laptop unusable because of possible virus

[lkm13]

Hello,

Can someone help me fix my laptop? I think a virus has infected it. It was running normal until I received a popup saying that a program (my a/v) cannot run because of a missing dll. Soon almost everything is unrunnable because of missing dlls. I was able to run FRST though. Included are the log files. I don't use it anymore because from past experience, booting it cleans up my windows and make it unusable, requiring a recovery or reformat in order to use the laptop again.

Also, I couldn't run SysInfo because COMCTL32.dll is missing from the WinSxS folder.

OS is Windows 8.1, 64-bit; A/V is Panda Free Antivirus

I tried using MalwareBytes Anti-Rootkit but to no avail. Couldn't run AdwCleaner

 

[lkm13]

Result of the FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by LeviKlein (administrator) on KLEIN-LENOVO on 12-03-2015 15:55:07
Running from G:\
Loaded Profiles: LeviKlein (Available profiles: LeviKlein)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-16] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-07-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-07-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-23] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-16] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\...\Run: [Spotify Web Helper] => C:\Users\LeviKlein\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)
Startup: C:\Users\LeviKlein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4249056508-2319684459-2135355987-1001] => proxy2.upd.edu.ph:8080
HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=EED86894238533CE&affID=121563&tsp=4942
HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001 -> DefaultScope {DBED6F73-177B-405D-94BF-F8F46BB391E7} URL =
SearchScopes: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001 -> {DBED6F73-177B-405D-94BF-F8F46BB391E7} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-26] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-26] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-10-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-26] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-04] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-26] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-04] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-04] (Adobe Systems Incorporated)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{05C97C61-038A-46ED-99D2-78A2C377CC28}: [NameServer] 208.67.222.222,8.8.8.8
Tcpip\..\Interfaces\{DCF11873-063B-4193-9D5C-CA0A3EC7E4D7}: [NameServer] 8.8.8.8,4.4.4.4

FireFox:
========
FF ProfilePath: C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-09-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-09-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-04] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\searchplugins\kickassto.xml [2015-02-15]
FF SearchPlugin: C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\searchplugins\the-pirate-bay.xml [2014-12-08]
FF SearchPlugin: C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\searchplugins\youtube.xml [2014-12-06]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\[email protected] [2015-03-09]
FF Extension: Block site - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2014-11-27]
FF Extension: Personas Plus - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\[email protected] [2014-12-08]
FF Extension: TheRealURL - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\[email protected] [2014-11-26]
FF Extension: Silvermel - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\[email protected] [2014-11-26]
FF Extension: Silvermel and Charamel XT - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\[email protected] [2014-11-26]
FF Extension: Status-4-Evar - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\[email protected] [2014-11-26]
FF Extension: Test Pilot - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\[email protected] [2014-11-26]
FF Extension: All-in-One Sidebar - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-11-26]
FF Extension: Switch to Tab no more - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\{7edcdfc0-3056-11e0-91fa-0800200c9a66}.xpi [2014-11-26]
FF Extension: ReloadEvery - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2014-11-26]
FF Extension: Adblock Plus - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-08]
FF Extension: Greasemonkey - C:\Users\LeviKlein\AppData\Roaming\Mozilla\Firefox\Profiles\3hxztpx7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-11-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-11-27]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "https://isearch.avg.com/?cid={71984E3B-6476-4C98-A401-BD9CE921834F}&mid=24f1035b0e5747d0af0fd16c64b502a3-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=ip011&pr=sa&d=2012-10-17 19:23:45&v=13.2.0.1&sap=hp"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27]
CHR Extension: (Google Drive) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27]
CHR Extension: (Session Manager) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-11-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-27]
CHR Extension: (Desmos Graphing Calculator) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2014-11-27]
CHR Extension: (YouTube) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27]
CHR Extension: (Google+ Notifications) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2014-11-27]
CHR Extension: (AppsScript Color) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciggahcpieccaejjdpkllokejakhkome [2014-12-27]
CHR Extension: (Google Search) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27]
CHR Extension: (Cut the Rope) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2014-11-27]
CHR Extension: (Chikka) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkkagmljmjdilndhenjikgdnebcpfkfo [2014-11-27]
CHR Extension: (Wolfram
Alpha (Official)) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2014-11-27]
CHR Extension: (Sync Google Drive™ with Dropbox, Box, ...) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobcbdgacfkninlcbphihhdlkobkehia [2015-02-26]
CHR Extension: (FVD Downloader) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-11-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-09]
CHR Extension: (Download Master) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2014-11-27]
CHR Extension: (Google Wallet) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (Bastion) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2014-11-27]
CHR Extension: (Gmail) - C:\Users\LeviKlein\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27]
CHR HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-16] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
S2 Cadence License Manager; C:\Cadence\LicenseManager\lmgrd.exe [1370752 2007-10-12] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-14] (Panda Security, S.L.)
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [33728 2015-02-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-06] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-16] (Atheros) [File not signed]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-16] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-11] (Malwarebytes Corporation)
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
S1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-17] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
S1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-14] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-14] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-25] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-25] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-25] (Panda Security, S.L.)
S2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-14] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2014-08-12] (The OpenVPN Project)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-06] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 15:55 - 2015-03-12 15:55 - 00000000 ____D () C:\FRST
2015-03-12 00:57 - 2014-03-25 21:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-03-11 22:17 - 2015-03-11 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-11 22:17 - 2015-03-11 22:17 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 22:17 - 2015-03-11 22:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-11 22:01 - 2015-03-12 00:51 - 00000000 ____D () C:\Users\LeviKlein\Desktop\mbar
2015-03-11 21:47 - 2015-03-11 23:18 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4249056508-2319684459-2135355987-1001
2015-03-11 21:45 - 2015-03-11 21:45 - 00003754 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-03-11 21:38 - 2015-02-13 01:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 21:38 - 2015-02-13 01:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-09 00:35 - 2015-03-09 00:35 - 00000000 ____D () C:\Users\LeviKlein\Downloads\EEE 101
2015-03-08 23:01 - 2015-03-08 23:14 - 102812836 _____ () C:\Users\LeviKlein\Downloads\eee101_lecture04.avi
2015-03-08 20:04 - 2015-03-08 22:01 - 152202766 _____ () C:\Users\LeviKlein\Downloads\EEE 101.zip
2015-03-08 17:22 - 2015-03-08 17:22 - 01535802 _____ (Intra Darma ) C:\Users\LeviKlein\Downloads\oc_setup_2.0.2.0408.exe
2015-03-08 17:22 - 2015-03-08 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBEX Commander
2015-03-08 17:22 - 2015-03-08 17:22 - 00000000 ____D () C:\Program Files (x86)\OBEX Commander
2015-03-08 17:13 - 2015-03-08 17:13 - 00000000 ____D () C:\Users\LeviKlein\AppData\Roaming\(D0-B3-3F-38-2B-69)
2015-03-08 17:00 - 2015-03-08 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-03-08 09:53 - 2015-03-08 09:54 - 00011645 _____ () C:\Users\LeviKlein\Downloads\BackupBoxLogHhkpG9QTgUNLr9agGjNpJbbR.csv
2015-03-08 09:20 - 2015-03-11 21:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-26 22:01 - 2015-02-28 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-26 21:01 - 2015-02-26 21:01 - 00001775 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-26 21:01 - 2015-02-26 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-26 20:59 - 2015-03-11 21:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-26 20:59 - 2015-02-26 21:01 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-26 20:59 - 2015-02-26 21:00 - 00000000 ____D () C:\Program Files\iTunes
2015-02-26 20:59 - 2015-02-26 20:59 - 00000000 ____D () C:\Program Files\iPod
2015-02-25 12:12 - 2014-12-14 05:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 12:12 - 2014-12-14 05:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 12:12 - 2014-10-29 09:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 12:12 - 2014-10-29 09:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 12:12 - 2014-10-29 09:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 12:12 - 2014-10-29 09:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-22 13:26 - 2015-02-22 13:26 - 00001414 _____ () C:\Users\LeviKlein\Desktop\105.s
2015-02-22 13:21 - 2015-02-22 13:21 - 00023676 _____ () C:\Users\LeviKlein\Desktop\105.exe
2015-02-22 13:17 - 2015-02-22 13:21 - 00000242 _____ () C:\Users\LeviKlein\Desktop\105.c
2015-02-21 22:46 - 2015-02-21 22:46 - 00000000 ____D () C:\Users\LeviKlein\AppData\Local\Steam
2015-02-21 22:12 - 2015-02-21 22:12 - 00000000 _____ () C:\Users\LeviKlein\Sti_Trace.log
2015-02-21 21:05 - 2015-02-21 21:05 - 00000000 ___RD () C:\Users\LeviKlein\AppData\Roaming\Brother
2015-02-21 20:43 - 2015-02-21 20:43 - 00000000 ____D () C:\Users\LeviKlein\AppData\Roaming\ControlCenter4
2015-02-21 20:36 - 2015-02-21 20:36 - 00002085 _____ () C:\Users\Public\Desktop\Brother Utilities.lnk
2015-02-21 20:36 - 2015-02-21 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-02-21 20:32 - 2015-02-21 20:32 - 00000000 ____D () C:\Program Files (x86)\BrownyInd
2015-02-21 20:32 - 2015-02-21 20:32 - 00000000 ____D () C:\Brother
2015-02-21 20:31 - 2015-02-21 20:32 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-02-21 20:31 - 2015-02-21 20:32 - 00000000 ____D () C:\Program Files (x86)\Brother
2015-02-21 20:31 - 2015-02-21 20:31 - 00000000 ____D () C:\ProgramData\ControlCenter4
2015-02-21 20:31 - 2015-02-21 20:31 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2015-02-21 20:31 - 2012-12-14 09:31 - 00180224 _____ (Brother Industries, Ltd.) C:\WINDOWS\SysWOW64\BROSNMP.DLL
2015-02-21 20:31 - 2012-12-14 09:31 - 00113744 _____ (Brother Industries Ltd) C:\WINDOWS\SysWOW64\BRRBTOOL.EXE
2015-02-21 20:31 - 2012-12-14 09:31 - 00077824 _____ (Brother Industries, Ltd.) C:\WINDOWS\SysWOW64\BRLMW03A.DLL
2015-02-21 20:31 - 2012-12-14 09:31 - 00045056 _____ () C:\WINDOWS\SysWOW64\BRTCPCON.DLL
2015-02-21 20:31 - 2012-12-14 09:31 - 00025299 _____ (Brother Industries, Ltd) C:\WINDOWS\SysWOW64\BRLM03A.DLL
2015-02-21 20:31 - 2012-12-14 09:31 - 00000114 _____ () C:\WINDOWS\SysWOW64\BRLMW03A.INI
2015-02-21 20:31 - 2012-12-14 09:29 - 00000050 _____ () C:\WINDOWS\system32\BRADM12A.DAT
2015-02-21 20:31 - 2012-12-14 00:00 - 00226816 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BRCOM12A.DLL
2015-02-21 20:31 - 2012-11-02 18:15 - 00245760 ____N (brother) C:\WINDOWS\SysWOW64\NSSearch.dll
2015-02-21 20:31 - 2012-10-19 20:07 - 01441792 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrWi212c.dll
2015-02-21 20:31 - 2012-10-19 20:03 - 00054272 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrUsi12c.dll
2015-02-21 20:31 - 2012-07-06 18:56 - 00012800 _____ (Brother Industries Ltd.) C:\WINDOWS\system32\BrCiImg.dll
2015-02-21 20:31 - 2012-02-02 11:21 - 00002560 ____N (Brother Industries Ltd.) C:\WINDOWS\SysWOW64\BrDctF2S.dll
2015-02-21 20:31 - 2011-09-08 17:36 - 00279040 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrJDec.dll
2015-02-21 20:31 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\WINDOWS\SysWOW64\BrDctF2.dll
2015-02-21 20:31 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\WINDOWS\SysWOW64\BrDctF2L.dll
2015-02-21 20:28 - 2015-02-21 20:28 - 00000000 ____D () C:\Users\LeviKlein\AppData\Roaming\InstallShield
2015-02-21 20:28 - 2015-02-21 20:28 - 00000000 ____D () C:\ProgramData\Brother
2015-02-19 16:44 - 2015-02-19 16:51 - 03477001 _____ () C:\Users\LeviKlein\Downloads\3.1.3-guideguide.zxp
2015-02-19 11:45 - 2015-02-19 11:45 - 01997825 _____ () C:\Users\LeviKlein\Downloads\Tuya-Trailer-1080p-1mbpsVBR.mp4
2015-02-19 11:44 - 2015-02-19 11:44 - 00060856 _____ () C:\Users\LeviKlein\Downloads\DK-Lemon-Yellow-Sun.otf
2015-02-18 22:11 - 2015-02-18 22:11 - 00000000 ____D () C:\Users\LeviKlein\Documents\Adobe
2015-02-17 23:39 - 2015-02-17 23:39 - 00000173 _____ () C:\Users\LeviKlein\AppData\Local\msmathematics.qat.LeviKlein
2015-02-17 15:30 - 2015-02-17 15:30 - 01691808 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL
2015-02-15 14:46 - 2015-02-15 14:46 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-02-15 14:05 - 2015-01-23 12:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-15 14:05 - 2015-01-23 11:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-15 13:29 - 2015-01-14 06:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-15 13:29 - 2015-01-14 06:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-14 18:38 - 2015-02-04 07:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-14 18:38 - 2015-02-04 07:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-14 18:38 - 2015-02-04 07:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-14 18:38 - 2015-02-03 07:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-14 18:38 - 2015-02-03 07:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-14 18:38 - 2015-02-03 07:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-14 18:38 - 2015-01-20 02:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-14 18:37 - 2014-12-19 16:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-14 18:37 - 2014-12-19 16:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-14 18:30 - 2014-12-09 07:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-14 18:08 - 2015-01-10 16:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-12 06:37 - 2015-01-16 06:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-12 06:37 - 2015-01-16 06:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 06:37 - 2015-01-14 12:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-12 06:37 - 2015-01-14 11:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-12 06:37 - 2014-10-29 10:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-12 06:37 - 2014-10-29 10:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-12 06:37 - 2014-10-29 10:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-12 06:37 - 2014-10-29 10:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-12 06:37 - 2014-10-29 09:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-12 06:36 - 2014-12-09 11:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 06:36 - 2014-12-09 09:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-12 01:49 - 2015-01-10 17:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-12 01:49 - 2015-01-10 17:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-12 01:49 - 2015-01-10 16:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 01:49 - 2014-10-29 10:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-12 01:49 - 2014-10-29 10:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-12 01:49 - 2014-10-29 09:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-12 01:49 - 2014-10-29 09:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-12 01:49 - 2014-10-29 09:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-12 01:49 - 2014-10-29 09:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-12 01:49 - 2014-10-29 09:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-12 01:49 - 2014-10-29 09:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-12 01:43 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 01:43 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 01:43 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 01:43 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-12 01:43 - 2015-01-12 10:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-12 01:43 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 01:43 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 01:43 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 01:43 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 01:43 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 01:43 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 01:43 - 2015-01-12 09:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-12 01:43 - 2015-01-12 09:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-12 01:43 - 2015-01-12 09:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-12 01:43 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 01:43 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-12 01:43 - 2015-01-12 09:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 01:43 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 01:43 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 01:43 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 01:43 - 2015-01-12 09:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 01:43 - 2015-01-12 09:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 01:43 - 2015-01-12 09:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-12 01:43 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 01:43 - 2015-01-12 09:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 01:43 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 01:43 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 01:43 - 2015-01-12 09:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 01:43 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 01:43 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 01:43 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-12 01:43 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-12 01:43 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 01:43 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 01:43 - 2015-01-10 15:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-12 01:43 - 2015-01-10 14:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 15:46 - 2014-12-06 00:08 - 01303869 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-12 15:46 - 2014-11-27 00:09 - 02945572 _____ () C:\Users\Public\CAFADEBUG.log
2015-03-12 15:46 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-12 15:46 - 2013-08-22 21:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-12 15:44 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-12 15:42 - 2014-12-06 00:18 - 00000000 __RDO () C:\Users\LeviKlein\OneDrive
2015-03-12 01:02 - 2013-08-22 22:46 - 00298810 _____ () C:\WINDOWS\setupact.log
2015-03-12 00:52 - 2014-12-04 01:06 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-12 00:52 - 2014-09-24 15:03 - 00012916 _____ () C:\WINDOWS\PFRO.log
2015-03-12 00:51 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-11 22:19 - 2014-09-24 15:15 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-11 21:56 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-11 21:42 - 2014-12-15 06:49 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-03-11 21:41 - 2013-07-26 15:48 - 00000000 ____D () C:\Program Files (x86)\Dolby Advanced Audio v2
2015-03-11 21:37 - 2014-11-27 00:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 21:36 - 2014-11-26 23:24 - 00000000 ____D () C:\Users\LeviKlein\AppData\Roaming\Spotify
2015-03-11 21:27 - 2014-12-09 11:53 - 00000000 ___RD () C:\Users\LeviKlein\Google Drive
2015-03-11 20:34 - 2014-11-26 23:30 - 00000000 ____D () C:\Users\LeviKlein\AppData\Roaming\Dropbox
2015-03-11 20:34 - 2012-01-25 20:33 - 00000000 ___RD () C:\Users\LeviKlein\Dropbox
2015-03-11 20:33 - 2014-11-26 23:31 - 00001095 _____ () C:\Users\LeviKlein\Desktop\Dropbox.lnk
2015-03-11 20:33 - 2014-11-26 23:30 - 00000000 ____D () C:\Users\LeviKlein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-11 20:26 - 2014-11-27 12:22 - 00000000 ____D () C:\Users\LeviKlein\AppData\Local\Adobe
2015-03-10 23:05 - 2014-11-27 01:08 - 00000000 ____D () C:\Users\LeviKlein\AppData\Local\Spotify
2015-03-10 21:29 - 2014-11-26 22:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-10 00:39 - 2014-11-27 21:55 - 00000000 ____D () C:\Users\LeviKlein\Documents\MATLAB
2015-03-09 22:56 - 2014-11-26 22:56 - 00000000 ____D () C:\Users\LeviKlein\AppData\Roaming\Notepad++
2015-03-09 20:50 - 2014-12-03 20:03 - 00000000 ____D () C:\Users\LeviKlein\AppData\Roaming\uTorrent
2015-03-09 18:51 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-09 12:40 - 2015-01-22 17:04 - 00000000 ____D () C:\installers
2015-03-08 23:25 - 2014-11-27 12:17 - 00000000 ____D () C:\Users\LeviKlein\AppData\Local\Packages
2015-03-08 21:18 - 2015-02-02 21:14 - 00000000 ____D () C:\SPB_Data
2015-03-08 17:00 - 2014-12-08 17:15 - 00001319 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-03-08 17:00 - 2014-12-08 17:15 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2015-03-08 09:46 - 2014-11-26 23:06 - 00000000 ____D () C:\Users\LeviKlein\AppData\Roaming\vlc
2015-03-06 00:03 - 2014-12-03 20:34 - 00000000 ____D () C:\Users\LeviKlein\Documents\SIMetrix
2015-03-06 00:01 - 2015-02-02 19:34 - 00000000 ____D () C:\EAGLE-7.1.0
2015-03-02 14:17 - 2014-11-26 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-02-26 20:59 - 2014-11-26 23:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-25 01:24 - 2013-07-26 16:07 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-02-25 01:24 - 2013-07-26 16:07 - 00000000 ____D () C:\Program Files\Lenovo
2015-02-22 12:12 - 2014-12-09 22:22 - 00000000 ____D () C:\Users\LeviKlein\AppData\Roaming\TunnelBear
2015-02-22 00:55 - 2014-11-26 22:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-21 22:12 - 2014-12-05 23:45 - 00000000 ____D () C:\Users\LeviKlein
2015-02-21 20:30 - 2013-07-26 15:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-20 11:30 - 2013-08-22 22:44 - 05110440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-20 09:44 - 2014-11-26 22:28 - 00002213 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 13:34 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-19 12:31 - 2014-11-28 20:39 - 00000000 ____D () C:\movies
2015-02-18 22:11 - 2014-11-27 12:18 - 00000000 ____D () C:\Users\LeviKlein\AppData\Roaming\Adobe
2015-02-18 22:07 - 2014-11-26 22:28 - 00000000 ____D () C:\Users\LeviKlein\AppData\Local\Google
2015-02-17 19:54 - 2014-12-03 20:05 - 00000000 ____D () C:\music albums
2015-02-17 07:16 - 2014-11-27 00:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-15 15:02 - 2014-12-04 07:54 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 14:49 - 2014-12-04 07:54 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-15 14:45 - 2012-07-26 13:26 - 00000167 _____ () C:\WINDOWS\win.ini
2015-02-15 13:14 - 2014-12-11 06:07 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-15 13:14 - 2014-09-24 17:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

==================== Files in the root of some directories =======

2015-01-26 00:55 - 2015-02-08 19:12 - 0000132 _____ () C:\Users\LeviKlein\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-02-17 23:39 - 2015-02-17 23:39 - 0000173 _____ () C:\Users\LeviKlein\AppData\Local\msmathematics.qat.LeviKlein
2013-07-26 15:49 - 2013-07-26 15:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\LeviKlein\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiczwbv.dll
C:\Users\LeviKlein\AppData\Local\Temp\utt6684.tmp.exe
C:\Users\LeviKlein\AppData\Local\Temp\_isDCEA.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-01 20:09

==================== End Of Log ============================

 

[lkm13]

ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by LeviKlein at 2015-03-12 15:56:33
Running from G:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-1510 series (HKLM-x32\...\{90C24B16-9C28-44AB-8C63-BB9822218E18}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Cadence License Manager 10.80 (HKLM-x32\...\{BC724C7B-48C3-46B8-B6A2-F4296953B3FD}) (Version: 10.08.0000 - Cadence Design Systems)
Cadence SPB 16.3 HDL-AMS Library (HKLM-x32\...\{71413F00-B50C-4DA9-BAAD-6225E0A62188}) (Version: 16.30.000 - Cadence Design Systems, Inc)
Cadence SPB/OrCAD 16.3 (HKLM-x32\...\{64D24684-9E7E-4876-B5E5-1E134996988D}) (Version: 16.30.0000 - Cadence Design Systems, Inc. )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.52.0 - Conexant)
Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
dBpoweramp [Calculate Audio CRC] Codec (HKLM-x32\...\dBpoweramp [Calculate Audio CRC] Codec) (Version: Release 1 - Illustrate)
dBpoweramp Dalet Codec (HKLM-x32\...\dBpoweramp Dalet Codec) (Version: Release 5 - Illustrate)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 9 - Illustrate)
dBpoweramp Monkeys Audio Codec (HKLM-x32\...\dBpoweramp Monkeys Audio Codec) (Version: Release 10 (Monkeys v4.06) - Illustrate)
dBPowerAMP Mp2 and BwfMp2 codec (HKLM-x32\...\dBPowerAMP Mp2 and BwfMp2 codec) (Version: Release 6 - Illustrate)
dBpoweramp mp3 (Fraunhofer IIS) Codec (HKLM-x32\...\dBpoweramp mp3 (Fraunhofer IIS) Codec) (Version: Release 2a (v4.0.3) - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version: Release 21 (Vorbis v1.3.2) - Illustrate)
dBPowerAMP Real Audio (Helix) Encoder (HKLM-x32\...\dBPowerAMP Real Audio (Helix) Encoder) (Version: Release 6 - Illustrate)
dBPoweramp tooLame MP2 codec (HKLM-x32\...\dBPoweramp tooLame MP2 codec) (Version: - )
dBpoweramp Wave64 Codec (HKLM-x32\...\dBpoweramp Wave64 Codec) (Version: - )
dBpoweramp WavPack Codec (HKLM-x32\...\dBpoweramp WavPack Codec) (Version: Release 8 (WavPack v4.60) - Illustrate)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
EAGLE 7.1.0 (HKLM-x32\...\EAGLE 7.1.0) (Version: 7.1.0 - CadSoft Computer GmbH)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\{DDCA236C-A28B-3979-8855-B7475BCAD806}) (Version: 66.30.49223 - Google, Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Codec Pack 10.8.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.5 - )
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.301.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{F02F4A8B-1A5F-45B8-9B74-AAF21A2B1BCC}) (Version: 2.1.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
OBEX Commander 2.0.2.0408 (HKLM-x32\...\OBEX Commander_is1) (Version: - Intra Darma)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shutdown8 (HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\...\Shutdown8) (Version: 1.08 - Bandisoft.com)
SIMetrix Intro (HKLM-x32\...\InstallShield_{EDE88BB9-1A79-4ADD-B2D1-91564BE7DE6C}) (Version: 7.20 - SIMetrix Technologies Ltd)
SIMetrix Intro (x32 Version: 7.20 - SIMetrix Technologies Ltd) Hidden
Spotify (HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TunnelBear (HKLM-x32\...\{d947f710-4e31-4e30-8712-88069f5ae73e}) (Version: 2.3.4.0 - TunnelBear)
TunnelBear (x32 Version: 2.3.4.0 - TunnelBear) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249056508-2319684459-2135355987-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

21-02-2015 20:29:43 Installed Brother Software Suite
26-02-2015 23:22:59 Windows Update
11-03-2015 20:14:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 13:26 - 2014-11-27 09:49 - 00001028 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04C7D921-7A84-455D-9822-E7F19175A573} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-15] (Microsoft Corporation)
Task: {21E7AA11-7664-427C-B3D2-01E0982B42E3} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe
Task: {2BB39FF9-6013-4603-A9D4-B9AC000EF78B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-16] ()
Task: {302D1ED8-4516-40EC-ACBB-650D1EB8A65E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3D8B02B6-126C-47A4-96A9-6B5A9D0A6A8F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {704792B5-0AC9-4F5A-B7C7-7ADD4677E004} - \[email protected] No Task File <==== ATTENTION
Task: {76D8E3D6-376A-4753-8341-A975CD02EDE1} - \Dolby Selector No Task File <==== ATTENTION
Task: {89B39774-70DB-4A77-B8E2-EEDD13749FE5} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {9D29DE07-4480-4326-889E-B84FC93AF054} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B9DAC9ED-8FF7-4B56-859A-B2C906A9730C} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-11-27] ()
Task: {BD48E2E9-5C21-4F63-82EF-A385140EFB89} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-16] (Lenovo)
Task: {DB0EF44B-BB1A-4D2C-9789-BECE9AB75CCA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F2E3503D-AA8C-4A60-8B45-C59863F600BD} - \OFFICE2013ACT No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\LeviKlein\OneDrive:ms-properties
AlternateDataStreams: C:\Users\LeviKlein\Downloads\uvle.png:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\LeviKlein\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\abstract_0097.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4249056508-2319684459-2135355987-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9D5C3B18801CCD18A5D138D546EDF31C"

==================== Accounts: =============================

Administrator (S-1-5-21-4249056508-2319684459-2135355987-500 - Administrator - Disabled)
Guest (S-1-5-21-4249056508-2319684459-2135355987-501 - Limited - Disabled)
LeviKlein (S-1-5-21-4249056508-2319684459-2135355987-1001 - Administrator - Enabled) => C:\Users\LeviKlein

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 03:42:25 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/12/2015 01:00:18 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/12/2015 00:58:57 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/12/2015 00:57:22 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/12/2015 00:54:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/12/2015 00:53:18 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/11/2015 11:25:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/11/2015 11:25:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/11/2015 11:18:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/11/2015 11:18:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (03/12/2015 04:03:33 PM) (Source: DCOM) (EventID: 10005) (User: KLEIN-LENOVO)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/12/2015 04:03:33 PM) (Source: DCOM) (EventID: 10005) (User: KLEIN-LENOVO)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/12/2015 04:03:30 PM) (Source: DCOM) (EventID: 10005) (User: KLEIN-LENOVO)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/12/2015 04:03:30 PM) (Source: DCOM) (EventID: 10005) (User: KLEIN-LENOVO)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/12/2015 04:03:29 PM) (Source: DCOM) (EventID: 10005) (User: KLEIN-LENOVO)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/12/2015 03:59:49 PM) (Source: DCOM) (EventID: 10005) (User: KLEIN-LENOVO)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/12/2015 03:56:42 PM) (Source: DCOM) (EventID: 10005) (User: KLEIN-LENOVO)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/12/2015 03:56:42 PM) (Source: DCOM) (EventID: 10005) (User: KLEIN-LENOVO)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/12/2015 03:56:39 PM) (Source: DCOM) (EventID: 10005) (User: KLEIN-LENOVO)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/12/2015 03:56:39 PM) (Source: DCOM) (EventID: 10005) (User: KLEIN-LENOVO)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (03/12/2015 03:42:25 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/12/2015 01:00:18 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/12/2015 00:58:57 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/12/2015 00:57:22 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/12/2015 00:54:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/12/2015 00:53:18 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/11/2015 11:25:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\Cadence\SPB_16.3\tools\dfII\bin\skill_g.exe

Error: (03/11/2015 11:25:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\Cadence\SPB_16.3\tools\bin\virtuos_g.dll

Error: (03/11/2015 11:18:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\Cadence\SPB_16.3\tools\dfII\bin\skill_g.exe

Error: (03/11/2015 11:18:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\Cadence\SPB_16.3\tools\bin\virtuos_g.dll


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 16%
Total physical RAM: 3961.77 MB
Available physical RAM: 3320.52 MB
Total Pagefile: 6393.77 MB
Available Pagefile: 5817.94 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Local Disc) (Fixed) (Total:411.87 GB) (Free:202.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:9.85 GB) NTFS
Drive g: (KINGSTON) (Removable) (Total:7.31 GB) (Free:7.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C62D0C22)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)

==================== End Of Log ============================

 

[Nevan]

Hello, lkm13. My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:

• Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
• If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
• Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
• You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
• Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
• The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
• I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
• Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
• Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
• Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

[hr][/hr]
I'll now take a look at the logs you've provided and will return with instructions once I'm done.

 

[Nevan]

Hello again, lkm13.

It looks like your machine as become unbootable due to a small failure from Panda Security. You can read about it here.

Luckily, official instructions on how to make your computer bootable again have been posted here.

Please try them and tell me if your machine can be launched normally after that.

Remember to launch your computer in Safe Mode with Networking as you will need to download the file.

If you will not be able to perform some of the instructions, just stop and tell me what's going on.

 

[lkm13]

Good day Nevan,

Thanks for replying. However, I don't recall Panda A/V reported any infections before my pc started going haywire.

I'll try what out what you linked and give you an update about it

 

[lkm13]

Okay I was able to do everything but there is still a problem. There are still missing dlls (COMCTL32.dll and some MC 79 something) and the Quarantine folder is now empty. I do notice that the pc is downloading updates and stuff.

 

[Nevan]

Hello again, lkm13.

It looks like Panda has posted some new instructions that include the problem you currently have. Could you please try them?

You can find them here.

 

[lkm13]

I followed the steps in the link you sent me. Still missing dlls even after a reboot

 

[Nevan]

Alright then, let's try something else.

SFC

1. Click Start and type cmd in the search box. A program named cmd should appear on the list. Right-click that program and launch it as Administrator.
2. In the window that appears, type sfc /scannow and click Enter.
3. Do not close this Command Prompt window until the verification is 100% complete.

Please tell me if that has helped with your problem.

If you still get the error messages, please tell me the names of all the files that are missing.

 

[lkm13]

Okay I did the sfc /scannow and fixed some of the missing dlls. I can run some of the programs I couldn't run before. However, sfc said that it found corrupted files and couldn't fix some of the dlls.

right now, the missing dlls are:

MSVCR90.dll
python27.dll

 

[Nevan]

Hello again, lkm13.

Let's search for the missing DLLs.

FRST Search

1. Right click FRST64.exe on your desktop and click Run as administrator.
2. In the search box paste the following:
   MSVCR90.dll;python27.dll
3. Click Search Files and wait until the scan is completed
4. Once the scan is done, a notepad window will open and Search.txt will be created on your Desktop. Please select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

 

[lkm13]

Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by LeviKlein at 2015-03-16 00:31:01
Running from C:\Users\LeviKlein\Downloads\53
Boot Mode: Normal

================== Search Files: "MSVCR90.dll;python.dll" =============

C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
[2014-12-05 23:55][2014-12-05 23:55] 0653136 ____A (Microsoft Corporation) CDBE9690CF2B8409FACAD94FAC9479C9 [File is signed]

C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
[2014-12-05 23:55][2014-12-05 23:55] 0653120 ____A (Microsoft Corporation) 7538050656FE5D63CB4B80349DD1CFE3 [File is signed]

C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_508fc1d4bcbb3eca\msvcr90.dll
[2014-12-05 23:54][2014-12-05 23:54] 0653120 ____A (Microsoft Corporation) FA093F6A65507F7C2AE9697CE2A904CC [File is signed]

C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll
[2014-12-05 23:54][2014-12-05 23:54] 0655872 ____A (Microsoft Corporation) 4D03CA609E68F4C90CF66515218017F8 [File is signed]

C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcr90.dll
[2014-12-05 23:54][2014-12-05 23:54] 0655872 ____A (Microsoft Corporation) E7D91D008FE76423962B91C43C88E4EB [File is signed]

C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcr90.dll
[2013-08-22 14:41][2013-08-03 12:42] 0642192 ____A (Microsoft Corporation) 4585BC6152F3F255EF1E10A663D0FB0D [File is signed]

C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
[2014-12-05 23:53][2014-12-05 23:53] 0641360 ____A (Microsoft Corporation) D233C7FEAE3FAA25F93A9E6B46815ADC [File is signed]

C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_08e3747fa83e48bc\msvcr90.dll
[2014-12-05 23:53][2014-12-05 23:53] 0624448 ____A (Microsoft Corporation) E4C2344E31D3C577FB2723C961069858 [File is signed]

C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_99b61f5e8371c1d4\msvcr90.dll
[2014-12-05 23:53][2014-12-05 23:53] 0626688 ____A (Microsoft Corporation) 425D035880430FBED64DD6205C77F5B2 [File is signed]

C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_750b37ff97f4f68b\msvcr90.dll
[2014-12-05 23:55][2014-12-05 23:55] 0627200 ____A (Microsoft Corporation) 23B134891C08C7F04C1747F6BCEC06EA [File is signed]

C:\Users\LeviKlein\AppData\Roaming\Dropbox\bin\Microsoft.VC90.CRT\msvcr90.dll
[2008-07-29 23:05][2008-07-29 23:05] 0655872 ____A (Microsoft Corporation) 4D03CA609E68F4C90CF66515218017F8 [File is signed]

C:\Users\Default\AppData\Local\Pokki\Engine\Microsoft.VC90.CRT\msvcr90.dll
[2013-07-26 16:04][2013-01-26 05:52] 0653136 ____A (Microsoft Corporation) CDBE9690CF2B8409FACAD94FAC9479C9 [File is signed]

C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86\msvcr90.dll
[2013-07-26 15:39][2012-03-31 03:15] 0652608 ____A (Microsoft Corporation) 93F0FFD46BA1EE3AEECD07678DD8E510 [File is signed]

C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64\msvcr90.dll
[2013-07-26 15:39][2012-03-31 03:15] 0623440 ____A (Microsoft Corporation) 5FF7D057E48DA861BDBB47D314B6DA7D [File is signed]

C:\Program Files (x86)\Intel\iCLS Client\msvcr90.dll
[2011-04-19 13:51][2011-04-19 13:51] 0653136 ____A (Microsoft Corporation) CDBE9690CF2B8409FACAD94FAC9479C9 [File is signed]

C:\Program Files (x86)\Google\Drive\Microsoft.VC90.CRT\msvcr90.dll
[2014-10-21 17:42][2014-10-21 17:42] 0641360 ____A (Microsoft Corporation) D233C7FEAE3FAA25F93A9E6B46815ADC [File is signed]

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\Microsoft.VC90.CRT\msvcr90.dll
[2014-11-27 09:08][2012-04-04 06:12] 0655872 ____N (Microsoft Corporation) E7D91D008FE76423962B91C43C88E4EB [File is signed]

C:\Program Files (x86)\Audacity\msvcr90.dll
[2014-11-26 23:01][2008-07-29 09:05] 0655872 ____A (Microsoft Corporation) 4D03CA609E68F4C90CF66515218017F8 [File is signed]

C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\msvcr90.dll
[2012-03-15 02:06][2012-03-15 02:06] 0655872 ____A (Microsoft Corporation) 4D03CA609E68F4C90CF66515218017F8 [File is signed]

C:\Program Files (x86)\Adobe\Adobe Bridge CS6\msvcr90.dll
[2012-03-13 11:01][2012-03-13 11:01] 0655872 ____A (Microsoft Corporation) E7D91D008FE76423962B91C43C88E4EB [File is signed]

C:\Program Files\Intel\Intel(R) Rapid Storage Technology\Microsoft.VC90.CRT\msvcr90.dll
[2013-02-01 06:20][2013-02-01 06:20] 0655872 ____A (Microsoft Corporation) E7D91D008FE76423962B91C43C88E4EB [File is signed]

C:\Program Files\Intel\iCLS Client\msvcr90.dll
[2011-04-19 11:04][2011-04-19 11:04] 0641360 ____A (Microsoft Corporation) D233C7FEAE3FAA25F93A9E6B46815ADC [File is signed]

C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\msvcr90.dll
[2012-03-15 02:06][2012-03-15 02:06] 0626688 ____A (Microsoft Corporation) 425D035880430FBED64DD6205C77F5B2 [File is signed]

C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\msvcr90.dll
[2012-03-13 10:55][2012-03-13 10:55] 0626688 ____A (Microsoft Corporation) 425D035880430FBED64DD6205C77F5B2 [File is signed]

C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\msvcr90.dll
[2012-03-13 10:42][2012-03-13 10:42] 0653120 ____A (Microsoft Corporation) 7538050656FE5D63CB4B80349DD1CFE3 [File is signed]

C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\Microsoft.VC90.CRT\msvcr90.dll
[2012-03-13 10:42][2012-03-13 10:42] 0653120 ____A (Microsoft Corporation) 7538050656FE5D63CB4B80349DD1CFE3 [File is signed]

C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\msvcr90.dll
[2012-03-24 02:01][2012-03-24 02:01] 0627200 ____A (Microsoft Corporation) 23B134891C08C7F04C1747F6BCEC06EA [File is signed]

====== End Of Search ======

 

[Nevan]

Please tell me if this stops the MSVCR90.dll error from appearing.

Step #1
FRST Fix

1. Download attached fixlist.txt file to your desktop.
   >> fixlist.txt <<
   NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
2. Right click FRST64.exe on your desktop and click Run as administrator.
3. Press the Fix button just once and wait.
   NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
4. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

[hr][/hr]
Step #2
FRST Scan

It looks like you've done the scan unproperly. I've asked you to search for python27.dll, and the tool was looking for python.dll.

Please, do the scan again by typing python27.dll in the search box in FRST and clicking Search Files.

[hr][/hr]
Things that should appear in your next post:

• Fixlog.txt log content
• Search.txt log content
• Please tell me if the MSVCR90.dll error is still appearing

 

[lkm13]

sorry 'bout that.
here are the results

fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by LeviKlein at 2015-03-17 02:10:47 Run:3
Running from C:\Users\LeviKlein\Desktop
Loaded Profiles: LeviKlein (Available profiles: LeviKlein)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Replace: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_no ne_50934f2ebcb7eb57\msvcr90.dll c:\WINDOWS\system32\msvcr90.dll
*****************

Could not find C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_no ne_50934f2ebcb7eb57\msvcr90.dll

==== End of Fixlog 02:10:47 ====


search

Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by LeviKlein at 2015-03-17 01:53:31
Running from C:\Users\LeviKlein\Desktop
Boot Mode: Normal

================== Search Files: "python27.dll" =============

C:\Users\LeviKlein\AppData\Local\Temp\_MEI99042\python27.dll
[2014-12-13 22:30][2014-12-13 22:30] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI9322\python27.dll
[2015-01-08 17:08][2015-01-08 17:08] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI92002\python27.dll
[2015-01-04 04:55][2015-01-04 04:55] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI86482\python27.dll
[2015-01-08 12:04][2015-01-08 12:04] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI86042\python27.dll
[2015-01-22 06:52][2015-01-22 06:52] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI79642\python27.dll
[2015-01-18 09:10][2015-01-18 09:10] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI77322\python27.dll
[2015-01-21 06:40][2015-01-21 06:40] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI76122\python27.dll
[2015-01-14 18:31][2015-01-14 18:31] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI75402\python27.dll
[2014-12-08 21:33][2014-12-08 21:33] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI71642\python27.dll
[2014-12-11 18:41][2014-12-11 18:41] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI71602\python27.dll
[2014-12-10 12:17][2014-12-10 12:17] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI70562\python27.dll
[2015-01-17 19:46][2015-01-17 19:46] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI70322\python27.dll
[2014-12-15 01:05][2014-12-15 01:05] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI68562\python27.dll
[2015-01-17 04:34][2015-01-17 04:34] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI67282\python27.dll
[2015-01-19 11:48][2015-01-19 11:48] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI66842\python27.dll
[2015-01-04 19:41][2015-01-04 19:41] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI66242\python27.dll
[2014-12-27 03:56][2014-12-27 03:56] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI66162\python27.dll
[2015-01-21 19:17][2015-01-21 19:17] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI63882\python27.dll
[2015-01-06 11:56][2015-01-06 11:56] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI63362\python27.dll
[2015-01-10 10:44][2015-01-10 10:44] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI62962\python27.dll
[2015-01-20 05:34][2015-01-20 05:34] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI61762\python27.dll
[2014-12-21 02:19][2014-12-21 02:19] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI61162\python27.dll
[2014-12-25 08:21][2014-12-25 08:21] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI60962\python27.dll
[2015-01-09 04:17][2015-01-09 04:17] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI59642\python27.dll
[2015-01-18 22:08][2015-01-18 22:08] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI59162\python27.dll
[2014-12-30 01:10][2014-12-30 01:10] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI59082\python27.dll
[2014-12-18 10:54][2014-12-18 10:54] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI57482\python27.dll
[2014-12-29 15:08][2014-12-29 15:08] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI56843\python27.dll
[2015-01-05 07:52][2015-01-05 07:52] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI56842\python27.dll
[2014-12-29 17:42][2014-12-29 17:42] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI56762\python27.dll
[2015-03-09 10:50][2015-03-09 10:50] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI56522\python27.dll
[2015-01-12 20:53][2015-01-12 20:53] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI56082\python27.dll
[2015-01-27 19:22][2015-01-27 19:22] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI55482\python27.dll
[2014-12-23 01:39][2014-12-23 01:39] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI55282\python27.dll
[2015-01-22 07:16][2015-01-22 07:16] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI54922\python27.dll
[2014-12-11 06:45][2014-12-11 06:45] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI54842\python27.dll
[2015-03-11 19:38][2015-03-11 19:38] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI53882\python27.dll
[2014-12-21 11:12][2014-12-21 11:12] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI53802\python27.dll
[2014-12-18 02:55][2014-12-18 02:55] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI53682\python27.dll
[2015-02-09 22:09][2015-02-09 22:09] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI53442\python27.dll
[2015-01-19 02:30][2015-01-19 02:30] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI53362\python27.dll
[2015-02-21 20:43][2015-02-21 20:43] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI53243\python27.dll
[2015-02-21 06:44][2015-02-21 06:44] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI53242\python27.dll
[2014-12-08 22:00][2014-12-08 22:00] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI52922\python27.dll
[2015-01-08 01:27][2015-01-08 01:27] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI51682\python27.dll
[2015-01-20 18:12][2015-01-20 18:12] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI51602\python27.dll
[2014-12-20 11:35][2014-12-20 11:35] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI50922\python27.dll
[2015-01-25 09:45][2015-01-25 09:45] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI50722\python27.dll
[2015-01-11 05:46][2015-01-11 05:46] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI50562\python27.dll
[2014-12-20 03:06][2014-12-20 03:06] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI50482\python27.dll
[2015-01-04 14:43][2015-01-04 14:43] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI50202\python27.dll
[2014-12-27 12:45][2014-12-27 12:45] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI50082\python27.dll
[2015-03-08 09:32][2015-03-08 09:32] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI49962\python27.dll
[2014-12-15 05:48][2014-12-15 05:48] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI49722\python27.dll
[2015-02-09 00:40][2015-02-09 00:40] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI49442\python27.dll
[2014-12-19 22:59][2014-12-19 22:59] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI49162\python27.dll
[2014-12-25 01:57][2014-12-25 01:57] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI49002\python27.dll
[2014-12-23 12:32][2014-12-23 12:32] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI48922\python27.dll
[2015-01-22 16:56][2015-01-22 16:56] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI48562\python27.dll
[2014-12-25 16:09][2014-12-25 16:09] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI46762\python27.dll
[2015-01-26 09:45][2015-01-26 09:45] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI46282\python27.dll
[2015-01-07 11:25][2015-01-07 11:25] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI46202\python27.dll
[2015-01-11 13:07][2015-01-11 13:07] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI45842\python27.dll
[2015-01-09 11:48][2015-01-09 11:48] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI45562\python27.dll
[2015-01-12 08:07][2015-01-12 08:07] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI45042\python27.dll
[2015-01-25 01:29][2015-01-25 01:29] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI44642\python27.dll
[2014-12-14 10:18][2014-12-14 10:18] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI44482\python27.dll
[2014-12-11 06:12][2014-12-11 06:12] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI44442\python27.dll
[2015-01-01 12:35][2015-01-01 12:35] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI44402\python27.dll
[2015-02-09 10:59][2015-02-09 10:59] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI44362\python27.dll
[2014-12-17 12:50][2014-12-17 12:50] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI44322\python27.dll
[2015-02-28 17:05][2015-02-28 17:05] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI43962\python27.dll
[2015-01-16 18:56][2015-01-16 18:56] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI43642\python27.dll
[2015-02-25 12:00][2015-02-25 12:00] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI43602\python27.dll
[2015-01-30 07:06][2015-01-30 07:06] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI43562\python27.dll
[2014-12-26 14:08][2014-12-26 14:08] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI43322\python27.dll
[2014-12-29 14:28][2014-12-29 14:28] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI43202\python27.dll
[2014-12-24 11:44][2014-12-24 11:44] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI43162\python27.dll
[2015-01-31 09:05][2015-01-31 09:05] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI42842\python27.dll
[2014-12-19 12:49][2014-12-19 12:49] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI41802\python27.dll
[2015-01-14 09:30][2015-01-14 09:30] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI41322\python27.dll
[2014-12-31 20:52][2014-12-31 20:52] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI41282\python27.dll
[2014-12-25 10:36][2014-12-25 10:36] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI39762\python27.dll
[2014-12-09 19:45][2014-12-09 19:45] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI36602\python27.dll
[2015-01-02 13:44][2015-01-02 13:44] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI35482\python27.dll
[2014-12-26 00:02][2014-12-26 00:02] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI34722\python27.dll
[2014-12-18 12:28][2014-12-18 12:28] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI34403\python27.dll
[2014-12-09 11:49][2014-12-09 11:49] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI34402\python27.dll
[2014-12-08 21:10][2014-12-08 21:10] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI33523\python27.dll
[2015-01-12 16:38][2015-01-12 16:38] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI33522\python27.dll
[2015-01-12 02:00][2015-01-12 02:00] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI32682\python27.dll
[2015-01-27 06:57][2015-01-27 06:57] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI32642\python27.dll
[2014-12-22 12:41][2014-12-22 12:41] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI32602\python27.dll
[2015-01-09 18:45][2015-01-09 18:45] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI31602\python27.dll
[2014-12-10 10:50][2014-12-10 10:50] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI30442\python27.dll
[2015-01-28 05:43][2015-01-28 05:43] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI29722\python27.dll
[2015-01-18 17:21][2015-01-18 17:21] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI29002\python27.dll
[2015-01-25 20:04][2015-01-25 20:04] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI28842\python27.dll
[2014-12-31 12:52][2014-12-31 12:52] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI28362\python27.dll
[2014-12-14 12:00][2014-12-14 12:00] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI27162\python27.dll
[2015-01-10 01:30][2015-01-10 01:30] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI25802\python27.dll
[2015-01-04 16:19][2015-01-04 16:19] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI25082\python27.dll
[2014-12-14 10:52][2014-12-14 10:52] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI24682\python27.dll
[2014-12-28 10:03][2014-12-28 10:03] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI2162\python27.dll
[2014-12-12 17:10][2014-12-12 17:10] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI20402\python27.dll
[2014-12-18 02:47][2014-12-18 02:47] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI18002\python27.dll
[2014-12-15 17:29][2014-12-15 17:29] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI16682\python27.dll
[2015-01-24 08:45][2015-01-24 08:45] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI14122\python27.dll
[2015-01-23 23:04][2015-01-23 23:04] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI11402\python27.dll
[2015-01-15 07:39][2015-01-15 07:39] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI11082\python27.dll
[2014-12-30 10:14][2014-12-30 10:14] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

C:\Users\LeviKlein\AppData\Local\Temp\_MEI10842\python27.dll
[2015-01-16 15:42][2015-01-16 15:42] 2449920 ____A (Python Software Foundation) 8A59106032366B23D7A8FE7B8450E8B9

====== End Of Search ======



as to if the error is still appearing, it only appears when I login to windows after a restart. I suppose it is caused by a startup program. does a reinstall fix this?