00000000 ____D () C:\Windows\system32\MRT
    2015-05-16 10:45 - 2014-06-14 04:49 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-05-16 10:39 - 2014-06-18 06:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-05-16 10:37 - 2014-06-18 06:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-05-08 23:10 - 2014-09-07 19:35 - 00002065 _____ () C:\Users\Public\Desktop\Google Slides.lnk
    2015-05-08 23:10 - 2014-09-07 19:35 - 00002063 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
    2015-05-08 23:10 - 2014-09-07 19:35 - 00002053 _____ () C:\Users\Public\Desktop\Google Docs.lnk
    2015-05-08 23:10 - 2014-09-07 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-05-08 21:25 - 2014-05-09 06:43 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.002
    2015-05-06 05:37 - 2014-06-15 18:34 - 00001033 _____ () C:\Users\Matthew\Desktop\Dropbox.lnk
    2015-05-03 19:21 - 2015-02-24 20:18 - 00010581 _____ () C:\Users\Matthew\Desktop\software_removal_tool.log
    2015-05-03 07:45 - 2015-01-21 20:07 - 00000000 ____D () C:\ProgramData\hnpofgpbbdpjglndokpgfdlnjgailggd
    2015-05-02 10:06 - 2014-05-09 06:43 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.003

    ==================== Files in the root of some directories =======

    2014-07-07 20:18 - 2015-05-17 20:09 - 0000193 _____ () C:\Users\Matthew\AppData\Roaming\default.rss
    2014-06-15 17:43 - 2014-06-15 17:43 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-04-05 16:33 - 2015-04-05 19:28 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    Some files in TEMP:
    ====================
    C:\Users\Matthew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmto2md.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-16 13:53

    ==================== End of log ============================
     
  8. ksfiddler

    ksfiddler Thread Starter

    Joined:
    May 24, 2015
    Messages:
    15
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
    Ran by Matthew at 2015-05-26 19:57:39
    Running from C:\Users\Matthew\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2252185676-2155325459-2988092858-500 - Administrator - Disabled)
    Guest (S-1-5-21-2252185676-2155325459-2988092858-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2252185676-2155325459-2988092858-1003 - Limited - Enabled)
    Matthew (S-1-5-21-2252185676-2155325459-2988092858-1001 - Administrator - Enabled) => C:\Users\Matthew

