1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Out of control

Discussion in 'Virus & Other Malware Removal' started by Lynnstuff, May 22, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Lynnstuff

    Lynnstuff Thread Starter

    Joined:
    Jul 19, 2007
    Messages:
    122
    my system has been taken over. I use Internet Explorer and Chrome. I am getting a frequent message that the browser has quit and when I click the X the internet explorer continues on but chrome quits and I have to start allover. When ever I click to go to a different place on my browsers I always get something else, some of it I can't get out.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz, Intel64 Family 6 Model 58 Stepping 9
    Processor Count: 8
    RAM: 8094 Mb
    Graphics Card: NVIDIA GeForce GT 640M LE, 1024 Mb
    Hard Drives: C: Total - 669121 MB, Free - 460941 MB; D: Total - 26079 MB, Free - 22290 MB;
    Motherboard: LENOVO, Product Name
    Antivirus: Kaspersky PURE 3.0, Updated and Enabled
     
  2. Lynnstuff

    Lynnstuff Thread Starter

    Joined:
    Jul 19, 2007
    Messages:
    122
    Malware has taken over, I need help.
     
  3. Lynnstuff

    Lynnstuff Thread Starter

    Joined:
    Jul 19, 2007
    Messages:
    122
    I have been deleting my browser history daily. and I still get unwanted programs being installed. Ad's by Storm is pervasive and I can't get rid of it.
     
  4. Lynnstuff

    Lynnstuff Thread Starter

    Joined:
    Jul 19, 2007
    Messages:
    122
    getting interrupted more often. Ads by storm warning are a real nascence.
     
  5. Lynnstuff

    Lynnstuff Thread Starter

    Joined:
    Jul 19, 2007
    Messages:
    122
    I had to click x on the internet explorer box that said internet explorer had quit 6 times just to get the to this point to post this.
     
  6. Firefly

    Firefly Malware Trainee

    Joined:
    Oct 5, 2007
    Messages:
    321
    Hi Lynnstuff. My name is Firefly and I will help you with your computer. I ask you to follow a few ground rules while we are taking care of your computer:

    I'm an Undergraduate trainee at MalwareRemovalUniversity (MRU), and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

    Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
    1. The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    2. You must have Administrator rights, permissions for this computer.
    3. DO NOT run any other fix or removal tools unless instructed to do so or install any other software (or hardware) during the cleaning process.
    4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
    5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
    6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean". If you are in progress at another forum, please simply let me know so I can dedicate my time to others who need help.
    7. Failure to respond for 3 days, will result in your topic being closed.

    Please take time to read the Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

    Warning!
    The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.


    Malware removal:
    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


    File Backup

    For your safety and protection, I would advise backing up all your important documents, personal data files and photos as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
    exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

    All of the Windows systems we support have backup capabilities. These existing programs will allow you to back up your files to an external hard drive, USB drive or CD drive.

    Do not back up your files to the hard drive of the computer we will be fixing. If the computer becomes unusable, your files will still be gone forever. Every photo, every documentÂ… gone. Seriously. Do this now.

    Here are links to using the backup programs in the various versions of Windows:


    If you have internet connectivity, an alternative to backing your files up locally is to back your files up to the cloud, and there are a number of free and paid for services of this type available.

    Below are links to a couple of articles with details for both free and paid for backup services ...

    http://www.techsupportalert.com/content ... -sites.htm
    http://www.pcmag.com/article2/0,2817,22 ... 745,00.asp

    A word of warning - if you have a lot of data to backup, an online service can take days, weeks, or months. In this case, please consider using a local backup method (external hard drive, USB, etc.)

    One way or another, it is critical that you backup your data before proceeding.


    Finally, there will be several items to handle in each post (usually) so I will try to break them into easier to digest sections which will be demarked with Green Bold Lettering


    Registry and Restore Point

    First, before we do anything, we want to make sure we have made a backup of your computer's key information so that we can be sure to not make anything worse. Since you are running Windows 7, we will both make a restore point and do a system backup.

    To create a restore point:
    1. click on the Start button to open your Start Menu. Then
    2. click on the Control Panel, then the System icon, and then finally click on System Protection in the left-hand task list. You will now be at the System Protection tab in the System control panel.
    3. At the bottom of the window you will see a button called "create". A window will pop open allowing you to name this restore point - please name this "before malware fix".
    4. You can then close the System window.

    Please also do the following:
    Please download tweaking.com_registry_backup_setup.exe
    Choose a download site for the installer... download and save it to your desktop.
    Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

    Once the program is installed...
    1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
    2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
    3. Click on Backup Now to create a backup of your Registry.
      You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
    4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
    5. Close and exit the program.

    Once these are done, we can move forward with repairing the issues you are having. PLEASE DO NOT PROCEED IF YOU HAVE ANY PROBLEMS WITH THESE FIRST TWO STEPS OR IF YOU RECEIVED ANY ERROR MESSAGES.


    FRST

    Please download FRST ... by Farbar, from the link below and save it to your Desktop.

    For 64 bit Systems

    • Right-click FRST.exe and select " Run as administrator " to run it.
    • When the tool opens click Yes to the disclaimer.
    • Press Scan button. ... When finished a log will be created, FRST.txt.
    • Please post the content of the FRST.txt in your next reply.
    • The first time the tool is run, it will create another log... Addition.txt.
    • Please post the content of the Addition.txt in your next reply.


    Next Steps

    Please provide me the following:

    1. Confirm you were able to perform the steps outlined to make a restore point and registry backup
    2. Confirm you were able to back up your files!!
    3. Please post the FRST.txt log
    4. Please post the Addition.txt log
     
  7. Lynnstuff

    Lynnstuff Thread Starter

    Joined:
    Jul 19, 2007
    Messages:
    122
    do I go to tweaking.com site to do the download for: tweaking.com_registry_backup_setup.exe
     
  8. Lynnstuff

    Lynnstuff Thread Starter

    Joined:
    Jul 19, 2007
    Messages:
    122
    Note: I clicked on the Underlined: tweaking.com_registry_backup_setup.exe and I got no response<
     
  9. Firefly

    Firefly Malware Trainee

    Joined:
    Oct 5, 2007
    Messages:
    321
    Lynnstuff - my apologies for the delay. I had to make a sudden business trip across the country for one day (no fun.)

    Scroll slightly down the page, and you will see 4 yellow/red buttons under the header of "installer". Click on any of those buttons and the program should download. The big green button at the top which says "Download Now" is an advertisement, so I would avoid it.

    Based on your settings, the program will most likely download into your "downloads" folder. You may find it easier to cut and paste it to your desktop and then run it from there.

    Let me know if you have any issues.
     
  10. Lynnstuff

    Lynnstuff Thread Starter

    Joined:
    Jul 19, 2007
    Messages:
    122
    Backup complete, Restore point saved, Registry copied and backed up.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
    Ran by hatcher (administrator) on HATCHER-PC on 10-06-2015 13:35:05
    Running from C:\Users\hatcher\Downloads
    Loaded Profiles: hatcher (Available Profiles: hatcher)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
    (Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
    () C:\Program Files (x86)\StormWarnings\StormWarningsSrv.exe
    (Storm Warnings) C:\Program Files (x86)\StormWarnings\SW_Updater.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    () C:\Program Files (x86)\MyPC Backup\BackupStack.exe
    () C:\Users\hatcher\AppData\Local\Installer\Installytd_9687\DCSetup_20327.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_188_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
    () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-16] (Synaptics Incorporated)
    HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-16] (Synaptics)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
    HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [gmsd_us_157] => [X]
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StormWarnings] => C:\Program Files (x86)\StormWarnings\StormWarningsApp.exe [1608880 2015-05-07] ()
    Startup: C:\Users\hatcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2015-05-22]
    ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe ()
    Startup: C:\Users\hatcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWarnings.lnk [2015-05-19]
    ShortcutTarget: StormWarnings.lnk -> C:\Program Files (x86)\StormWarnings\StormWarnings.exe (Storm Warnings, LLC)
    ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2014-11-12] (Kaspersky Lab ZAO)
    ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-11-12] (Kaspersky Lab ZAO)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
    ProxyServer: [HKLM] => http=127.0.0.1:52208;https=127.0.0.1:52208
    ProxyServer: [HKLM-x32] => http=127.0.0.1:52208;https=127.0.0.1:52208
    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcbyVFEF02PJzoodznxpPmMyx5P35X5MvaCnrWDMsB8EZXrSojBeFQItFC9p87156MvRLDVWw8RP8-s4AUYGDQxohR181OB-opBT7ZDdvZ1H1Qm9XxxDHWxN7FnXpWJwaBP_oODgSaOhF_DBfJaZukAoAIJX3OQEKfsi9AOiiL3Lpjyhmg,,&q={searchTerms}
    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcbyVFEF02PJzoodznxpPmMyx5P35X5MvaCnrWDMsB8EZXrSojBeFQItFC9p87156MvRLDVWw8RP8-s4AUYGDQxohR181OB-opBT7ZDdvZ1H1Qm9XxxDHWxN7FnXpWJwaBP_oODgSaOhF_DBfJaZukAoAIJX3OQEKfsi9AOiiL3Lpjyhmg,,&q={searchTerms}
    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_46_ie&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0EtCyE0FyDtC0A0F0B0FtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzyyB0CyC0E0E0FtG0AtDyEtAtG0C0EyCtDtG0C0ByEtAtGtB0B0C0CtDyEtA0DtA0EtAyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByCyEyDzyyCyC0CtGyBzy0EyDtGyE0EyBzztG0AtDtDzztG0Ezy0AyCyBtBtA0B0DtAtDzy2Q&cr=1297409525&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_46_ie&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0EtCyE0FyDtC0A0F0B0FtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzyyB0CyC0E0E0FtG0AtDyEtAtG0C0EyCtDtG0C0ByEtAtGtB0B0C0CtDyEtA0DtA0EtAyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByCyEyDzyyCyC0CtGyBzy0EyDtGyE0EyBzztG0AtDtDzztG0Ezy0AyCyBtBtA0B0DtAtDzy2Q&cr=1297409525&ir=
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcbyVFEF02PJzoodznxpPmMyx5P35X5MvaCnrWDMsB8EZXrSojBeFQItFC9p87156MvRLDVWw8RP8-s4AUYGDQxohR181OB-opBT7ZDdvZ1H1Qm9XxxDHWxN7FnXpWJwaBP_oODgSaOhF_DBfJaZukAoAIJX3OQEKfsi9AOiiL3LpjyhnQ,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcbyVFEF02PJzoodznxpPmMyx5P35X5MvaCnrWDMsB8EZXrSojBeFQItFC9p87156MvRLDVWw8RP8-s4AUYGDQxohR181OB-opBT7ZDdvZ1H1Qm9XxxDHWxN7FnXpWJwaBP_oODgSaOhF_DBfJaZukAoAIJX3OQEKfsi9AOiiL3LpjyhnQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching.com/search.aspx?s=F4Azbuzdk00TR1,468dd568-180d-4dbc-9521-9a33399eb2cd,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://www-searching.com/search.aspx?s=F4Azbuzdk00TR1,468dd568-180d-4dbc-9521-9a33399eb2cd,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching.com/search.aspx?s=F4Azbuzdk00TR1,468dd568-180d-4dbc-9521-9a33399eb2cd,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> {2C188D00-8C31-4959-97E2-786DBAC4FAD2} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcbyVFEF02PJzoodznxpPmMyx5P35X5MvaCnrWDMsB8EZXrSojBeFQItFC9p87156MvRLDVWw8RP8-s4AUYGDQxohR181OB-opBT7ZDdvZ1H1Qm9XxxDHWxN7FnXpWJwaBP_oODgSaOhF_DBfJaZukAoAIJX3OQEKfsi9AOiiL3Lpjyhmg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> {73161A25-B465-44BD-8DDF-2C19F3CCD1CC} URL = http://www-searching.com/search.aspx?s=F4Azbuzdk00TR1,468dd568-180d-4dbc-9521-9a33399eb2cd,&site=set&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-searching.com/search.aspx?s=F4Azbuzdk00TR1,468dd568-180d-4dbc-9521-9a33399eb2cd,&q={searchTerms}
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-11-12] (Kaspersky Lab ZAO)
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> No Name - {F2B8F521-78AD-4F52-8D23-DAFB42B6F85E} - No File
    Winsock: Catalog9 01 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Winsock: Catalog9 02 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Winsock: Catalog9 03 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Winsock: Catalog9 04 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Winsock: Catalog9 05 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Winsock: Catalog9 16 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @ei.MyTransitGuide_b7.com/Plugin -> C:\Program Files (x86)\MyTransitGuide_b7EI\Installr\1.bin\NPb7EISB.dll [2014-12-03] (MyTransitGuide)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
    FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
    FF HKU\S-1-5-21-3137014762-4098446849-747361786-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi

    Chrome:
    =======
    CHR Profile: C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Kaspersky URL Advisor) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-11-12]
    CHR Extension: (Bookmark Manager) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-13]
    CHR Extension: (Safe Money) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-11-12]
    CHR Extension: (Content Blocker) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-11-12]
    CHR Extension: (Virtual Keyboard) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-11-12]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-13]
    CHR Extension: (Kaspersky Protection) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2015-04-10]
    CHR Extension: (Google Wallet) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-14]
    CHR Extension: (Anti-Banner) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-11-12]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
    CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
    R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [57768 2015-05-21] () <==== ATTENTION
    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
    R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
    R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
    R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
    R2 StormWarnings Update Service; C:\Program Files (x86)\StormWarnings\StormWarningsSrv.exe [587440 2015-05-07] ()
    R2 SW_Updater; C:\Program Files (x86)\StormWarnings\SW_Updater.exe [515376 2015-05-15] (Storm Warnings)
    R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-06-10] ()
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [X]
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [X]
    S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [X]
    S2 ZeroConfigService; "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
    R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-11-12] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-11-12] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-11-12] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-11-12] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
    R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.)
    S1 bbnfd_1_10_0_2; system32\drivers\bbnfd_1_10_0_2.sys [X]
    S1 cherimoya; system32\drivers\cherimoya.sys [X]
    S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-10 13:35 - 2015-06-10 13:36 - 00022308 _____ C:\Users\hatcher\Downloads\FRST.txt
    2015-06-10 13:34 - 2015-06-10 13:35 - 00000000 ____D C:\FRST
    2015-06-10 13:33 - 2015-06-10 13:34 - 02108928 _____ (Farbar) C:\Users\hatcher\Downloads\FRST64.exe
    2015-06-10 13:28 - 2015-06-10 13:28 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HATCHER-PC-Windows-7-Home-Premium-(64-bit).dat
    2015-06-10 13:28 - 2015-06-10 13:28 - 00000000 ____D C:\RegBackup
    2015-06-10 13:27 - 2015-06-10 13:27 - 04720448 _____ C:\Users\hatcher\Downloads\tweaking.com_registry_backup_setup.exe
    2015-06-10 13:27 - 2015-06-10 13:27 - 00002235 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-06-10 13:23 - 2015-06-10 13:23 - 00003662 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
    2015-06-10 13:23 - 2015-06-10 13:23 - 00002159 _____ C:\Users\hatcher\Desktop\Tweaking.com - Windows Repair.lnk
    2015-06-10 13:22 - 2015-06-10 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-06-10 13:22 - 2015-06-10 13:27 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2015-06-10 13:21 - 2015-06-10 13:21 - 12907304 _____ C:\Users\hatcher\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2015-06-03 11:03 - 2015-06-03 11:03 - 00023585 _____ C:\Users\hatcher\.recently-used.xbel
    2015-06-02 17:16 - 2015-06-09 15:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-06-02 17:16 - 2015-06-02 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-06-02 17:11 - 2015-06-10 13:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-02 17:11 - 2015-06-09 17:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-02 17:11 - 2015-06-02 17:18 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-06-02 17:11 - 2015-06-02 17:18 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-30 20:51 - 2015-05-30 20:51 - 00000000 ____D C:\Users\hatcher\.cache
    2015-05-28 22:20 - 2015-05-29 17:40 - 00000112 _____ C:\ProgramData\tQKp65ie.dat
    2015-05-28 21:43 - 2015-06-10 13:36 - 00000000 ____D C:\ProgramData\abc
    2015-05-28 21:43 - 2015-05-28 21:43 - 00000000 ____D C:\ProgramData\Package Cache
    2015-05-28 21:41 - 2015-05-29 14:59 - 00000000 ____D C:\Program Files (x86)\Coupoon
    2015-05-22 13:11 - 2015-05-22 13:11 - 00004022 _____ C:\Windows\System32\Tasks\LaunchApp
    2015-05-22 13:08 - 2015-05-22 13:08 - 00001969 _____ C:\Users\hatcher\Desktop\Sync Folder.lnk
    2015-05-22 13:08 - 2015-05-22 13:08 - 00001069 _____ C:\Users\hatcher\Desktop\MyPC Backup.lnk
    2015-05-22 13:08 - 2015-05-22 13:08 - 00000000 ____D C:\Users\hatcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
    2015-05-22 11:52 - 2015-05-22 13:12 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
    2015-05-22 11:51 - 2015-05-22 11:51 - 04058368 _____ C:\Users\hatcher\Downloads\MyPCBackup_WebInstaller.exe
    2015-05-21 10:57 - 2015-05-21 10:57 - 00000000 _____ C:\autoexec.bat
    2015-05-21 10:03 - 2015-05-21 10:03 - 00000000 ____D C:\Users\hatcher\AppData\Local\StormWarnings
    2015-05-19 18:43 - 2015-05-19 18:43 - 00000000 ____D C:\Users\hatcher\AppData\Local\Storm_Warnings,_LLC
    2015-05-19 18:42 - 2015-05-20 15:38 - 00000000 ____D C:\Program Files (x86)\StormWarnings
    2015-05-14 09:29 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-14 09:29 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 16:26 - 2015-05-13 16:26 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-05-13 15:15 - 2015-05-13 15:15 - 00880208 _____ (Google Inc.) C:\Users\hatcher\Downloads\ChromeSetup.exe
    2015-05-13 14:15 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-13 14:15 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-13 14:15 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-05-13 14:15 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-05-13 14:15 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-13 14:15 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-05-13 14:15 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-05-13 14:15 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-05-13 14:15 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-13 14:15 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-13 14:15 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-05-13 14:15 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-13 14:15 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-05-13 14:15 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-05-13 14:15 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-05-13 14:15 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-13 14:15 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-13 14:15 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-05-13 14:15 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-05-13 14:15 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-05-13 14:15 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-13 14:15 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-05-13 14:15 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-05-13 14:15 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-13 14:15 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-05-13 14:15 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-05-13 14:15 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-13 14:15 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-05-13 14:15 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-05-13 14:15 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-13 14:15 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-05-13 14:15 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-13 14:15 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-05-13 14:15 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-13 14:15 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-13 14:15 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-05-13 14:15 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-05-13 14:15 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-05-13 14:15 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-13 14:15 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-05-13 14:15 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-05-13 14:15 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-13 14:15 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-05-13 14:15 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-05-13 14:15 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-05-13 14:15 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-13 14:15 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-05-13 14:15 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-13 14:15 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-05-13 14:15 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-13 14:15 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-13 14:15 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-13 14:15 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-13 14:15 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-13 14:15 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-13 14:15 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-05-13 14:15 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-13 14:15 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-13 14:15 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-05-13 14:15 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-13 14:15 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-13 14:15 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-05-13 14:15 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-13 14:15 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-05-13 14:15 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-13 14:14 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-05-13 14:14 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-05-13 14:14 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-05-13 14:14 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-05-13 14:14 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-05-13 14:14 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-05-13 14:14 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-05-13 14:14 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-05-13 14:14 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-05-13 14:14 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-05-13 14:14 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-05-13 14:14 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-05-13 14:14 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-05-13 14:14 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-05-13 14:14 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-05-13 14:14 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-05-13 14:14 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-05-13 14:14 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-05-13 14:14 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-05-13 14:14 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-05-13 14:14 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-05-13 14:14 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-05-13 14:14 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-05-13 14:14 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-05-13 14:14 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-05-13 14:14 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-05-13 14:14 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-05-13 14:14 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-05-13 14:14 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-05-13 14:14 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-05-13 14:14 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-05-13 14:14 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-05-13 14:14 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-05-13 14:14 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-05-13 14:14 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-05-13 14:14 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-05-13 14:14 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-05-13 14:14 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-05-13 14:14 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-05-13 14:14 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-05-13 14:14 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-05-13 14:14 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-05-13 14:14 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-05-13 14:14 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-05-13 14:14 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-05-13 14:14 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-05-13 14:14 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-05-13 14:14 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-13 14:14 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-13 14:14 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-13 14:14 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-13 14:13 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-05-13 14:13 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-05-13 14:13 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-05-13 14:13 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-05-13 14:13 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-05-13 14:13 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-05-13 14:13 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-05-13 14:13 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-05-13 14:13 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-05-13 14:13 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-05-13 14:13 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-05-13 14:13 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-05-13 14:13 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-05-13 14:13 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-05-12 11:59 - 2015-05-12 11:59 - 00009728 _____ C:\Users\hatcher\Downloads\To Ship.xls

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-10 13:36 - 2014-11-13 10:38 - 00000364 _____ C:\Windows\Tasks\CIMT_S-1-5-21-3137014762-4098446849-747361786-1000.job
    2015-06-10 13:35 - 2014-11-10 15:19 - 01420056 _____ C:\Windows\WindowsUpdate.log
    2015-06-10 13:34 - 2014-11-12 13:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2015-06-10 13:24 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-10 13:24 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-10 13:17 - 2014-11-18 11:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-09 22:02 - 2015-03-30 18:41 - 00001060 _____ C:\Windows\Tasks\Crossbrowse.job
    2015-06-09 22:02 - 2014-12-19 13:53 - 00000960 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
    2015-06-09 22:02 - 2014-11-12 19:41 - 00000000 ____D C:\ProgramData\SafeUpdaterData
    2015-06-09 22:02 - 2009-07-14 00:51 - 00101430 _____ C:\Windows\setupact.log
    2015-06-09 15:19 - 2014-11-18 11:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-09 15:19 - 2014-11-18 11:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-09 15:19 - 2014-11-18 11:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-09 15:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
    2015-06-07 21:40 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2015-06-07 21:39 - 2014-12-19 13:53 - 00000956 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    2015-06-07 21:39 - 2014-11-12 13:18 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2015-06-07 21:39 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-07 21:38 - 2010-11-20 23:47 - 00038628 _____ C:\Windows\PFRO.log
    2015-06-05 16:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-06-04 17:15 - 2014-11-10 17:53 - 00022428 _____ C:\Users\hatcher\Documents\stuff.ods
    2015-06-03 11:03 - 2014-11-26 14:29 - 00000000 ____D C:\Users\hatcher\AppData\Roaming\gtk-2.0
    2015-06-03 11:03 - 2014-11-26 14:06 - 00000000 ____D C:\Users\hatcher\.gimp-2.6
    2015-06-03 11:03 - 2014-11-12 15:16 - 00007891 _____ C:\Windows\BRRBCOM.INI
    2015-06-03 11:03 - 2014-11-10 15:19 - 00000000 ____D C:\Users\hatcher
    2015-06-03 10:19 - 2014-11-12 16:16 - 00000000 ____D C:\Users\hatcher\AppData\Local\Google
    2015-06-02 17:15 - 2014-11-24 11:14 - 00000000 ____D C:\Program Files (x86)\Google
    2015-05-27 15:13 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-05-21 11:29 - 2009-07-14 01:08 - 00025782 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-05-21 10:50 - 2014-11-14 10:43 - 00044420 _____ C:\Windows\wininit.ini
    2015-05-20 03:00 - 2015-04-05 12:31 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-05-20 03:00 - 2015-04-05 12:31 - 00000000 ___SD C:\Windows\system32\GWX
    2015-05-15 03:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2015-05-14 09:59 - 2009-07-14 00:45 - 00295216 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-05-14 09:57 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
    2015-05-14 09:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
    2015-05-14 09:38 - 2014-11-10 16:16 - 00000000 ____D C:\Windows\system32\MRT
    2015-05-14 09:33 - 2014-11-10 16:16 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-05-13 16:26 - 2014-11-19 11:29 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

    ==================== Files in the root of some directories =======

    2015-03-31 11:48 - 2015-03-31 11:49 - 0001267 _____ () C:\Users\hatcher\AppData\Roaming\Bubble Dock.boostrap.log
    2015-03-31 11:48 - 2015-03-31 11:49 - 0005725 _____ () C:\Users\hatcher\AppData\Roaming\Bubble Dock.installation.log
    2015-03-31 11:49 - 2015-03-31 11:49 - 0000078 _____ () C:\Users\hatcher\AppData\Roaming\Selection Tools.installation.log
    2015-03-31 11:48 - 2015-03-31 11:48 - 0000097 _____ () C:\Users\hatcher\AppData\Roaming\WindApp.boostrap.log
    2015-03-31 11:49 - 2015-03-31 11:49 - 0000078 _____ () C:\Users\hatcher\AppData\Roaming\WindApp.installation.log
    2015-05-28 22:20 - 2015-05-29 17:40 - 0000112 _____ () C:\ProgramData\tQKp65ie.dat

    Files to move or delete:
    ====================
    C:\ProgramData\tQKp65ie.dat


    Some files in TEMP:
    ====================
    C:\Users\hatcher\AppData\Local\Temp\349.exe
    C:\Users\hatcher\AppData\Local\Temp\36792uninstall.exe
    C:\Users\hatcher\AppData\Local\Temp\4C0EF7B5-FED4-BA81-1D3B-99E3C72B2F49.exe
    C:\Users\hatcher\AppData\Local\Temp\7za.exe
    C:\Users\hatcher\AppData\Local\Temp\94F7FEAB-21EE-36A4-DBE9-3CE48B5698CF.dll
    C:\Users\hatcher\AppData\Local\Temp\94F7FEAB-21EE-36A4-DBE9-3CE48B5698CF.exe
    C:\Users\hatcher\AppData\Local\Temp\CloudBackup2699.exe
    C:\Users\hatcher\AppData\Local\Temp\CloudBackup6500.exe
    C:\Users\hatcher\AppData\Local\Temp\CloudBackup9099.exe
    C:\Users\hatcher\AppData\Local\Temp\DRHelper_installFinish.exe
    C:\Users\hatcher\AppData\Local\Temp\DRHelper_installStart.exe
    C:\Users\hatcher\AppData\Local\Temp\DRHelper_uninstallComplete.exe
    C:\Users\hatcher\AppData\Local\Temp\OnlineBackup.exe
    C:\Users\hatcher\AppData\Local\Temp\optprosetup.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_0911.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_10819.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_11410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_114624.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_124434.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_141540.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_141734.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_14410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144120.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144214.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144324.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144349.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144411.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144420.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144611.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_145028.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_14505.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_145224.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_14617.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_14648.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_153722.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_17410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174120.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174125.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174131.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174134.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174153.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174316.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174623.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_175353.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_20410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_204110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_204114.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_204122.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_20429.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_204622.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_20486.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_213226.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_215640.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_2311.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_232441.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_23410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234111.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234120.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234122.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234125.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234621.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234636.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_235558.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_2410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24111.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24120.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24122.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24126.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24213.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24323.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24552.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24625.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_3221.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_35543.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_5410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_54110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_54120.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_54624.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_54627.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_62710.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_8410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_84110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_84122.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_84625.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_04125.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_070.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_101740.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_114110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_1163.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_132435.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_13411.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_141143.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14127.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14142.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_141511.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_141742.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14233.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14360.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_143729.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_143756.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_143812.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144112.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144113.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144159.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144210.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144215.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144241.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144255.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144312.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144817.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_145039.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_145143.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14613.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14639.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14838.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_1518.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_154841.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_162035.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174111.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174120.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174122.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174141.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174157.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174237.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_17427.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174330.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_17438.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174433.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174436.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174451.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_184054.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_185411.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_20327.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_20410.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_204110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_204120.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_2042.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_204222.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_204325.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_2127.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_21321.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_215728.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_2235.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_22420.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_22426.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_2244.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_22458.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_225432.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_231140.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_232354.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_233422.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_23410.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_234110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_234111.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_234113.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_235347.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_2410.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24111.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24113.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24119.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24642.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24657.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_25229.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_32139.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_35528.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_45833.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_54110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_54111.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_62444.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_84110.exe
    C:\Users\hatcher\AppData\Local\Temp\ShAeroDisabler.exe
    C:\Users\hatcher\AppData\Local\Temp\SpOrder.dll
    C:\Users\hatcher\AppData\Local\Temp\Sqlite3.dll
    C:\Users\hatcher\AppData\Local\Temp\System.Data.SQLite.dll
    C:\Users\hatcher\AppData\Local\Temp\tu17p84.exe
    C:\Users\hatcher\AppData\Local\Temp\Uninstall.exe
    C:\Users\hatcher\AppData\Local\Temp\vcredist_x64.exe
    C:\Users\hatcher\AppData\Local\Temp\_is3D9.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-03 12:33
     
  11. Lynnstuff

    Lynnstuff Thread Starter

    Joined:
    Jul 19, 2007
    Messages:
    122
    Addition:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
    Ran by hatcher at 2015-06-10 13:36:58
    Running from C:\Users\hatcher\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3137014762-4098446849-747361786-500 - Administrator - Disabled)
    Guest (S-1-5-21-3137014762-4098446849-747361786-501 - Limited - Disabled)
    hatcher (S-1-5-21-3137014762-4098446849-747361786-1000 - Administrator - Enabled) => C:\Users\hatcher
    HomeGroupUser$ (S-1-5-21-3137014762-4098446849-747361786-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.9.9 - Atheros Communications Inc.)
    Brother MFL-Pro Suite MFC-J470DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
    Common dictionary (HKLM-x32\...\Common dictionary) (Version: 1 - Common dictionary)
    Consumer Input Update Helper (x32 Version: 1.3.25.149 - Compete Inc.) Hidden <==== ATTENTION
    EasyDuplicateFinder v4.7 (HKLM\...\Easy Duplicate Finder 4_is1) (Version: - WebMinds, Inc.)
    GIMP 2.6.4 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
    Google Chrome Packages (HKU\S-1-5-21-3137014762-4098446849-747361786-1000\...\Google Chrome Packages) (Version: - ) <==== ATTENTION
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.64.1 - JMicron Technology Corp.)
    Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
    Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.117 - Realtek Semiconductor Corp.)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MyPC Backup 1.0.0 (HKLM\...\MyPC Backup) (Version: 1.0.0 - MyPC Backup)
    Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
    Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 2.84 - NCH Software)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
    Scansoft PDF Professional (x32 Version: - ) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.0 - Synaptics Incorporated)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
    Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.2.2 - Tweaking.com)
    UFRaw 0.19.2 (HKLM-x32\...\UFRaw_is1) (Version: - Udi Fuchs)
    ViewSonic Monitor Drivers (HKLM-x32\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3137014762-4098446849-747361786-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-3137014762-4098446849-747361786-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\hatcher\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3137014762-4098446849-747361786-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\hatcher\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

    ==================== Restore Points =========================

    24-05-2015 19:00:06 Windows Backup
    26-05-2015 02:10:17 Windows Update
    28-05-2015 21:43:34 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
    29-05-2015 14:54:49 Windows Update
    02-06-2015 02:10:36 Windows Update
    07-06-2015 21:49:29 Windows Backup
    08-06-2015 14:22:18 before fix with tech
    09-06-2015 09:37:08 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0C158E6D-C5CD-4A05-B4B6-3BB5C5961EC1} - System32\Tasks\SystemOperations\Safe Updater 08 => C:\ProgramData\SystemOperations\SafeUpdater\SafeUpdater.exe [2014-11-11] (PicColor)
    Task: {1C7F0366-6B5C-4A25-880C-6EA15C4BB1F8} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
    Task: {1DC6AEE4-CE89-4DE6-A61B-B9A487912D0B} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe [2015-05-21] () <==== ATTENTION
    Task: {2467A9A9-2B87-4095-8803-A3FC9308B3F3} - System32\Tasks\{DD508282-808E-41C2-B00D-926C84E33316} => pcalua.exe -a C:\ProgramData\VideoDimmer\uninstall.exe -c /kb=y /ic=1
    Task: {2B8EC75A-0E14-43B0-B89E-96023D15B71A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
    Task: {2C65664F-9DEB-4DE1-A5F2-8CBFA0A1EBB2} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: {488FA55A-0430-4C2E-9C06-E3C5EF96C726} - System32\Tasks\Run_Bobby_Browser => C:\Users\hatcher\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
    Task: {5A9DDB82-DE56-47E6-88E3-A98A330E8125} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
    Task: {643851FD-203F-4817-B827-23ED901F78F3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {7AE453C7-131E-431E-8268-D618BAAD1232} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: {855C3E32-F8A8-4526-86E8-3635046CD4AF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-10] (Microsoft Corporation)
    Task: {8BD4D3E4-E6C0-4145-A186-988CE25AEDC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.)
    Task: {98618F63-ABC1-4001-95D1-7D6A0481ECBF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {B6010961-BBEF-4D2D-B5D8-1714A4E1031C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
    Task: {C3A780F3-2066-4030-A75E-97C6FE4976E6} - System32\Tasks\CIMT_S-1-5-21-3137014762-4098446849-747361786-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
    Task: {C758654F-804F-4E96-B856-EDDC7E2F6ECB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D7708997-917C-46E2-9AD1-FE0BCFAE98FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {E79B87CB-AFE8-4000-9A44-E5694F2599A4} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
    Task: {E8F95F4E-CB5A-4942-8078-0156E28CF9BB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {ED7AE235-18F8-46CD-B035-8B3178BF3C49} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
    Task: {EE59BA20-3697-49CA-BDA1-D9F74712E7AF} - System32\Tasks\Installer_ytd => C:\Users\hatcher\AppData\Local\Installer\Installytd_9687\DCSetup_20327.exe [2015-04-10] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\CIMT_S-1-5-21-3137014762-4098446849-747361786-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-10-27 17:31 - 2014-10-27 17:31 - 00154624 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
    2014-11-12 15:16 - 2005-04-22 00:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
    2015-05-07 12:04 - 2015-05-07 12:04 - 00587440 _____ () C:\Program Files (x86)\StormWarnings\StormWarningsSrv.exe
    2014-11-12 10:14 - 2010-10-26 14:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    2015-05-22 11:52 - 2015-05-21 08:50 - 00057768 _____ () C:\Program Files (x86)\MyPC Backup\BackupStack.exe
    2015-05-22 13:08 - 2015-05-21 08:49 - 01439232 _____ () C:\Program Files (x86)\MyPC Backup\Shared Stack.dll
    2015-05-22 13:08 - 2015-05-21 08:46 - 00191488 _____ () C:\Program Files (x86)\MyPC Backup\MPCBClient.dll
    2015-05-22 13:08 - 2015-05-21 08:45 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
    2015-05-22 13:08 - 2015-05-21 08:46 - 00044032 _____ () C:\Program Files (x86)\MyPC Backup\UIKit.dll
    2015-05-22 13:08 - 2015-05-21 08:45 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
    2015-05-22 13:08 - 2015-05-21 08:45 - 00236032 _____ () C:\Program Files (x86)\MyPC Backup\websocket-sharp.dll
    2015-05-22 13:08 - 2015-05-21 08:46 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
    2015-05-22 13:08 - 2015-05-21 08:45 - 00065536 _____ () C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll
    2015-05-22 13:08 - 2015-05-21 08:45 - 00007680 _____ () C:\Program Files (x86)\MyPC Backup\NativeHashWrapper.dll
    2015-04-10 16:05 - 2015-04-10 16:03 - 01212904 _____ () C:\Users\hatcher\AppData\Local\Installer\Installytd_9687\DCSetup_20327.exe
    2015-05-28 21:41 - 2015-06-10 13:16 - 00053040 _____ () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
    2012-12-20 19:19 - 2012-12-20 19:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
    2012-12-20 19:19 - 2012-12-20 19:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hatcher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^hatcher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^crossbrowse.lnk => C:\Windows\pss\crossbrowse.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^hatcher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SmartWeb.lnk => C:\Windows\pss\SmartWeb.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BoBrowser => "C:\Users\hatcher\AppData\Local\BoBrowser\Application\bobrowser.exe"
    MSCONFIG\startupreg: BrHelp => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
    MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\hatcher\AppData\Local\Smartbar\Application\SnapDo.exe startup
    MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    MSCONFIG\startupreg: gmsd_us_157 => "C:\Program Files (x86)\gmsd_us_157\gmsd_us_157.exe"
    MSCONFIG\startupreg: Google Update => "C:\Users\hatcher\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
    MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
    MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
    MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
    MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Selection Tools => "C:\Users\hatcher\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
    MSCONFIG\startupreg: SmartWeb => C:\Users\hatcher\AppData\Local\SmartWeb\SmartWebHelper.exe
    MSCONFIG\startupreg: WinCheck => C:\Users\hatcher\AppData\Local\wincheck\wincheck.exe
    MSCONFIG\startupreg: WindApp => "C:\Users\hatcher\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{7EAF6A5E-7B9B-44AF-8C19-816A0ACFDB59}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{EEDDB3DD-2A10-4B31-B751-8B4A922CC966}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
    FirewallRules: [{42D73D9F-1F2C-4D3A-A5B3-4C43784C5AF6}] => (Allow) LPort=54925
    FirewallRules: [{C3FA281E-7700-4B2D-AAD6-8EC55971E6EF}] => (Allow) C:\Users\hatcher\AppData\Local\Google\Chrome\Application\chrome.exe
    FirewallRules: [{423D009F-9C89-40FA-8A2D-FCD42C84BD83}] => (Allow) C:\Users\hatcher\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe
    FirewallRules: [{8CC843E0-D7B1-4F36-AABD-3C3334A907B2}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{C8C1A668-EAB6-4F97-9765-F3968169955E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: SM Bus Controller
    Description: SM Bus Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: bbnfd_1_10_0_2
    Description: bbnfd_1_10_0_2
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: bbnfd_1_10_0_2
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: innfd_1_10_0_14
    Description: innfd_1_10_0_14
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: innfd_1_10_0_14
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: cherimoya
    Description: cherimoya
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: cherimoya
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/10/2015 01:33:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
    Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
    Exception code: 0xc0000374
    Fault offset: 0x000cea5f
    Faulting process id: 0xe468
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (06/10/2015 01:33:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
    Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
    Exception code: 0xc0000374
    Fault offset: 0x000cea5f
    Faulting process id: 0xe628
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (06/10/2015 01:33:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
    Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
    Exception code: 0xc0000374
    Fault offset: 0x000cea5f
    Faulting process id: 0xdc74
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (06/10/2015 01:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
    Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
    Exception code: 0xc0000374
    Fault offset: 0x000cea5f
    Faulting process id: 0xe490
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (06/10/2015 01:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
    Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
    Exception code: 0xc0000374
    Fault offset: 0x000cea5f
    Faulting process id: 0xe5e0
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (06/10/2015 01:33:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
    Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
    Exception code: 0xc0000374
    Fault offset: 0x000cea5f
    Faulting process id: 0xd94c
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (06/10/2015 01:33:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
    Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
    Exception code: 0xc0000374
    Fault offset: 0x000cea5f
    Faulting process id: 0xaddc
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (06/10/2015 01:32:59 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
    Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
    Exception code: 0xc0000374
    Fault offset: 0x000cea5f
    Faulting process id: 0xe170
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (06/10/2015 01:32:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
    Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
    Exception code: 0xc0000374
    Fault offset: 0x000cea5f
    Faulting process id: 0xe1ec
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (06/10/2015 01:32:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17801, time stamp: 0x5536642c
    Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8808
    Exception code: 0xc0000374
    Fault offset: 0x000cea5f
    Faulting process id: 0xd65c
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3


    System errors:
    =============
    Error: (06/10/2015 01:19:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (06/10/2015 01:16:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The UpdateCheck service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

    Error: (06/07/2015 09:41:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
    %%2

    Error: (06/07/2015 09:39:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    bbnfd_1_10_0_2
    cherimoya
    innfd_1_10_0_14

    Error: (06/07/2015 09:39:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Intel(R) PROSet/Wireless Zero Configuration Service service failed to start due to the following error:
    %%2

    Error: (06/07/2015 09:39:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Intel(R) PROSet/Wireless Registry Service service failed to start due to the following error:
    %%2

    Error: (06/07/2015 09:39:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error:
    %%2

    Error: (06/07/2015 09:39:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\System32\IWMSSvc.dll
    Error Code: 126

    Error: (06/07/2015 09:39:11 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 9:37:45 PM on &#8206;6/&#8206;7/&#8206;2015 was unexpected.

    Error: (06/04/2015 04:15:15 PM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{4AF0147E-7DA5-4E1D-B80A-127047E72634} because another computer on the network has the same name. The server could not start.


    Microsoft Office:
    =========================
    Error: (06/10/2015 01:33:43 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.18839553e8808c0000374000cea5fe46801d0a3a39791120cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dlld676f850-0f96-11e5-9019-dc0ea1e14f51

    Error: (06/10/2015 01:33:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.18839553e8808c0000374000cea5fe62801d0a3a393838e14C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dlld267499a-0f96-11e5-9019-dc0ea1e14f51

    Error: (06/10/2015 01:33:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.18839553e8808c0000374000cea5fdc7401d0a3a3902d6f28C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dllcf67c2dd-0f96-11e5-9019-dc0ea1e14f51

    Error: (06/10/2015 01:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.18839553e8808c0000374000cea5fe49001d0a3a38b484b6eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dllca27116e-0f96-11e5-9019-dc0ea1e14f51

    Error: (06/10/2015 01:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.18839553e8808c0000374000cea5fe5e001d0a3a3869b3a4eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dllc78b7d00-0f96-11e5-9019-dc0ea1e14f51

    Error: (06/10/2015 01:33:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.18839553e8808c0000374000cea5fd94c01d0a3a380b9eecaC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dllc1199d4b-0f96-11e5-9019-dc0ea1e14f51

    Error: (06/10/2015 01:33:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.18839553e8808c0000374000cea5faddc01d0a3a380a925e9C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dllc00ef687-0f96-11e5-9019-dc0ea1e14f51

    Error: (06/10/2015 01:32:59 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.18839553e8808c0000374000cea5fe17001d0a3a366f0b49bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dllbca8aaf7-0f96-11e5-9019-dc0ea1e14f51

    Error: (06/10/2015 01:32:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.18839553e8808c0000374000cea5fe1ec01d0a3a36330cf1bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dlla328746e-0f96-11e5-9019-dc0ea1e14f51

    Error: (06/10/2015 01:32:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: IEXPLORE.EXE11.0.9600.178015536642cntdll.dll6.1.7601.18839553e8808c0000374000cea5fd65c01d0a3a35bec02a4C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll9baef76f-0f96-11e5-9019-dc0ea1e14f51


    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-12 02:46:10.475
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-12 02:46:10.413
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-17 10:55:37.935
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-17 10:55:37.919
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-13 17:59:13.180
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-13 17:59:13.165
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-13 17:55:54.643
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-13 17:55:54.627
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-15 09:29:15.655
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-15 09:29:15.640
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
    Percentage of memory in use: 42%
    Total physical RAM: 8094.36 MB
    Available physical RAM: 4620.25 MB
    Total Pagefile: 16186.92 MB
    Available Pagefile: 11338.75 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:653.44 GB) (Free:448.57 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.77 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: EA6F18D3)
    Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=653.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)
     
  12. Firefly

    Firefly Malware Trainee

    Joined:
    Oct 5, 2007
    Messages:
    321
    Received. It will take me a little time to review. I will get back to you asap.
     
  13. Lynnstuff

    Lynnstuff Thread Starter

    Joined:
    Jul 19, 2007
    Messages:
    122
    I shut down my system, instead of putting it to sleep, and it installed Microsoft updates. Nine updates and 24,054 operation (?) changes. I suspect that may change some of the information that you received. Are we ok or do I need to redo the first steps?
     
  14. Firefly

    Firefly Malware Trainee

    Joined:
    Oct 5, 2007
    Messages:
    321
    Hey Lynnstuff - Thanks for letting me know. It should not make too much of a difference, and I think the resolution to your issues will be pretty straight forward. Please do the following:

    Revised FRST Scan

    Please delete your copy of FRST64, and re-download FRST ... by Farbar, from the link below and save it to your Desktop (it gets updated very often, so a new copy is always important).

    For 64 bit Systems

    • Right-click FRST.exe and select " Run as administrator " to run it.
    • When the tool opens click Yes to the disclaimer.
    • In addition to what is already checked, please place a check mark in the lower right hand box labeled &#8220;Addition.txt&#8221;
    • Press Scan button. ... When finished a log will be created, FRST.txt.
    • Please post the content of the FRST.txt in your next reply.
    • Please post the content of the Addition.txt in your next reply.
     
  15. Lynnstuff

    Lynnstuff Thread Starter

    Joined:
    Jul 19, 2007
    Messages:
    122
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
    Ran by hatcher (administrator) on HATCHER-PC on 11-06-2015 15:42:19
    Running from C:\Users\hatcher\Downloads
    Loaded Profiles: hatcher (Available Profiles: hatcher)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    (Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
    () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
    () C:\Program Files (x86)\StormWarnings\StormWarningsSrv.exe
    (Storm Warnings) C:\Program Files (x86)\StormWarnings\SW_Updater.exe
    () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    () C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
    () C:\Program Files (x86)\MyPC Backup\BackupStack.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_188_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (PicColor) C:\ProgramData\SystemOperations\SafeUpdater\SafeUpdater.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\System32\consent.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-16] (Synaptics Incorporated)
    HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-16] (Synaptics)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
    HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [gmsd_us_157] => [X]
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StormWarnings] => C:\Program Files (x86)\StormWarnings\StormWarningsApp.exe [1608880 2015-05-07] ()
    Startup: C:\Users\hatcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2015-05-22]
    ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe ()
    Startup: C:\Users\hatcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWarnings.lnk [2015-05-19]
    ShortcutTarget: StormWarnings.lnk -> C:\Program Files (x86)\StormWarnings\StormWarnings.exe (Storm Warnings, LLC)
    ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2014-11-12] (Kaspersky Lab ZAO)
    ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-11-12] (Kaspersky Lab ZAO)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy restriction on ProxySettings)
    ProxyServer: [HKLM] => http=127.0.0.1:52208;https=127.0.0.1:52208
    ProxyServer: [HKLM-x32] => http=127.0.0.1:52208;https=127.0.0.1:52208
    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcbyVFEF02PJzoodznxpPmMyx5P35X5MvaCnrWDMsB8EZXrSojBeFQItFC9p87156MvRLDVWw8RP8-s4AUYGDQxohR181OB-opBT7ZDdvZ1H1Qm9XxxDHWxN7FnXpWJwaBP_oODgSaOhF_DBfJaZukAoAIJX3OQEKfsi9AOiiL3Lpjyhmg,,&q={searchTerms}
    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcbyVFEF02PJzoodznxpPmMyx5P35X5MvaCnrWDMsB8EZXrSojBeFQItFC9p87156MvRLDVWw8RP8-s4AUYGDQxohR181OB-opBT7ZDdvZ1H1Qm9XxxDHWxN7FnXpWJwaBP_oODgSaOhF_DBfJaZukAoAIJX3OQEKfsi9AOiiL3Lpjyhmg,,&q={searchTerms}
    HKU\S-1-5-21-3137014762-4098446849-747361786-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_46_ie&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0EtCyE0FyDtC0A0F0B0FtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzyyB0CyC0E0E0FtG0AtDyEtAtG0C0EyCtDtG0C0ByEtAtGtB0B0C0CtDyEtA0DtA0EtAyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByCyEyDzyyCyC0CtGyBzy0EyDtGyE0EyBzztG0AtDtDzztG0Ezy0AyCyBtBtA0B0DtAtDzy2Q&cr=1297409525&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites_14_46_ie&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0EtCyE0FyDtC0A0F0B0FtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDzyyB0CyC0E0E0FtG0AtDyEtAtG0C0EyCtDtG0C0ByEtAtGtB0B0C0CtDyEtA0DtA0EtAyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByCyEyDzyyCyC0CtGyBzy0EyDtGyE0EyBzztG0AtDtDzztG0Ezy0AyCyBtBtA0B0DtAtDzy2Q&cr=1297409525&ir=
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcbyVFEF02PJzoodznxpPmMyx5P35X5MvaCnrWDMsB8EZXrSojBeFQItFC9p87156MvRLDVWw8RP8-s4AUYGDQxohR181OB-opBT7ZDdvZ1H1Qm9XxxDHWxN7FnXpWJwaBP_oODgSaOhF_DBfJaZukAoAIJX3OQEKfsi9AOiiL3LpjyhnQ,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcbyVFEF02PJzoodznxpPmMyx5P35X5MvaCnrWDMsB8EZXrSojBeFQItFC9p87156MvRLDVWw8RP8-s4AUYGDQxohR181OB-opBT7ZDdvZ1H1Qm9XxxDHWxN7FnXpWJwaBP_oODgSaOhF_DBfJaZukAoAIJX3OQEKfsi9AOiiL3LpjyhnQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching.com/search.aspx?s=F4Azbuzdk00TR1,468dd568-180d-4dbc-9521-9a33399eb2cd,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://www-searching.com/search.aspx?s=F4Azbuzdk00TR1,468dd568-180d-4dbc-9521-9a33399eb2cd,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching.com/search.aspx?s=F4Azbuzdk00TR1,468dd568-180d-4dbc-9521-9a33399eb2cd,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> {2C188D00-8C31-4959-97E2-786DBAC4FAD2} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcbyVFEF02PJzoodznxpPmMyx5P35X5MvaCnrWDMsB8EZXrSojBeFQItFC9p87156MvRLDVWw8RP8-s4AUYGDQxohR181OB-opBT7ZDdvZ1H1Qm9XxxDHWxN7FnXpWJwaBP_oODgSaOhF_DBfJaZukAoAIJX3OQEKfsi9AOiiL3Lpjyhmg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> {73161A25-B465-44BD-8DDF-2C19F3CCD1CC} URL = http://www-searching.com/search.aspx?s=F4Azbuzdk00TR1,468dd568-180d-4dbc-9521-9a33399eb2cd,&site=set&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-searching.com/search.aspx?s=F4Azbuzdk00TR1,468dd568-180d-4dbc-9521-9a33399eb2cd,&q={searchTerms}
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-11-12] (Kaspersky Lab ZAO)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-11-12] (Kaspersky Lab ZAO)
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKU\S-1-5-21-3137014762-4098446849-747361786-1000 -> No Name - {F2B8F521-78AD-4F52-8D23-DAFB42B6F85E} - No File
    Winsock: Catalog9 01 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Winsock: Catalog9 02 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Winsock: Catalog9 03 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Winsock: Catalog9 04 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Winsock: Catalog9 05 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Winsock: Catalog9 16 C:\Program Files (x86)\StormWarnings\SW_Updater.dll [346928 2015-05-15] (Storm Warnings)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @ei.MyTransitGuide_b7.com/Plugin -> C:\Program Files (x86)\MyTransitGuide_b7EI\Installr\1.bin\NPb7EISB.dll [2014-12-03] (MyTransitGuide)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]ersky.com
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
    FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
    FF HKU\S-1-5-21-3137014762-4098446849-747361786-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi

    Chrome:
    =======
    CHR Profile: C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Kaspersky URL Advisor) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-11-12]
    CHR Extension: (Safe Money) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-11-12]
    CHR Extension: (Content Blocker) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-11-12]
    CHR Extension: (Virtual Keyboard) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-11-12]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-13]
    CHR Extension: (Kaspersky Protection) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2015-04-10]
    CHR Extension: (Google Wallet) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-14]
    CHR Extension: (Anti-Banner) - C:\Users\hatcher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-11-12]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
    CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
    R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [57768 2015-05-21] () <==== ATTENTION
    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
    R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
    R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
    R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
    R2 StormWarnings Update Service; C:\Program Files (x86)\StormWarnings\StormWarningsSrv.exe [587440 2015-05-07] ()
    R2 SW_Updater; C:\Program Files (x86)\StormWarnings\SW_Updater.exe [515376 2015-05-15] (Storm Warnings)
    R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-06-11] ()
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [X]
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [X]
    S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [X]
    S2 ZeroConfigService; "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
    R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-11-12] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-11-12] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-11-12] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-11-12] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
    R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.)
    S1 bbnfd_1_10_0_2; system32\drivers\bbnfd_1_10_0_2.sys [X]
    S1 cherimoya; system32\drivers\cherimoya.sys [X]
    S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-11 15:42 - 2015-06-11 15:42 - 00023013 _____ C:\Users\hatcher\Downloads\FRST.txt
    2015-06-11 15:40 - 2015-06-11 15:41 - 02108928 _____ (Farbar) C:\Users\hatcher\Downloads\FRST64.exe
    2015-06-11 09:58 - 2015-06-11 09:58 - 00000000 ____D C:\Users\hatcher\AppData\Local\GWX
    2015-06-10 13:38 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-06-10 13:38 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-06-10 13:38 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-06-10 13:38 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-06-10 13:38 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-06-10 13:38 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-06-10 13:38 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-06-10 13:38 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-06-10 13:38 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-06-10 13:38 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-06-10 13:38 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-06-10 13:38 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-06-10 13:38 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-06-10 13:38 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-06-10 13:38 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-06-10 13:38 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-06-10 13:38 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-06-10 13:38 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-06-10 13:38 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-06-10 13:38 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-06-10 13:38 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-06-10 13:38 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-06-10 13:38 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-06-10 13:38 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-06-10 13:38 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-06-10 13:38 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-06-10 13:38 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-06-10 13:38 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-06-10 13:38 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-06-10 13:38 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-06-10 13:38 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-06-10 13:38 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-06-10 13:38 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-06-10 13:38 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-06-10 13:38 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-06-10 13:38 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-06-10 13:38 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-06-10 13:38 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-06-10 13:38 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-06-10 13:38 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-06-10 13:38 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-06-10 13:38 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-06-10 13:38 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-06-10 13:38 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-06-10 13:38 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-06-10 13:38 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-06-10 13:38 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-06-10 13:38 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-06-10 13:38 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-06-10 13:38 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-06-10 13:38 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-06-10 13:38 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-06-10 13:38 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-06-10 13:38 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-06-10 13:38 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-06-10 13:38 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-06-10 13:38 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-06-10 13:37 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-06-10 13:37 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-06-10 13:37 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-06-10 13:37 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-06-10 13:37 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-06-10 13:37 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-06-10 13:37 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-06-10 13:37 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-06-10 13:37 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-06-10 13:37 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-06-10 13:37 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-06-10 13:37 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-06-10 13:37 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-06-10 13:37 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-06-10 13:37 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-06-10 13:37 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-06-10 13:37 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-06-10 13:37 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-06-10 13:37 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-06-10 13:37 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-06-10 13:37 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-06-10 13:37 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-06-10 13:37 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-06-10 13:37 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-06-10 13:37 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-06-10 13:37 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-06-10 13:37 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-06-10 13:37 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-06-10 13:37 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-06-10 13:37 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-06-10 13:37 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-06-10 13:37 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-06-10 13:37 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-06-10 13:37 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-06-10 13:37 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-06-10 13:37 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-06-10 13:37 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-06-10 13:37 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-06-10 13:37 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-06-10 13:37 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-06-10 13:37 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-06-10 13:37 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-06-10 13:37 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-06-10 13:37 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-06-10 13:37 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-06-10 13:37 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-06-10 13:37 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-06-10 13:37 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-06-10 13:37 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-06-10 13:37 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-06-10 13:37 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-06-10 13:37 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-06-10 13:37 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-06-10 13:37 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-06-10 13:37 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-06-10 13:37 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-06-10 13:37 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-06-10 13:37 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-06-10 13:37 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-06-10 13:37 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-06-10 13:37 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-06-10 13:37 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-06-10 13:37 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2015-06-10 13:37 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
    2015-06-10 13:34 - 2015-06-11 15:42 - 00000000 ____D C:\FRST
    2015-06-10 13:28 - 2015-06-10 13:28 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HATCHER-PC-Windows-7-Home-Premium-(64-bit).dat
    2015-06-10 13:28 - 2015-06-10 13:28 - 00000000 ____D C:\RegBackup
    2015-06-10 13:27 - 2015-06-10 13:27 - 04720448 _____ C:\Users\hatcher\Downloads\tweaking.com_registry_backup_setup.exe
    2015-06-10 13:27 - 2015-06-10 13:27 - 00002235 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-06-10 13:23 - 2015-06-10 13:23 - 00003662 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
    2015-06-10 13:23 - 2015-06-10 13:23 - 00002159 _____ C:\Users\hatcher\Desktop\Tweaking.com - Windows Repair.lnk
    2015-06-10 13:22 - 2015-06-10 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-06-10 13:22 - 2015-06-10 13:27 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2015-06-03 11:03 - 2015-06-03 11:03 - 00023585 _____ C:\Users\hatcher\.recently-used.xbel
    2015-06-02 17:16 - 2015-06-09 15:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-06-02 17:16 - 2015-06-02 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-06-02 17:11 - 2015-06-11 15:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-02 17:11 - 2015-06-11 09:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-02 17:11 - 2015-06-02 17:18 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-06-02 17:11 - 2015-06-02 17:18 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-30 20:51 - 2015-05-30 20:51 - 00000000 ____D C:\Users\hatcher\.cache
    2015-05-28 22:20 - 2015-06-11 15:42 - 00000112 _____ C:\ProgramData\tQKp65ie.dat
    2015-05-28 21:43 - 2015-06-11 15:22 - 00000000 ____D C:\ProgramData\abc
    2015-05-28 21:43 - 2015-05-28 21:43 - 00000000 ____D C:\ProgramData\Package Cache
    2015-05-28 21:41 - 2015-05-29 14:59 - 00000000 ____D C:\Program Files (x86)\Coupoon
    2015-05-22 13:11 - 2015-05-22 13:11 - 00004022 _____ C:\Windows\System32\Tasks\LaunchApp
    2015-05-22 13:08 - 2015-05-22 13:08 - 00001969 _____ C:\Users\hatcher\Desktop\Sync Folder.lnk
    2015-05-22 13:08 - 2015-05-22 13:08 - 00001069 _____ C:\Users\hatcher\Desktop\MyPC Backup.lnk
    2015-05-22 13:08 - 2015-05-22 13:08 - 00000000 ____D C:\Users\hatcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
    2015-05-22 11:52 - 2015-05-22 13:12 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
    2015-05-22 11:51 - 2015-05-22 11:51 - 04058368 _____ C:\Users\hatcher\Downloads\MyPCBackup_WebInstaller.exe
    2015-05-21 10:57 - 2015-05-21 10:57 - 00000000 _____ C:\autoexec.bat
    2015-05-21 10:03 - 2015-05-21 10:03 - 00000000 ____D C:\Users\hatcher\AppData\Local\StormWarnings
    2015-05-19 18:43 - 2015-05-19 18:43 - 00000000 ____D C:\Users\hatcher\AppData\Local\Storm_Warnings,_LLC
    2015-05-19 18:42 - 2015-05-20 15:38 - 00000000 ____D C:\Program Files (x86)\StormWarnings
    2015-05-14 09:29 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-14 09:29 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 16:26 - 2015-05-13 16:26 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-05-13 15:15 - 2015-05-13 15:15 - 00880208 _____ (Google Inc.) C:\Users\hatcher\Downloads\ChromeSetup.exe
    2015-05-13 14:15 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-13 14:15 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-05-13 14:15 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-13 14:14 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-13 14:14 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-13 14:14 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-13 14:13 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-05-13 14:13 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-05-13 14:13 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-05-13 14:13 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-05-13 14:13 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-05-13 14:13 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-05-13 14:13 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-05-13 14:13 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-05-13 14:13 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-05-13 14:13 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-05-13 14:13 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-05-13 14:13 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-05-13 14:13 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-05-13 14:13 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-05-12 11:59 - 2015-05-12 11:59 - 00009728 _____ C:\Users\hatcher\Downloads\To Ship.xls

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-11 15:42 - 2014-11-13 10:38 - 00000364 _____ C:\Windows\Tasks\CIMT_S-1-5-21-3137014762-4098446849-747361786-1000.job
    2015-06-11 15:36 - 2014-11-12 13:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2015-06-11 15:19 - 2014-11-18 11:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-11 15:19 - 2009-07-14 00:51 - 00101822 _____ C:\Windows\setupact.log
    2015-06-11 15:18 - 2014-11-10 15:19 - 01810411 _____ C:\Windows\WindowsUpdate.log
    2015-06-11 15:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
    2015-06-11 10:05 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-11 10:05 - 2009-07-14 00:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-11 10:02 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-11 10:00 - 2014-11-12 13:13 - 00000000 __SHD C:\Users\hatcher\AppData\Local\EmieBrowserModeList
    2015-06-11 10:00 - 2014-11-11 15:58 - 00000000 __SHD C:\Users\hatcher\AppData\Local\EmieUserList
    2015-06-11 10:00 - 2014-11-11 15:58 - 00000000 __SHD C:\Users\hatcher\AppData\Local\EmieSiteList
    2015-06-11 09:58 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2015-06-11 09:57 - 2015-03-30 18:41 - 00001060 _____ C:\Windows\Tasks\Crossbrowse.job
    2015-06-11 09:57 - 2014-12-19 13:53 - 00000956 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    2015-06-11 09:55 - 2014-11-12 13:18 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2015-06-11 09:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-11 09:55 - 2009-07-14 00:45 - 00295216 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-06-11 09:54 - 2014-12-11 11:06 - 00000000 ____D C:\Windows\system32\appraiser
    2015-06-11 09:54 - 2014-11-10 17:34 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-06-11 09:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-06-10 22:30 - 2014-11-10 16:16 - 00000000 ____D C:\Windows\system32\MRT
    2015-06-10 22:27 - 2014-11-10 16:16 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-06-10 18:58 - 2014-12-19 13:53 - 00000960 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
    2015-06-09 22:02 - 2014-11-12 19:41 - 00000000 ____D C:\ProgramData\SafeUpdaterData
    2015-06-09 15:19 - 2014-11-18 11:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-09 15:19 - 2014-11-18 11:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-09 15:19 - 2014-11-18 11:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-07 21:38 - 2010-11-20 23:47 - 00038628 _____ C:\Windows\PFRO.log
    2015-06-05 16:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-06-04 17:15 - 2014-11-10 17:53 - 00022428 _____ C:\Users\hatcher\Documents\stuff.ods
    2015-06-03 11:03 - 2014-11-26 14:29 - 00000000 ____D C:\Users\hatcher\AppData\Roaming\gtk-2.0
    2015-06-03 11:03 - 2014-11-26 14:06 - 00000000 ____D C:\Users\hatcher\.gimp-2.6
    2015-06-03 11:03 - 2014-11-12 15:16 - 00007891 _____ C:\Windows\BRRBCOM.INI
    2015-06-03 11:03 - 2014-11-10 15:19 - 00000000 ____D C:\Users\hatcher
    2015-06-03 10:19 - 2014-11-12 16:16 - 00000000 ____D C:\Users\hatcher\AppData\Local\Google
    2015-06-02 17:15 - 2014-11-24 11:14 - 00000000 ____D C:\Program Files (x86)\Google
    2015-05-21 11:29 - 2009-07-14 01:08 - 00026032 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-05-21 10:50 - 2014-11-14 10:43 - 00044420 _____ C:\Windows\wininit.ini
    2015-05-20 03:00 - 2015-04-05 12:31 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-05-20 03:00 - 2015-04-05 12:31 - 00000000 ___SD C:\Windows\system32\GWX
    2015-05-15 03:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2015-05-14 09:57 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
    2015-05-14 09:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
    2015-05-13 16:26 - 2014-11-19 11:29 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

    ==================== Files in the root of some directories =======

    2015-03-31 11:48 - 2015-03-31 11:49 - 0001267 _____ () C:\Users\hatcher\AppData\Roaming\Bubble Dock.boostrap.log
    2015-03-31 11:48 - 2015-03-31 11:49 - 0005725 _____ () C:\Users\hatcher\AppData\Roaming\Bubble Dock.installation.log
    2015-03-31 11:49 - 2015-03-31 11:49 - 0000078 _____ () C:\Users\hatcher\AppData\Roaming\Selection Tools.installation.log
    2015-03-31 11:48 - 2015-03-31 11:48 - 0000097 _____ () C:\Users\hatcher\AppData\Roaming\WindApp.boostrap.log
    2015-03-31 11:49 - 2015-03-31 11:49 - 0000078 _____ () C:\Users\hatcher\AppData\Roaming\WindApp.installation.log
    2015-05-28 22:20 - 2015-06-11 15:42 - 0000112 _____ () C:\ProgramData\tQKp65ie.dat

    Files to move or delete:
    ====================
    C:\ProgramData\tQKp65ie.dat


    Some files in TEMP:
    ====================
    C:\Users\hatcher\AppData\Local\Temp\349.exe
    C:\Users\hatcher\AppData\Local\Temp\36792uninstall.exe
    C:\Users\hatcher\AppData\Local\Temp\4C0EF7B5-FED4-BA81-1D3B-99E3C72B2F49.exe
    C:\Users\hatcher\AppData\Local\Temp\7za.exe
    C:\Users\hatcher\AppData\Local\Temp\94F7FEAB-21EE-36A4-DBE9-3CE48B5698CF.dll
    C:\Users\hatcher\AppData\Local\Temp\94F7FEAB-21EE-36A4-DBE9-3CE48B5698CF.exe
    C:\Users\hatcher\AppData\Local\Temp\CloudBackup2699.exe
    C:\Users\hatcher\AppData\Local\Temp\CloudBackup6500.exe
    C:\Users\hatcher\AppData\Local\Temp\CloudBackup9099.exe
    C:\Users\hatcher\AppData\Local\Temp\DRHelper_installFinish.exe
    C:\Users\hatcher\AppData\Local\Temp\DRHelper_installStart.exe
    C:\Users\hatcher\AppData\Local\Temp\DRHelper_uninstallComplete.exe
    C:\Users\hatcher\AppData\Local\Temp\OnlineBackup.exe
    C:\Users\hatcher\AppData\Local\Temp\optprosetup.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_0911.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_10819.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_11410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_114624.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_124434.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_141540.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_141734.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_14410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144120.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144214.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144324.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144349.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144411.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144420.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_144611.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_145028.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_14505.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_145224.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_14617.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_14648.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_153722.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_17410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174120.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174125.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174131.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174134.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174153.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174316.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_174623.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_175353.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_20410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_204110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_204114.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_204122.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_20429.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_204622.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_20486.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_213226.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_215640.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_2311.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_232441.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_23410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234111.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234120.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234122.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234125.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234621.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_234636.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_235558.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_2410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24111.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24120.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24122.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24126.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24213.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24323.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24552.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_24625.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_3221.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_35543.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_5410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_54110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_54120.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_54624.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_54627.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_62710.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_8410.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_84110.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_84122.exe
    C:\Users\hatcher\AppData\Local\Temp\SetupCheck_84625.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_04125.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_070.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_101740.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_114110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_1163.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_132435.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_13411.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_141143.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14127.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14142.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_141511.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_141742.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14233.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14360.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_143729.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_143756.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_143812.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144112.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144113.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144159.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144210.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144215.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144241.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144255.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144312.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_144817.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_145039.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_145143.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14613.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14639.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_14838.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_1518.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_154841.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_162035.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174111.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174120.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174122.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174141.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174157.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174237.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_17427.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174330.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_17438.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174433.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174436.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_174451.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_184054.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_185411.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_20327.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_20410.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_204110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_204120.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_2042.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_204222.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_204325.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_2127.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_21321.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_215728.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_2235.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_22420.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_22426.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_2244.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_22458.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_225432.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_231140.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_232354.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_233422.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_23410.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_234110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_234111.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_234113.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_235347.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_2410.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24111.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24113.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24119.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24642.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_24657.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_25229.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_32139.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_35528.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_45833.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_54110.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_54111.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_62444.exe
    C:\Users\hatcher\AppData\Local\Temp\Setup_84110.exe
    C:\Users\hatcher\AppData\Local\Temp\ShAeroDisabler.exe
    C:\Users\hatcher\AppData\Local\Temp\SpOrder.dll
    C:\Users\hatcher\AppData\Local\Temp\Sqlite3.dll
    C:\Users\hatcher\AppData\Local\Temp\System.Data.SQLite.dll
    C:\Users\hatcher\AppData\Local\Temp\tu17p84.exe
    C:\Users\hatcher\AppData\Local\Temp\Uninstall.exe
    C:\Users\hatcher\AppData\Local\Temp\vcredist_x64.exe
    C:\Users\hatcher\AppData\Local\Temp\_is3D9.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-03 12:33
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148682

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice