Solved dllhost COM surrogate

L

lumpy

New Member
Thread author
Nov 6, 2014
10
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Lumsdaine (administrator) on LUMSDAINE-HOME on 06-11-2014 23:33:56
Running from C:\Users\Lumsdaine\Documents\Software\Anti-virus
Loaded Profile: Lumsdaine (Available profiles: Lumsdaine & David & Stephen & Timothy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\MPI-RT\4.0.2.005\em64t\bin\smpd.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files\nCode\ANSYS 14.0 nCode DesignLife 64-bit\GlyphWorks\bin\TCBServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\lmgrd.exe
() C:\Users\Lumsdaine\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Juno, Inc.) C:\Program Files (x86)\Juno\exec.exe
(SanDisk Corporation) C:\Users\Lumsdaine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Juno, Inc.) C:\Program Files (x86)\Juno\exec.exe
() C:\Users\Lumsdaine\AppData\Local\Autobahn\nexdef.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Code Systems Corporation) C:\Users\Lumsdaine\AppData\Local\Spoon\3.30.0.25\Spoon-Sandbox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Code Systems Corporation) C:\Users\Lumsdaine\AppData\Local\Spoon\Client\Console\0.3.2.18\Spoon-Console.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [uapco] => ",ENUMERATEGUIDS
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [CloudCare] => C:\Program Files (x86)\Bsecure\BsecTray.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648048 2013-07-14] (Ask)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Run: [Juno_uoltray] => C:\Program Files (x86)\Juno\exec.exe [1783296 2010-01-28] (Juno, Inc.)
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Run: [SansaDispatch] => C:\Users\Lumsdaine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-06-11] (SanDisk Corporation)
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Run: [Google Update] => C:\Users\Lumsdaine\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Run: [Amazon Music] => C:\Users\Lumsdaine\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\MountPoints2: {4adada29-4ee1-11e2-98f8-e069958d474f} - L:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\MountPoints2: {745ae735-75d1-11e0-b81c-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2650077242-2340300777-2753760513-1000\...\MountPoints2: {cc98da61-958e-11e2-b7d7-e069958d474f} - L:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Lumsdaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> (No File)
Startup: C:\Users\Lumsdaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Lumsdaine\AppData\Local\Autobahn\nexdef.exe ()
Startup: C:\Users\Lumsdaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Lumsdaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.30.lnk
ShortcutTarget: Spoon Sandbox Manager 3.30.lnk -> C:\Users\Lumsdaine\AppData\Local\Spoon\3.30.0.25\Spoon-Sandbox-Native.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicyUsers\S-1-5-21-2650077242-2340300777-2753760513-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...BzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1425994093
SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...BzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1425994093
SearchScopes: HKLM-x32 - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...BzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1425994093
SearchScopes: HKLM-x32 - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...BzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1425994093
SearchScopes: HKCU - DefaultScope {180066AD-22AF-416C-A539-DD06A66FD882} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US550D20111010&p={SearchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...-4378-A229-C7C53587AE78&q={searchTerms}&SSPV=
SearchScopes: HKCU - {180066AD-22AF-416C-A539-DD06A66FD882} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US550D20111010&p={SearchTerms}
SearchScopes: HKCU - {3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B} URL = http://search.juno.com/search?action=search&source=browserbox&query={searchTerms}
SearchScopes: HKCU - {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = http://search.kikin.com/search/?q={searchTerms}
SearchScopes: HKCU - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.p...BzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1425994093
SearchScopes: HKCU - {C63DE89B-7DC0-4F5A-9D20-B33C1D883C12} URL = http://websearch.ask.com/redirect?c...pn_sauid=31C1586F-7EAB-448B-B784-2EB5C4365CF3
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO-x32: Pop-up Blocker -> {52706EF7-D7A2-49AD-A615-E903858CF284} -> C:\Program Files (x86)\Juno\qsacc\X1IEBHO.dll (Juno, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: kikin Plugin -> {E601996F-E400-41CA-804B-CD6373A7EEE2} -> C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: Juno Toolbar Helper -> {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files (x86)\Juno\ucreg.dll (Juno, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://a248.e.akamai.net/f/248/147...ager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc1.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448440] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448440] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448440] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448440] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448440] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448440] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [448440] (PC Tools Research Pty Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 216.165.129.158

FireFox:
========
FF ProfilePath: C:\Users\Lumsdaine\AppData\Roaming\Mozilla\Profiles\zy2jvpl9.David
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.159_0\npsoe.dll ()
FF Plugin HKCU: @spoon.net/Spoon Plugin 3.30 -> C:\Users\Lumsdaine\AppData\Local\Spoon\3.30.0.25\npMozillaSpoonPlugin.dll (Code Systems Corp.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lumsdaine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Lumsdaine\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Lumsdaine\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Lumsdaine\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lumsdaine\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lumsdaine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lumsdaine\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-31]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-07]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-10-10]
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox
FF Extension: Browser Guard Toolbar - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2012-07-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{42DFD9E9-D088-11E1-8270-B8AC6F996F26}] - C:\Users\Lumsdaine\AppData\Local\{42DFD9E9-D088-11E1-8270-B8AC6F996F26}
FF Extension: Mozilla Safe Browsing - C:\Users\Lumsdaine\AppData\Local\{42DFD9E9-D088-11E1-8270-B8AC6F996F26} [2012-07-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=mcafee&type=B211US550D20111010&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-12-09]
CHR Extension: (Google Drive) - C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Funmoods) - C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2012-10-17]
CHR Extension: (SOE Web Installer) - C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf [2011-12-28]
CHR Extension: (SiteAdvisor) - C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-10-14]
CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj [2011-12-19]
CHR Extension: (Cargo Bridge) - C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2011-12-09]
CHR Extension: (Grepolis) - C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2011-12-09]
CHR Extension: (Skype Click to Call) - C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-10-19]
CHR Extension: (Google Wallet) - C:\Users\Lumsdaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\LUMSDA~1\AppData\Local\funmoods.crx []
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\LUMSDA~1\AppData\Local\funmoods-speeddial_sf.crx [2012-10-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-28]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\LUMSDA~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-05]
CHR HKCU\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\LUMSDA~1\AppData\Local\funmoods-speeddial_sf.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\LUMSDA~1\AppData\Local\funmoods-speeddial_sf.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [4954112 2011-10-17] (ANSYS, Inc.) [File not signed]
R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [575448 2012-06-14] (Threat Expert Ltd.)
S2 CWDaemon; C:\Program Files\ContentWatch\bin\cwdaemon.exe [4100264 2014-09-12] (ContentWatch, Inc.)
S3 CWUpdaterDaemon; C:\Program Files\ContentWatch\bin\cwupdater.exe [7736488 2014-05-29] (ContentWatch, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 impi_smpd; C:\Program Files (x86)\Intel\MPI-RT\4.0.2.005\em64t\bin\smpd.exe [1423264 2011-04-28] (Intel Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-09-23] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402336 2012-05-11] (PC Tools)
S3 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118648 2012-05-11] (PC Tools)
R2 TCB Server; C:\Program Files\nCode\ANSYS 14.0 nCode DesignLife 64-bit\GlyphWorks\bin\TCBServer.exe [27136 2011-09-21] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S1 DhaHelper; C:\Windows\SysWOW64\drivers\dhahelper.sys [7168 2011-12-14] (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>) [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 narcpi_wfp; C:\Windows\System32\DRIVERS\narcpi_wfp.sys [33584 2014-09-12] ()
R3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85224 2012-06-14] (PC Tools)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426616 2012-04-23] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
R1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251528 2012-05-11] (PC Tools)
S3 U6000ALL; C:\Windows\System32\DRIVERS\dmdcap.sys [276480 2007-06-08] ()
S3 mfehidk01; \Device\mfehidk01.sys [X]
S3 mfehidk02; \Device\mfehidk02.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 23:32 - 2014-11-06 23:34 - 00000000 ____D () C:\FRST
2014-11-06 18:36 - 2014-11-06 18:41 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2650077242-2340300777-2753760513-1003Core1cffa1a86005ce9.job
2014-11-06 18:36 - 2014-11-06 18:36 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2650077242-2340300777-2753760513-1003Core1cffa1a86005ce9
2014-11-06 18:36 - 2014-11-06 18:36 - 00000000 _____ () C:\Users\David\AppData\Roaming\nidkwq.dll
2014-11-06 13:09 - 2014-11-06 13:09 - 00000000 ____D () C:\Users\Lumsdaine\AppData\Local\ContentWatch
2014-11-05 22:15 - 2014-11-05 22:15 - 00071168 _____ () C:\Windows\system32\qkqfrrq.dll
2014-11-05 22:15 - 2014-11-05 22:15 - 00003860 _____ () C:\Windows\System32\Tasks\{F44321EB-B8FE-0D0D-E2D8-AE2BDF357A92}
2014-11-05 22:15 - 2014-11-05 22:15 - 00000000 _____ () C:\Windows\system32\nidkwq.dll
2014-11-05 18:38 - 2014-11-05 18:38 - 01054912 _____ (Adobe) C:\Users\Lumsdaine\Downloads\install_flashplayer15x32au_mssd_aaa_aih.exe
2014-10-31 08:46 - 2014-11-06 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-30 04:15 - 2014-10-30 04:16 - 23635896 _____ (Citrix Systems, Inc.) C:\Users\Lumsdaine\Downloads\CitrixOnlinePluginWeb (2).exe
2014-10-29 21:10 - 2014-10-29 21:10 - 00000000 __SHD () C:\Users\Lumsdaine\AppData\Local\EmieUserList
2014-10-29 21:10 - 2014-10-29 21:10 - 00000000 __SHD () C:\Users\Lumsdaine\AppData\Local\EmieSiteList
2014-10-29 20:58 - 2013-10-14 17:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-10-29 20:55 - 2014-10-29 20:55 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-29 20:55 - 2014-10-29 20:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-29 20:55 - 2014-10-29 20:55 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-29 20:55 - 2014-10-29 20:55 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-29 20:55 - 2014-10-29 20:55 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-29 20:55 - 2014-10-29 20:55 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-29 20:55 - 2014-10-29 20:55 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-29 20:55 - 2014-10-29 20:55 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-29 20:55 - 2014-10-29 20:55 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-29 20:55 - 2014-10-29 20:55 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-29 20:55 - 2014-10-29 20:55 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-29 20:55 - 2014-10-29 20:55 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-29 20:55 - 2014-10-29 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-29 20:54 - 2014-10-29 20:54 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-29 20:54 - 2014-10-29 20:54 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-29 20:54 - 2014-10-29 20:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-10-29 20:54 - 2014-10-29 20:54 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-10-29 20:54 - 2014-10-29 20:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-10-29 20:54 - 2014-10-29 20:54 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-10-29 20:54 - 2014-10-29 20:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-10-29 20:54 - 2014-10-29 20:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-10-29 20:53 - 2014-10-29 20:53 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-29 20:53 - 2014-10-29 20:53 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-29 20:53 - 2014-10-29 20:53 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-29 20:53 - 2014-10-29 20:53 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-10-29 20:53 - 2014-10-29 20:53 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-29 20:53 - 2014-10-29 20:53 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-29 20:51 - 2014-10-29 20:51 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-10-29 20:51 - 2014-10-29 20:51 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-10-29 20:48 - 2014-10-29 20:58 - 00009324 _____ () C:\Windows\IE11_main.log
2014-10-29 11:44 - 2014-10-29 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-26 14:22 - 2014-10-26 14:22 - 00608604 _____ () C:\Users\Lumsdaine\Downloads\1v3 SP Charlestone Skirmish Spanish_0001.zip
2014-10-26 14:22 - 2014-10-26 14:22 - 00520392 _____ () C:\Users\Lumsdaine\Downloads\rainbpiz_0001.zip
2014-10-26 00:44 - 2014-10-26 00:44 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-25 21:36 - 2014-10-25 21:36 - 00003860 _____ () C:\Windows\System32\Tasks\{48F8D6AF-15BD-38EE-CB2B-CCD02799CDCB}
2014-10-25 21:36 - 2014-10-25 21:36 - 00000000 _____ () C:\Windows\system32\zmffcip.dll
2014-10-24 11:50 - 2014-10-24 11:50 - 00036864 _____ () C:\Users\David\Documents\Peer Evaluations BUSN 1305 04 FALL 2014.xls
2014-10-22 19:42 - 2014-10-22 19:42 - 00000000 ___HD () C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
2014-10-22 06:52 - 2014-10-22 06:52 - 00313253 _____ () C:\Users\Lumsdaine\Downloads\kv43-cort.wrl
2014-10-20 08:32 - 2014-10-20 08:32 - 10157659 _____ () C:\Users\Lumsdaine\Downloads\CitationPresentationFinal.pptx
2014-10-15 12:31 - 2014-11-03 14:51 - 00000000 ____D () C:\Users\Stephen\Thursday Connections
2014-10-14 20:09 - 2014-10-14 20:09 - 00518570 _____ () C:\Users\Lumsdaine\Downloads\The History of the Peloponnesian War.azw3
2014-10-14 20:09 - 2014-10-14 20:09 - 00518570 _____ () C:\Users\Lumsdaine\Downloads\The History of the Peloponnesian War (1).azw3
2014-10-14 12:46 - 2014-10-14 12:46 - 00000675 _____ () C:\Users\Lumsdaine\Downloads\La_Alhambra_Spain.kmz
2014-10-13 09:01 - 2014-10-13 09:02 - 00000000 ____D () C:\Users\Lumsdaine\AppData\Local\{85B911A5-43DF-41B9-A67E-E2A012CE07F5}
2014-10-11 10:12 - 2014-10-11 10:12 - 00000000 ____D () C:\Users\Lumsdaine\AppData\Local\{87BA4989-9984-4700-908F-877EAC345477}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 23:33 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 23:33 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 23:27 - 2011-09-26 15:16 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2650077242-2340300777-2753760513-1000UA.job
2014-11-06 23:27 - 2011-08-07 18:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 23:05 - 2012-07-12 05:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 22:41 - 2011-08-30 15:11 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2650077242-2340300777-2753760513-1003UA.job
2014-11-06 22:41 - 2011-05-03 17:21 - 00000000 ____D () C:\ProgramData\Temp
2014-11-06 22:38 - 2009-07-14 00:13 - 00783394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 22:33 - 2011-10-19 14:48 - 00000000 ____D () C:\Users\Lumsdaine\AppData\Roaming\Skype
2014-11-06 22:32 - 2011-08-07 18:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 22:31 - 2012-05-15 22:28 - 00000041 _____ () C:\Windows\system32\TCBLog.log
2014-11-06 22:31 - 2010-11-20 22:47 - 00587906 _____ () C:\Windows\PFRO.log
2014-11-06 22:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 22:31 - 2009-07-13 23:51 - 00253765 _____ () C:\Windows\setupact.log
2014-11-06 22:23 - 2011-08-06 12:55 - 00000055 _____ () C:\Windows\mail.ini
2014-11-06 21:39 - 2013-04-24 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-06 21:39 - 2013-04-22 21:14 - 00001851 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-11-06 20:19 - 2011-10-10 20:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-06 18:52 - 2014-03-11 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-06 18:42 - 2011-08-07 13:39 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla
2014-11-06 18:41 - 2011-08-30 15:11 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2650077242-2340300777-2753760513-1003Core.job
2014-11-06 18:36 - 2011-08-30 15:11 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2650077242-2340300777-2753760513-1003UA
2014-11-06 18:36 - 2011-08-30 15:11 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2650077242-2340300777-2753760513-1003Core
2014-11-06 18:35 - 2011-08-06 17:01 - 00138936 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 18:35 - 2011-08-06 17:01 - 00001424 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-06 15:16 - 2014-09-12 20:24 - 00002138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net Nanny.lnk
2014-11-06 13:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-06 06:27 - 2011-09-26 15:16 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2650077242-2340300777-2753760513-1000Core.job
2014-11-05 19:27 - 2014-07-06 20:15 - 00000000 ____D () C:\Users\Lumsdaine\AppData\Local\Adobe
2014-11-05 17:29 - 2013-01-29 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-05 15:17 - 2011-08-29 12:28 - 00000000 ____D () C:\Users\Public\Documents\TT Pre-Algebra
2014-11-05 13:32 - 2011-08-06 17:01 - 00000000 ____D () C:\Users\David
2014-11-03 20:33 - 2014-03-12 19:07 - 00000000 ____D () C:\ProgramData\EPSON
2014-11-03 17:11 - 2011-09-06 21:01 - 00000000 ____D () C:\Users\Public\Documents\TT Math 3
2014-11-03 14:55 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-03 08:11 - 2014-09-03 07:25 - 00000000 ____D () C:\Users\Stephen\Documents\Omnibus
2014-11-02 16:15 - 2013-06-08 15:09 - 00007674 _____ () C:\Users\Lumsdaine\AppData\Local\Resmon.ResmonCfg
2014-11-01 11:41 - 2011-05-03 17:10 - 01408092 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 10:50 - 2011-08-08 19:57 - 00000000 ____D () C:\Users\Lumsdaine\AppData\Local\CrashDumps
2014-10-31 05:23 - 2011-08-06 11:28 - 00000000 ____D () C:\Users\Lumsdaine\Citrix
2014-10-29 21:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-29 21:05 - 2011-08-06 04:49 - 00001424 _____ () C:\Users\Lumsdaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-29 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-10-29 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-10-29 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-29 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-29 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-29 20:41 - 2011-08-06 17:37 - 00000000 ____D () C:\Users\Lumsdaine\Documents\Personal
2014-10-29 11:44 - 2011-10-19 14:45 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-29 11:44 - 2011-10-19 14:45 - 00000000 ____D () C:\ProgramData\Skype
2014-10-28 20:28 - 2011-08-07 13:31 - 00000000 ____D () C:\Users\Lumsdaine\AppData\Roaming\Mozilla
2014-10-28 08:13 - 2014-08-19 11:32 - 00015793 _____ () C:\Users\Stephen\Documents\Stephen's Log 2014-2015.xlsx
2014-10-24 20:01 - 2014-01-02 06:07 - 00001606 _____ () C:\Windows\System32\Tasks\Amazon Music Helper
2014-10-24 19:58 - 2011-08-20 19:53 - 00008192 _____ () C:\Users\Lumsdaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-24 17:39 - 2011-10-10 20:10 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-10-23 15:29 - 2011-08-06 17:47 - 00000000 ____D () C:\Users\Lumsdaine\Documents\Sarah
2014-10-23 05:22 - 2011-09-26 15:16 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2650077242-2340300777-2753760513-1000UA
2014-10-23 05:22 - 2011-09-26 15:16 - 00003510 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2650077242-2340300777-2753760513-1000Core
2014-10-17 15:22 - 2011-08-07 18:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 15:22 - 2011-08-07 18:11 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 12:01 - 2014-03-13 13:22 - 00002186 _____ () C:\Users\Lumsdaine\Sti_Trace.log
2014-10-15 12:31 - 2011-08-06 16:59 - 00000000 ____D () C:\Users\Stephen
2014-10-11 20:05 - 2011-11-02 21:06 - 00000000 ____D () C:\Users\Lumsdaine\AppData\Local\Bible Explorer 4
2014-10-10 13:51 - 2014-09-09 10:18 - 00000000 ____D () C:\Users\Michael\School Stuff
2014-10-07 17:29 - 2011-08-06 13:40 - 00138936 _____ () C:\Users\Timothy\AppData\Local\GDIPFONTCACHEV1.DAT

Files to move or delete:
====================
C:\Users\Lumsdaine\CTX.DAT


Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\install_flashplayer10_mssa_aih.exe
C:\Users\David\AppData\Local\Temp\n0phidra.dll
C:\Users\David\AppData\Local\Temp\SkypeSetup.exe
C:\Users\David\AppData\Local\Temp\tmp29F2.exe
C:\Users\David\AppData\Local\Temp\tmp6EB9.exe
C:\Users\Lumsdaine\AppData\Local\Temp\224kkk290347.exe
C:\Users\Lumsdaine\AppData\Local\Temp\54535uninstall.exe
C:\Users\Lumsdaine\AppData\Local\Temp\7bcpyrf_.dll
C:\Users\Lumsdaine\AppData\Local\Temp\APNStub.exe
C:\Users\Lumsdaine\AppData\Local\Temp\AskSLib.dll
C:\Users\Lumsdaine\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lumsdaine\AppData\Local\Temp\COMAP.EXE
C:\Users\Lumsdaine\AppData\Local\Temp\converter.exe
C:\Users\Lumsdaine\AppData\Local\Temp\EBU599C.EXE
C:\Users\Lumsdaine\AppData\Local\Temp\EBU5A77.DLL
C:\Users\Lumsdaine\AppData\Local\Temp\exec.exe
C:\Users\Lumsdaine\AppData\Local\Temp\fjuokzk1.dll
C:\Users\Lumsdaine\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Lumsdaine\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Lumsdaine\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Lumsdaine\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Lumsdaine\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Lumsdaine\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Lumsdaine\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Lumsdaine\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Lumsdaine\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Lumsdaine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Lumsdaine\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Lumsdaine\AppData\Local\Temp\Lifecam3.0.204.0.exe
C:\Users\Lumsdaine\AppData\Local\Temp\mssinstaller.exe
C:\Users\Lumsdaine\AppData\Local\Temp\NEWD890.tmp.exe
C:\Users\Lumsdaine\AppData\Local\Temp\nsdBBF1.exe
C:\Users\Lumsdaine\AppData\Local\Temp\nsjB50E.exe
C:\Users\Lumsdaine\AppData\Local\Temp\nso406F.exe
C:\Users\Lumsdaine\AppData\Local\Temp\nssA608.exe
C:\Users\Lumsdaine\AppData\Local\Temp\nsy31BD.exe
C:\Users\Lumsdaine\AppData\Local\Temp\nsy3A94.exe
C:\Users\Lumsdaine\AppData\Local\Temp\nsyADCC.exe
C:\Users\Lumsdaine\AppData\Local\Temp\NullsoftHelper.dll
C:\Users\Lumsdaine\AppData\Local\Temp\PleaseWait.exe
C:\Users\Lumsdaine\AppData\Local\Temp\qbkqbjp8.dll
C:\Users\Lumsdaine\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lumsdaine\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Lumsdaine\AppData\Local\Temp\sty5-lmo.dll
C:\Users\Lumsdaine\AppData\Local\Temp\tmp1C37.exe
C:\Users\Lumsdaine\AppData\Local\Temp\tmp816E.exe
C:\Users\Lumsdaine\AppData\Local\Temp\uires.dll
C:\Users\Lumsdaine\AppData\Local\Temp\YontooSetup-Silent.exe
C:\Users\Stephen\AppData\Local\Temp\COMAP.EXE
C:\Users\Stephen\AppData\Local\Temp\tmp3D4D.exe
C:\Users\Timothy\AppData\Local\Temp\tmp433C.exe
C:\Users\Timothy\AppData\Local\Temp\tmp8F82.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 07:37

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 
L

lumpy

New Member
Thread author
Nov 6, 2014
10
TwinHeadedEagle,

I have attached the files here.
I had also run Farbar before my original post, and included the text from FRST in the message (I had seen the many previous e-mails regarding this trojan).

Thanks for helping with this nasty bug.
 

Attachments

  • Addition.txt
    48.2 KB · Views: 136
  • FRST.txt
    86.2 KB · Views: 47
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    3.4 KB · Views: 36
L

lumpy

New Member
Thread author
Nov 6, 2014
10
OK. I have attached the fixlog.txt
Whenever I connect to the internet, ten dllhost processes start, but when I disconnect, they often will vanish over time. Should I be connected or not during these fixes (or does it matter)?

Thank.
 

Attachments

  • Fixlog.txt
    8.9 KB · Views: 45
L

lumpy

New Member
Thread author
Nov 6, 2014
10
The dllhost processes have not come back, although McAfee comes up with of bunch of "Potentially Unwanted Program Blocked" messages. I have attached a few screen grabs.

Thanks again.
 

Attachments

  • Capture.JPG
    Capture.JPG
    40.7 KB · Views: 62
  • Capture3.JPG
    Capture3.JPG
    40.9 KB · Views: 42
  • Capture2.JPG
    Capture2.JPG
    41.3 KB · Views: 49
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Okay, let's see what is this:


FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 
L

lumpy

New Member
Thread author
Nov 6, 2014
10
Unfortunately, it will probably be tomorrow before I am able to get to the computer again - just so this thread doesn't get closed for inactivity.

Thanks again.
 
L

lumpy

New Member
Thread author
Nov 6, 2014
10
There you go man.....Thanks for the help!
 

Attachments

  • Addition.txt
    49.2 KB · Views: 95
  • FRST.txt
    81.5 KB · Views: 60
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
remove%20outdated.jpg
Uninstall some programs

We need to uninstall some unwanted/unneeded programs.
  • Press the
    WindowsKey.png
    + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
The list of programs to uninstall:
  • Ask Toolbar
  • Ask Toolbar Updater
After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.




FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.




adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 

Attachments

  • fixlist.txt
    1.2 KB · Views: 31
L

lumpy

New Member
Thread author
Nov 6, 2014
10
When I tried to uninstall the ask toolbar, it said it couldn't uninstall because it doesn't exist or I don't have access to it. I guess it doesn't exist and is just showing up for some reason. Attached are the two logs you asked for.
 

Attachments

  • AdwCleaner[S0].txt
    15.6 KB · Views: 32
  • fixlist.txt
    1.2 KB · Views: 36
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)


Recommended reading:
icon_exclaim.gif
MUST READ - security tips:

icon_exclaim.gif
MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.



Recommended additional software:
icon_arrow.gif
TFC - to clean unneeded temporary files.
icon_arrow.gif
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif
McShield - to prevent infections spread by removable media.
icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gif
FiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gif
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​




Stay safe,
TwinHeadedEagle :)
 

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
1,967
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,823
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,824
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top