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
    AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
    Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
    Amazon Kindle (HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Amazon Kindle) (Version: - Amazon)
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    AudioBox USB driver (HKLM\...\USB_AUDIO_DEusb-audio.depresonusAudioBoxUSB) (Version: - )
    B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: 1.5.86.4889 - Catalina Group Ltd)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2921 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3115 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.4224 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    dBpowerAMP Music Converter (HKLM-x32\...\dBpowerAMP Music Converter) (Version: - )
    dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 8 - Illustrate)
    dBpowerAMP WMA V9.1 Codec (HKLM-x32\...\dBpowerAMP WMA V9.1 Codec) (Version: - )
    DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
    Dropbox (HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\Dropbox) (Version: 3.6.3 - Dropbox, Inc.)
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    Free M4a to MP3 Converter 5.9 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
    Free MP3 Tag Editor (HKLM-x32\...\{6FBFD000-6B64-4378-8AB5-2B7D97841AF0}) (Version: 1.0.0 - Media Freeware)
    Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 1.80 - Philipp Winterberg)
    Free Studio version 6.4.0.1122 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
    Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Gorilla 2 (HKLM-x32\...\Gorilla 2) (Version: - )
    Hewlett-Packard ACLM.NET v1.2.2.2 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{84663FDA-1374-4048-9869-DD4A8784785A}) (Version: 6.0.16.1 - Hewlett-Packard Company)
    HP BIOS Configuration Utility (HKLM-x32\...\{36FCBBEE-7BCE-4603-A4F5-56E73C43C820}) (Version: 4.0.11.1 - Hewlett-Packard Company)
    HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.2.0.1663 - Hewlett-Packard Company)
    HP Connection Manager (HKLM-x32\...\{7ED7BF91-D145-480A-B206-6891576F6935}) (Version: 4.6.12.1 - Hewlett-Packard Company)
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
    HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Documentation (HKLM-x32\...\{7940DAB9-AC72-4422-8908-DCF58C2C1D21}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.1.160 - Hewlett-Packard Company)
    HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
    HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.11.1 - Hewlett-Packard Company)
    HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
    HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company)
    HP PageLift (HKLM-x32\...\{708ABF62-5D7A-4550-823A-1F9EFA63645A}) (Version: 1.0.11.1 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
    HP SoftPaq Download Manager (HKLM-x32\...\{5C2D96B7-0468-4450-8BD9-63AB796D72CF}) (Version: 3.4.11.0 - Hewlett-Packard Company)
    HP Software Setup (HKLM-x32\...\{7EF08127-4C30-4C05-8CEB-544F8A71C080}) (Version: 8.7.1.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{A3B64280-DE4C-40F0-86BB-CCB2A6056BA2}) (Version: 7.3.32.6 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
    HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
    HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.2.0.9 - Hewlett-Packard Company)
    HP Trust Circles (HKLM-x32\...\HP Trust Circles) (Version: 8.2.15.16418 - CryptoMill Technologies)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
    ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3324 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
    Know Your Bible 2001 (HKLM-x32\...\Know Your Bible 2001) (Version: 3.00.3004 - Heavenly Software)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
    Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MuseScore 1.2 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.2.0 - Werner Schweer and Others)
    My Lockbox 3.2.1 (HKLM\...\My Lockbox_is1) (Version: 3.2.1 - )
    Nero 9 (HKLM-x32\...\{6dc79af8-ae41-4ffa-bb3d-8fbd68390586}) (Version: - Nero AG)
    Ogg Vorbis SSE2 (HKLM-x32\...\Ogg Vorbis SSE2) (Version: - )
    OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
    PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
    PreSonus Studio One x64 (HKLM\...\PreSonus Studio One) (Version: 1.6.4.14644 - PreSonus Audio Electronics)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype&#8482; 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SoundTrax (x32 Version: 4.4.37.1 - Nero AG) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
    TagScanner 5.1.649 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
    TaxACT 2014 - 1040 Edition (HKLM-x32\...\TaxACT 2014 - 1040 Edition) (Version: 1.06 - TaxACT, Inc.)
    TaxACT 2014 Kansas (HKLM-x32\...\TaxACT 2014 Kansas) (Version: 1.0 - TaxACT, Inc.)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Wondershare Player(Build 1.6.0) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.6.0.3 - Wondershare)
    Wondershare Video Converter Free(Build 6.5.1.0) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.5.1.0 - Wondershare Software)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthew\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    24-05-2015 15:26:08 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1957FB7A-79F4-4125-86D4-333D77A0CE00} - System32\Tasks\{C0DC9C06-7C55-416F-85D1-F20601D1BD26} => pcalua.exe -a C:\Users\Matthew\Downloads\wlsetup-web.exe -d C:\Users\Matthew\Downloads
    Task: {1C8CA606-64EC-41E7-9A35-2A3AF0879A66} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
    Task: {3100EFE8-AC1B-4258-A8A7-758C9F781145} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
    Task: {3731E708-63CD-424C-BF6B-AC4E8D1320D2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {4197122F-9E55-4E73-A87F-1C1A715ABA91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {4B23AE01-8B6C-4EB0-972A-C71757339CA8} - System32\Tasks\{9387888D-84E4-4B4A-A099-F100EAACEAEF} => pcalua.exe -a C:\Users\Matthew\Downloads\sp64284.exe -d C:\Users\Matthew\Downloads
    Task: {4FC9FE00-31ED-48D1-BF88-E04CBD13947E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-08] (Hewlett-Packard Company)
    Task: {68DB6D62-FCEB-421C-B048-01EEE56B0AC5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001Core => C:\Users\Matthew\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)
    Task: {73FFCA2D-5688-4DCD-9836-B90BCC27E75F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18] (Adobe Systems Incorporated)
    Task: {75778042-FE0D-4125-829C-9BF6C692F754} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
    Task: {92587215-70D1-4C58-B472-1343B07EB771} - System32\Tasks\{A9CCA6B3-FBF8-45F9-A072-7D9E7DB2D50C} => pcalua.exe -a C:\Users\Matthew\Downloads\wlsetup-web.exe -d C:\Users\Matthew\Downloads
    Task: {C402AE26-7ACE-4038-9411-8F44852756F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-08] (Hewlett-Packard Company)
    Task: {EFD31499-528C-427D-89FF-E05813D35A3B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001UA => C:\Users\Matthew\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-15] (Dropbox, Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001Core.job => C:\Users\Matthew\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2252185676-2155325459-2988092858-1001UA.job => C:\Users\Matthew\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-05-22 15:21 - 2013-05-22 15:21 - 00299832 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-08-07 17:02 - 2013-08-07 17:02 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
    2011-06-08 16:57 - 2011-06-08 16:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
    2013-06-28 08:00 - 2013-06-28 08:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
    2013-06-28 08:08 - 2013-06-28 08:08 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
    2014-03-06 17:00 - 2014-03-06 17:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll
    2015-05-26 19:49 - 2015-05-26 19:49 - 00043008 _____ () c:\users\matthew\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmto2md.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00750080 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00047616 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00865280 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00200704 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00010240 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00726016 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-03-04 16:45 - 2015-03-19 02:15 - 00010240 _____ () C:\Users\Matthew\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
    2015-05-26 19:48 - 2015-05-26 19:48 - 00098816 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32api.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00110080 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\pywintypes27.dll
    2015-05-26 19:48 - 2015-05-26 19:48 - 00364544 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\pythoncom27.dll
    2015-05-26 19:48 - 2015-05-26 19:48 - 00045568 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\_socket.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 01161216 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\_ssl.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00320512 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32com.shell.shell.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00713216 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\_hashlib.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 01175040 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\wx._core_.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00805888 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\wx._gdi_.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00811008 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\wx._windows_.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 01062400 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\wx._controls_.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00735232 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\wx._misc_.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00682496 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\pysqlite2._sqlite.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00128512 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\_elementtree.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00127488 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\pyexpat.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00087552 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\_ctypes.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00119808 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32file.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00108544 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32security.pyd
    2015-05-26 19:49 - 2015-05-26 19:49 - 00007168 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\hashobjs_ext.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00017408 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\usb_ext.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00167936 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32gui.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00018432 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32event.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00013824 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\common.time34.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00036864 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\_psutil_windows.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00038912 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32inet.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00011264 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32crypt.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00070656 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\wx._html2.pyd
    2015-05-26 19:49 - 2015-05-26 19:49 - 00027136 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\_multiprocessing.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00020480 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\_yappi.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00035840 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32process.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00686080 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\unicodedata.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00122368 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\wx._wizard.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00024064 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32pipe.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00010240 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\select.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00025600 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32pdh.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00525640 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\windows._lib_cacheinvalidation.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00017408 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32profile.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00022528 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\win32ts.pyd
    2015-05-26 19:48 - 2015-05-26 19:48 - 00078336 _____ () C:\Users\Matthew\AppData\Local\Temp\_MEI50282\wx._animate.pyd
    2014-05-09 06:20 - 2013-07-26 00:24 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2013-06-05 13:35 - 2013-06-05 13:35 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Matthew\Documents\Grace Website:com.dropbox.attributes

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\...\com -> hxxp://*.Wondershare.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2252185676-2155325459-2988092858-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 64.250.48.6 - 64.250.48.10

    ==================== MSCONFIG/TASK MANAGER Error getting ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: AccelerometerSysTrayApplet => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
    MSCONFIG\startupreg: BrowserPlugInHelper => C:\My Programs\video converter\Wondershare\Video Converter Free\BrowserPlugInHelper.exe
    MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
    MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
    MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Player\DelayPluginI.exe
    MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: WinampAgent => "C:\My Programs\Winamp\winampa.exe"
    MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
    MSCONFIG\startupreg: YouCam Tray => "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{10962329-4628-4F2E-8DDF-14E506649F68}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{B4B1E54A-9943-447C-B0AB-1C55F8EEC2B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B33111A2-48ED-4EAF-A725-CBAE64B6706A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B8CCCF1F-32C6-4867-8253-5203C4E455AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{ED47C0E9-5CCF-4556-9433-32A34A93672A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{2C3EA8F9-C1F1-470D-920B-36EA39C8EB0C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{35552276-B5FA-465F-9E49-6E18A424D792}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{72C76EFB-A8FB-4325-A9AB-466DDAC0CAA5}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{78AC9436-EC03-4BBD-AC65-C7595D529720}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{6702BFE6-A8A0-4303-8FB5-E2A33ED64401}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{A1E24630-0A58-4B9C-A5FE-8E9F5042F5C0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{4F8DB2B5-5F9A-4DA0-8BEE-6AC89BA2C026}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{ADD957A9-6E24-4BD3-B4CF-4C3EC019EA94}] => (Allow) LPort=2869
    FirewallRules: [{F7A0FC9D-0B82-4F0C-B469-D7771ECB78A7}] => (Allow) LPort=1900
    FirewallRules: [{CB0255DF-E140-4A08-A597-18D4E0253B89}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
    FirewallRules: [{8D879E79-59B3-42E0-A573-22885B530D5D}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{FFE80044-ABC0-43BD-B8E8-71817D5A0C49}] => (Allow) C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{1960487E-5CFF-43D3-90FC-5BF9455FEF20}] => (Allow) C:\Users\Matthew\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{7CF24676-F084-406D-8BEA-946D698F997D}] => (Allow) C:\My Programs\Winamp\winamp.exe
    FirewallRules: [{0312A415-9BC4-41B3-93D8-4928A60B9402}] => (Allow) C:\My Programs\Winamp\winamp.exe
    FirewallRules: [TCP Query User{633FAB2C-B787-4893-A712-73AD4B4CB924}C:\users\matthew\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\matthew\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{8BAE86E0-3C57-4FEA-9707-D17690573F9D}C:\users\matthew\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\matthew\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [TCP Query User{59926718-D6A5-4456-B5FA-FF795932C69E}C:\my games\halo\h.c.e. by matancianas\halo custom edition\haloce.exe] => (Allow) C:\my games\halo\h.c.e. by matancianas\halo custom edition\haloce.exe
    FirewallRules: [UDP Query User{2A699B7C-3275-488B-AD51-6937E245D9EB}C:\my games\halo\h.c.e. by matancianas\halo custom edition\haloce.exe] => (Allow) C:\my games\halo\h.c.e. by matancianas\halo custom edition\haloce.exe
    FirewallRules: [{0B595D20-B96B-43B3-BE5E-2C325A45F86F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{59A3912B-50BB-40C5-84A7-875BBD538493}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{96BEFBEB-7DC0-4FEB-AFA3-7561B21A5A64}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{FE1615B1-C385-49E4-A23C-35F2395895F3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{E004C885-9E90-45B6-BEB2-65EC60D3C19F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{D3C842DB-FECD-40CB-9A6D-9EC4F73CE573}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{CA5B4EA6-ED40-4842-8329-D59A61A58CF4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{1685AE21-60E5-4370-8B5A-CD8FFE46B6BB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{6AAC2FE5-3096-4E20-A64F-775511E9F640}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{D24818C7-F8D1-4964-8190-A26E19B68876}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/26/2015 05:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1061

    Error: (05/26/2015 05:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1061

    Error: (05/26/2015 05:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/26/2015 06:03:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1155

    Error: (05/26/2015 06:03:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1155

    Error: (05/26/2015 06:03:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/25/2015 08:41:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1077

    Error: (05/25/2015 08:41:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1077

    Error: (05/25/2015 08:41:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/25/2015 08:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1430825


    System errors:
    =============
    Error: (05/26/2015 07:58:09 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer AUDREY-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CED97949-D296-4CEF-9013-DADD0C231EA8}.
    The master browser is stopping or an election is being forced.

    Error: (05/26/2015 07:49:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (05/26/2015 07:35:11 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer AUDREY-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CED97949-D296-4CEF-9013-DADD0C231EA8}.
    The master browser is stopping or an election is being forced.

    Error: (05/26/2015 07:11:12 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer AUDREY-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CED97949-D296-4CEF-9013-DADD0C231EA8}.
    The master browser is stopping or an election is being forced.

    Error: (05/26/2015 06:59:14 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer AUDREY-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CED97949-D296-4CEF-9013-DADD0C231EA8}.
    The master browser is stopping or an election is being forced.

    Error: (05/26/2015 06:47:12 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer AUDREY-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CED97949-D296-4CEF-9013-DADD0C231EA8}.
    The master browser is stopping or an election is being forced.

    Error: (05/26/2015 05:46:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 40 time(s).

    Error: (05/26/2015 06:02:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 39 time(s).

    Error: (05/25/2015 08:41:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 38 time(s).

    Error: (05/25/2015 08:09:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 37 time(s).


    Microsoft Office:
    =========================
    Error: (05/26/2015 05:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1061

    Error: (05/26/2015 05:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1061

    Error: (05/26/2015 05:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/26/2015 06:03:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1155

    Error: (05/26/2015 06:03:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1155

    Error: (05/26/2015 06:03:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/25/2015 08:41:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1077

    Error: (05/25/2015 08:41:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1077

    Error: (05/25/2015 08:41:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/25/2015 08:33:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1430825


    CodeIntegrity Errors:
    ===================================
    Date: 2014-09-19 20:09:23.938
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:09:23.878
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:33.271
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:33.269
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:31.069
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:31.068
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:30.941
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:30.940
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:03.568
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-09-19 20:08:03.560
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz
    Percentage of memory in use: 23%
    Total physical RAM: 16265.11 MB
    Available physical RAM: 12512.05 MB
    Total Pagefile: 32528.43 MB
    Available Pagefile: 28746.84 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:451.18 GB) (Free:54.61 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:11.57 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 84D5B52C)
    Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=451.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=11.6 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

    ==================== End of log ============================
     
  9. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    That looks better.

    Now

    Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next

    Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

    [​IMG]

    Click on Scan and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

    A copy of the report is also saved in the C:\AdwCleaner folder.

    So when you return please post
    • JRT.txt
    • AdwCleaner log

     
  10. ksfiddler

    ksfiddler Thread Starter

    Joined:
    May 24, 2015
    Messages:
    15
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.8.1 (05.27.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Matthew on Wed 05/27/2015 at 17:31:25.32
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}



    ~~~ Files

    Failed to delete: [File] C:\Windows\syswow64\wscm64.dll
    Successfully deleted: [File] C:\Windows\syswow64\wscm32.dll
    Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\microsoft\internet explorer\quick launch\wondershare player.lnk



    ~~~ Folders

    Successfully deleted: [Folder] C:\Program Files (x86)\youtubeadblocker
    Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\media freeware
    Successfully deleted: [Folder] C:\Users\Matthew\AppData\Roaming\opencandy
    Successfully deleted: [Folder] C:\ProgramData\13659983165118675302
    Successfully deleted: [Folder] C:\ProgramData\hnpofgpbbdpjglndokpgfdlnjgailggd



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\Matthew\AppData\Roaming\mozilla\firefox\profiles\cpjtb539.default\user.js



    ~~~ Chrome


    [C:\Users\Matthew\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Matthew\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Matthew\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Matthew\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 05/27/2015 at 17:36:36.24
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  11. ksfiddler

    ksfiddler Thread Starter

    Joined:
    May 24, 2015
    Messages:
    15
    # AdwCleaner v4.205 - Logfile created 27/05/2015 at 18:54:53
    # Updated 21/05/2015 by Xplode
    # Database : 2015-05-21.2 [Local]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Matthew - MATTHEW-HP
    # Running from : C:\Users\Matthew\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\75eb197800003760
    Folder Deleted : C:\ProgramData\e2047295000000cd
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\a9dc67d7-37cc-52d8-c5a5-6a1b5d7c3601
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Key Deleted : HKCU\Software\b1.org
    Key Deleted : HKCU\Software\ClickConnect
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\BoBrowser
    Key Deleted : HKCU\Software\Super Optimizer
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\b1.org
    Key Deleted : HKLM\SOFTWARE\Clara
    Key Deleted : [x64] HKLM\SOFTWARE\b1.org

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17801


    -\\ Mozilla Firefox v36.0.4 (x86 en-US)


    -\\ Google Chrome v43.0.2357.81

    [C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [3346 bytes] - [27/05/2015 18:48:07]
    AdwCleaner[S0].txt - [3092 bytes] - [27/05/2015 18:54:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3151 bytes] ##########
     
  12. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello again ksfiddler,

    Please run a free online scan with the ESET Online Scanner

    Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

    Windows 8 & 8.1 users may face another warning from the Windows SmartScreen Protection - please click More information and Run.

    Note: This scan works with Internet Explorer or Mozilla FireFox.

    If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    Disable your security programs.
    • Click the blue Run ESET Online Scanner box
    • Tick the box next to YES, I accept the Terms of Use
      then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
    • Check "Enable detection of potentially unwanted applications"
    • Click on Start and say yes to allow the program to proceed.
    • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
    • After that click the button "Back"
    • Select and check Uninstall application on close and Delete quarantined files.
    • Then click on: Finish
    • Copy and paste the ESET log back here and tell me how your machine is now.
     
  13. ksfiddler

    ksfiddler Thread Starter

    Joined:
    May 24, 2015
    Messages:
    15
    is it safe to be online for that long whilst my security is disabled?
     
  14. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    If you are just using the ESET online scanner, yes.

    Don't do anything else, just let it do it's job. :)
     
  15. ksfiddler

    ksfiddler Thread Starter

    Joined:
    May 24, 2015
    Messages:
    15
    C:\$RECYCLE.BIN\S-1-5-21-2252185676-2155325459-2988092858-1001\$RB3UUS2.exe a variant of Win32/SoftPulse.AE potentially unwanted application deleted - quarantined
    C:\FRST\Quarantine\C\Users\Matthew\AppData\Local\Temp\ICReinstall_FlvPlayerSetup.exe.xBAD a variant of Win32/InstallCore.UE potentially unwanted application deleted - quarantined
    C:\FRST\Quarantine\C\Users\Matthew\AppData\Local\Temp\optprosetup.exe.xBAD a variant of Win32/OptimizerEliteMax.C potentially unwanted application deleted - quarantined
    C:\My Programs\Extractor - B1\B1FreeArchiver.exe a variant of Win32/4Shared.W potentially unwanted application deleted - quarantined
    C:\My Programs\Extractor - B1\B1 Free Archiver\installer.exe a variant of Win32/4Shared.W potentially unwanted application deleted - quarantined
    C:\My Programs\Open Office\Open-Office.exe a variant of Win32/InstallCore.OU potentially unwanted application deleted - quarantined
    C:\Users\Matthew\Downloads\mp3tageditor_setup.exe Win32/OutBrowse.Y potentially unwanted application deleted - quarantined
    C:\Users\Matthew\Downloads\Open OfficeSetup.exe a variant of Win32/Injected.F trojan cleaned by deleting - quarantined

    Wow! I thought kaspersky was going to be better than norton, which let a particularly nasty virus destroy one of my laptops.

    My hard drive seems to be maintaining the amount of free space, but I still wonder why I only have 54G left. I have deleted almost all my itunes music and podcast files. That's the only files i had that would be large enough to fill a hard drive. There is still quite a lot of stuff on the C drive that apparently I can't see. I will go through and back up some more of it and delete it off the C drive and see what i come up with, but i suspect it will only amount to 8 or 10G.

    Another problem I've encountered with this mess is that my onboard mouse occasionally freezes and wont let go unless i close and reopen the lid. It also will grab and drag stuff on a whim whilst moving my mouse across the screen. I've set my sensitivity to the highest setting. It will let go of something if i try to drag it, or grab something when I'm not trying to drag anything. Is that the same virus potentially?

    It appears the stuff that got deleted is from supposedly safe freeware. I like free stuff! Is that my problem? How can I be safer when getting free stuff?

    Is ESET a better antivirus than kaspersky?

    Thanks
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148768

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice