1. #1

    Malware infection missed by MS SE but found by MBAM, persistent errors

    Hi

    Had an infection a while back that completely got passed MS Security essentials.
    I ran MBAM when I became concerned and it found I think dealt with the issues.
    Malware infection missed by MS SE but found by MBAM, persistent errors-image2-jpgMalware infection missed by MS SE but found by MBAM, persistent errors-image1-jpg

    However I am seeing errors on my system so remain concerned.

    Addition.txtFRST.txt

    I ran SecurityCheck.exe but the output file was blank?

    I wonder if someone could walk me through checking all is well please?

    http://speccy.piriform.com/results/W...JWeDgL1bQabEjS



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
    Ran by Mike & Cheryl (administrator) on ENIGMA on 23-06-2015 09:08:52
    Running from C:\Users\Mike & Cheryl\Downloads
    Loaded Profiles: Mike & Cheryl & (Available Profiles: Mike & Cheryl & Corel & DefaultAppPool)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINOE.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518464 2013-07-18] (Acronis)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-21] (Intel Corporation)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7806256 2014-02-04] (Acronis)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102208 2013-10-10] (Acronis International GmbH)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINOE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4724.0224] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4724.0224"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\MountPoints2: E - E:\Welcome.exe
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINOE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4724.0224] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4724.0224"
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\Welcome.exe
    HKU\S-1-5-21-989875291-3784188841-2934234737-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OneDrive] => C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
    HKU\S-1-5-21-989875291-3784188841-2934234737-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
    Startup: C:\Users\Mike & Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-18]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
    ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
    ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-12] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mike & Cheryl\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-12] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN UK | Hotmail, Outlook, Skype, Bing, Latest News, Photos and Videos
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Access Denied / User Login | Pure Connect
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN UK | Hotmail, Outlook, Skype, Bing, Latest News, Photos and Videos
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = Access Denied / User Login | Pure Connect
    SearchScopes: HKLM -> {6EDFAF30-275B-4FA0-9D3D-A4600E797629} URL = http://localoem.msn.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {7C1AD7AD-091A-4EDA-B5CC-A801C572D8F9} URL = http://localoem.msn.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS;
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-989875291-3784188841-2934234737-1000 -> {E93B2C8E-D987-4B61-A0C9-65F1171B652C} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E93B2C8E-D987-4B61-A0C9-65F1171B652C} URL = https://www.google.com/search?q={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
    BHO-x32: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
    Toolbar: HKLM-x32 - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
    Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mike & Cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\gsj5i7gi.default
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-11] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-11] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-30] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
    FF Extension: Windows Media Player Extension for Firefox - C:\Users\Mike & Cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\gsj5i7gi.default\Extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2015-04-02]
    FF Extension: EPUBReader - C:\Users\Mike & Cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\gsj5i7gi.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-06-02]
    FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Mike & Cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\gsj5i7gi.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-19]
    FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-04-29]
    FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
    FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-12-21]
    FF HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
    FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-19]
    FF HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

    Chrome:
    =======
    CHR Profile: C:\Users\Mike & Cheryl\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Mike & Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17]
    CHR Extension: (Video Downloader professional) - C:\Users\Mike & Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-04-17]
    CHR Extension: (MagicScroll eBook Reader) - C:\Users\Mike & Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-04-17]
    CHR Extension: (AdBlock) - C:\Users\Mike & Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-17]
    CHR Extension: (TinEye Reverse Image Search) - C:\Users\Mike & Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-04-17]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mike & Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
    CHR Extension: (Google Wallet) - C:\Users\Mike & Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-30]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
    R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
    S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
    S4 McAWFwk; c:\Program Files\McAfee\MSC\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S4 McOobeSv2; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 amdiommu; C:\Windows\system32\drivers\amdkiomd.sys [77312 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
    S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [52440 2012-12-26] (Asmedia Technology)
    S3 AVerFx2hbtv64; C:\Windows\System32\drivers\AVerFx2hbtv64.sys [508928 2009-07-01] (AVerMedia TECHNOLOGIES, Inc.)
    S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65408 2013-07-17] (Etron Technology Inc) [File not signed]
    S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2013-06-04] (Etron Technology Inc) [File not signed]
    S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [94208 2013-07-17] (Etron Technology Inc) [File not signed]
    S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [77480 2013-07-03] (Fresco Logic)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-23] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
    S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
    R0 Si3132r5; C:\Windows\System32\DRIVERS\Si3132r5.sys [337960 2007-12-26] (Silicon Image, Inc)
    R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2007-12-26] (Silicon Image, Inc.)
    R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2007-12-26] (Silicon Image, Inc.)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-06-30] (Acronis International GmbH)
    R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-06-30] (Acronis International GmbH)
    R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-06-30] (Acronis International GmbH)
    S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.)
    S3 VNUSB; C:\Windows\SysWOW64\Drivers\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.) [File not signed]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Three Months Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-23 09:08 - 2015-06-23 09:08 - 02109952 _____ (Farbar) C:\Users\Mike & Cheryl\Downloads\FRST64.exe
    2015-06-23 09:08 - 2015-06-23 09:08 - 00000000 ____D C:\FRST
    2015-06-23 08:58 - 2015-06-23 09:02 - 00000000 ____D C:\AdwCleaner
    2015-06-23 08:58 - 2015-06-23 08:58 - 02244096 _____ C:\Users\Mike & Cheryl\Downloads\adwcleaner_4.207.exe
    2015-06-23 08:53 - 2015-06-23 08:53 - 00000000 _____ C:\Users\Mike & Cheryl\Desktop\checkup.txt
    2015-06-23 08:52 - 2015-06-23 08:52 - 00852662 _____ C:\Users\Mike & Cheryl\Downloads\SecurityCheck (1).exe
    2015-06-23 07:49 - 2015-06-23 07:49 - 00003664 ____N C:\bootsqm.dat
    2015-06-23 07:13 - 2015-06-23 07:13 - 12907304 _____ C:\Users\Mike & Cheryl\Downloads\tweaking.com_windows_repair_aio_setup (2).exe
    2015-06-22 21:53 - 2015-06-22 21:59 - 00039071 _____ C:\Users\Mike & Cheryl\Documents\HarvesterData.xlsx
    2015-06-22 21:53 - 2015-06-22 21:53 - 00047710 _____ C:\Users\Mike & Cheryl\Documents\HarvesterData.txt
    2015-06-22 21:10 - 2015-06-22 21:13 - 00352256 _____ C:\Users\Mike & Cheryl\Documents\Signals intelligence.accdb
    2015-06-22 21:07 - 2015-06-22 21:09 - 01290240 _____ C:\Users\Mike & Cheryl\Documents\test.accdb
    2015-06-22 21:03 - 2015-06-22 21:03 - 00017670 _____ C:\Users\Mike & Cheryl\Documents\Contacts.acctl
    2015-06-21 17:30 - 2015-06-23 08:30 - 00000911 _____ C:\Windows\Tasks\EPSON XP-620 Series Update {FB12B6CC-83F1-46B1-90FF-81DD86347B65}.job
    2015-06-21 17:30 - 2015-06-21 17:30 - 00003978 _____ C:\Windows\System32\Tasks\EPSON XP-620 Series Update {FB12B6CC-83F1-46B1-90FF-81DD86347B65}
    2015-06-21 17:30 - 2015-06-21 17:30 - 00000123 _____ C:\Users\Public\Desktop\Epson Connect Site.url
    2015-06-21 17:30 - 2015-06-21 17:30 - 00000000 ____D C:\Program Files\EpsonNet
    2015-06-21 17:26 - 2015-06-21 17:26 - 06887008 _____ (SEIKO EPSON CORPORATION) C:\Users\Mike & Cheryl\Downloads\Epson_XP-620_Series_EA_11_Web (1).EXE
    2015-06-21 13:45 - 2015-06-21 19:07 - 00000000 ____D C:\Users\Mike & Cheryl\Desktop\Miniwhip tests
    2015-06-21 12:29 - 2015-06-21 12:29 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\Acronis
    2015-06-18 15:59 - 2014-07-14 18:36 - 00001032 _____ C:\Users\Mike & Cheryl\Desktop\FreeSCAN.lnk
    2015-06-17 09:26 - 2015-06-17 09:32 - 00000000 ____D C:\Users\Mike & Cheryl\Desktop\Flood
    2015-06-16 22:03 - 2015-06-17 18:10 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\Blueberry
    2015-06-16 22:03 - 2015-06-16 22:03 - 00001423 _____ C:\Users\Public\Desktop\BB FlashBack Express Recorder.lnk
    2015-06-16 22:03 - 2015-06-16 22:03 - 00001413 _____ C:\Users\Public\Desktop\BB FlashBack Express Player.lnk
    2015-06-16 22:03 - 2015-06-16 22:03 - 00000000 ____D C:\Windows\SysWOW64\MTSLog
    2015-06-16 22:03 - 2015-06-16 22:03 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\LogSys
    2015-06-16 22:03 - 2015-06-16 22:03 - 00000000 ____D C:\Program Files (x86)\Blueberry Software
    2015-06-16 22:01 - 2015-06-16 22:02 - 20294856 _____ (Blueberry) C:\Users\Mike & Cheryl\Downloads\bbfbex5.exe
    2015-06-16 11:29 - 2015-06-16 11:29 - 00096768 _____ C:\Users\Mike & Cheryl\Desktop\numbers.pub
    2015-06-16 11:15 - 2015-06-16 11:15 - 00014604 _____ C:\Users\Mike & Cheryl\Downloads\Main Page › Priyom.org.html
    2015-06-16 11:15 - 2015-06-16 11:15 - 00000000 ____D C:\Users\Mike & Cheryl\Downloads\Main Page › Priyom.org_files
    2015-06-16 10:23 - 2015-06-16 10:44 - 24361472 _____ C:\Users\Mike & Cheryl\Documents\DadButterFday.pub
    2015-06-14 20:51 - 2015-06-14 20:51 - 02494560 _____ (Trend Micro Inc.) C:\Users\Mike & Cheryl\Downloads\HousecallLauncher64 (1).exe
    2015-06-14 20:35 - 2015-06-14 20:35 - 00000000 ____D C:\Users\Mike & Cheryl\Documents\Add-in Express
    2015-06-10 12:27 - 2015-06-10 12:27 - 00770376 _____ (Ashisoft ) C:\Users\Mike & Cheryl\Downloads\dfsetup.exe
    2015-06-10 09:34 - 2015-06-01 20:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-06-10 09:34 - 2015-06-01 19:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-06-10 09:34 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-06-10 09:34 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-06-10 09:34 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-06-10 09:34 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-06-10 09:34 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-06-10 09:34 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-06-10 09:34 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-06-10 09:34 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-06-10 09:34 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-06-10 09:34 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-06-10 09:34 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-06-10 09:34 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-06-10 09:34 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-06-10 09:34 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-06-10 09:34 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-06-10 09:34 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-06-10 09:34 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-06-10 09:34 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-06-10 09:34 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-06-10 09:34 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-06-10 09:34 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-06-10 09:34 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-06-10 09:34 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-06-10 09:34 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-06-10 09:34 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-06-10 09:34 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-06-10 09:34 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-06-10 09:34 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-06-10 09:34 - 2015-05-22 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-06-10 09:34 - 2015-05-22 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-06-10 09:34 - 2015-05-22 20:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-06-10 09:34 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-06-10 09:34 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-06-10 09:34 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-06-10 09:34 - 2015-05-22 20:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-06-10 09:34 - 2015-05-22 19:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-06-10 09:34 - 2015-05-22 19:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-06-10 09:34 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-06-10 09:34 - 2015-05-22 19:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-06-10 09:34 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-06-10 09:34 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-06-10 09:34 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-06-10 09:34 - 2015-05-22 19:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-06-10 09:34 - 2015-05-22 19:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-06-10 09:34 - 2015-05-22 19:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-06-10 09:34 - 2015-05-22 19:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-06-10 09:34 - 2015-05-22 19:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-06-10 09:34 - 2015-05-22 19:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-06-10 09:34 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-06-10 09:34 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-06-10 09:34 - 2015-05-22 19:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-06-10 09:34 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-06-10 09:34 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-06-10 09:34 - 2015-05-22 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-06-10 09:34 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-06-10 09:34 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-06-10 09:34 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-06-10 09:34 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-06-10 09:06 - 2015-05-22 19:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-06-10 09:06 - 2015-05-22 19:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-06-10 09:06 - 2015-05-22 19:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-06-10 09:06 - 2015-05-22 19:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-06-10 09:06 - 2015-05-22 19:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-06-10 09:06 - 2015-05-22 19:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-06-10 09:06 - 2015-05-22 19:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-06-10 09:06 - 2015-05-21 14:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-06-10 09:06 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-06-10 09:06 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-06-10 09:06 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-06-10 09:06 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-06-10 09:06 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-06-10 09:06 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-06-10 09:06 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-06-10 09:06 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-06-10 09:06 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-06-10 09:06 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-06-10 09:04 - 2015-05-25 19:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-06-10 09:04 - 2015-05-25 19:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-06-10 09:04 - 2015-05-25 19:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-06-10 09:04 - 2015-05-25 19:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-06-10 09:04 - 2015-05-25 19:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-06-10 09:04 - 2015-05-25 19:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-06-10 09:04 - 2015-05-25 19:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-06-10 09:04 - 2015-05-25 19:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-06-10 09:04 - 2015-05-25 19:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-06-10 09:04 - 2015-05-25 19:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-06-10 09:04 - 2015-05-25 19:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-06-10 09:04 - 2015-05-25 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-06-10 09:04 - 2015-05-25 19:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-06-10 09:04 - 2015-05-25 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-06-10 09:04 - 2015-05-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-06-10 09:04 - 2015-05-25 19:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-06-10 09:04 - 2015-05-25 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-06-10 09:04 - 2015-05-25 19:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-06-10 09:04 - 2015-05-25 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-06-10 09:04 - 2015-05-25 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-06-10 09:04 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-06-10 09:04 - 2015-05-25 19:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-06-10 09:04 - 2015-05-25 19:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-06-10 09:04 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-06-10 09:04 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-06-10 09:04 - 2015-05-25 19:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-06-10 09:04 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-06-10 09:04 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-06-10 09:04 - 2015-05-25 19:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-06-10 09:04 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-06-10 09:04 - 2015-05-25 18:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-06-10 09:04 - 2015-05-25 18:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-06-10 09:04 - 2015-05-25 18:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-06-10 09:04 - 2015-05-25 18:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-06-10 09:04 - 2015-05-25 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-06-10 09:04 - 2015-05-25 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 18:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-06-10 09:04 - 2015-05-25 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-06-10 09:04 - 2015-05-25 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-06-10 09:04 - 2015-05-25 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-10 09:04 - 2015-05-25 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-06-10 09:03 - 2015-05-25 18:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-06-10 09:03 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-06-10 09:03 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2015-06-10 09:00 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
    2015-06-09 21:14 - 2015-06-09 21:14 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Local\DVDVideoSoft_Ltd
    2015-06-09 21:05 - 2015-06-09 21:05 - 00001248 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
    2015-06-09 21:03 - 2015-06-09 21:04 - 20407592 _____ (DVDVideoSoft Ltd. ) C:\Users\Mike & Cheryl\Downloads\FreeScreenVideoRecorder.exe
    2015-06-09 20:49 - 2015-06-09 20:49 - 00816040 _____ C:\Users\Mike & Cheryl\Downloads\rivet_b88.jar
    2015-06-09 20:49 - 2015-06-09 20:49 - 00000078 _____ C:\Users\Mike & Cheryl\Downloads\trigger.xml
    2015-06-09 17:24 - 2015-06-14 23:06 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\HandBrake
    2015-06-09 17:24 - 2015-06-11 12:49 - 00000984 _____ C:\Users\Mike & Cheryl\Desktop\Handbrake.lnk
    2015-06-09 17:24 - 2015-06-09 17:24 - 00000831 _____ C:\Users\Corel\Desktop\Handbrake.lnk
    2015-06-09 17:24 - 2015-06-09 17:24 - 00000000 ____D C:\Program Files\Handbrake
    2015-06-09 17:23 - 2015-06-09 17:23 - 16753416 _____ C:\Users\Mike & Cheryl\Downloads\HandBrake-0.10.1-x86_64-Win_GUI.exe
    2015-06-09 14:30 - 2015-06-09 14:30 - 00004549 _____ C:\Users\Mike & Cheryl\AppData\Roaming\CamStudio.cfg
    2015-06-09 14:30 - 2015-06-09 14:30 - 00000408 _____ C:\Users\Mike & Cheryl\AppData\Roaming\CamShapes.ini
    2015-06-09 14:30 - 2015-06-09 14:30 - 00000408 _____ C:\Users\Mike & Cheryl\AppData\Roaming\CamLayout.ini
    2015-06-09 14:30 - 2015-06-09 14:30 - 00000065 _____ C:\Users\Mike & Cheryl\AppData\Roaming\Camdata.ini
    2015-06-09 14:26 - 2015-06-09 14:26 - 00000096 _____ C:\Users\Mike & Cheryl\AppData\Roaming\version2.xml
    2015-06-09 12:11 - 2015-06-11 15:42 - 00000000 ____D C:\Spectrum
    2015-06-09 12:11 - 2015-06-09 12:11 - 00000606 _____ C:\Users\Public\Desktop\Spectrum Lab.lnk
    2015-06-09 12:10 - 2015-06-09 12:11 - 05844570 _____ C:\Users\Mike & Cheryl\Downloads\install_speclab.zip
    2015-06-09 09:17 - 2015-06-09 21:18 - 00000872 _____ C:\Users\Mike & Cheryl\Desktop\Temp spies.txt
    2015-06-08 13:57 - 2015-06-11 08:31 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2015-06-05 21:17 - 2015-06-05 21:17 - 00010296 _____ C:\Users\Mike & Cheryl\Downloads\S11avariant
    2015-06-05 15:51 - 2015-06-05 16:00 - 00003048 _____ C:\Users\Mike & Cheryl\Desktop\BC3500XLT 05-06-2015_996.html
    2015-06-05 15:47 - 2015-06-05 15:47 - 00530971 _____ C:\Users\Mike & Cheryl\Documents\BC3500XLT 05-06-2015_996.html
    2015-06-04 17:11 - 2015-06-04 17:11 - 00002163 _____ C:\Users\Mike & Cheryl\Desktop\Google Earth.lnk
    2015-06-04 09:41 - 2015-06-04 09:41 - 00002224 _____ C:\Users\Mike & Cheryl\Documents\Video Planner - Shortcut.lnk
    2015-06-04 07:21 - 2015-06-04 07:22 - 00000000 ____D C:\Users\Mike & Cheryl\Downloads\Mandelbulb3Dv189x1
    2015-06-04 07:20 - 2015-06-04 07:20 - 03808765 _____ C:\Users\Mike & Cheryl\Downloads\Mandelbulb3Dv189x1.zip
    2015-06-01 00:07 - 2015-06-10 16:27 - 00000000 ____D C:\Users\Mike & Cheryl\Desktop\share
    2015-05-30 21:44 - 2015-05-31 08:08 - 00000000 ____D C:\Users\Mike & Cheryl\Downloads\Mo Basma
    2015-05-29 16:56 - 2015-05-29 16:56 - 01213972 _____ C:\Users\Mike & Cheryl\Downloads\Facebook.html
    2015-05-29 16:56 - 2015-05-29 16:56 - 00000000 ____D C:\Users\Mike & Cheryl\Downloads\Facebook_files
    2015-05-27 15:57 - 2015-05-27 15:57 - 00000067 _____ C:\Users\Mike & Cheryl\Desktop\Bobs hotel.txt
    2015-05-25 19:31 - 2015-06-23 09:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-25 19:31 - 2015-05-25 19:31 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-05-25 19:31 - 2015-05-25 19:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-05-25 19:31 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-05-25 19:31 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-05-25 19:31 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-05-25 19:29 - 2015-05-25 19:29 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Mike & Cheryl\Downloads\mbam-setup-2.1.6.1022.exe
    2015-05-25 19:17 - 2015-05-25 19:17 - 01231522 _____ C:\Users\Mike & Cheryl\Downloads\ZSoft_Uninstaller_2.5.exe
    2015-05-25 19:17 - 2015-05-25 19:17 - 00001156 _____ C:\Users\Mike & Cheryl\Desktop\ZSoft Uninstaller.lnk
    2015-05-25 19:17 - 2015-05-25 19:17 - 00001156 _____ C:\Users\Corel\Desktop\ZSoft Uninstaller.lnk
    2015-05-25 19:17 - 2015-05-25 19:17 - 00000000 ____D C:\Program Files (x86)\ZSoft
    2015-05-25 11:39 - 2015-05-25 11:39 - 00025214 _____ C:\Users\Mike & Cheryl\Downloads\63849.jpg-width660-height600
    2015-05-24 20:18 - 2015-05-24 20:18 - 00001242 _____ C:\alterperfdisk.reg
    2015-05-23 22:11 - 2015-05-23 22:11 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GcmWin
    2015-05-23 22:11 - 2015-05-23 22:11 - 00000000 ____D C:\Program Files (x86)\GcmWin
    2015-05-23 22:10 - 2015-05-23 22:10 - 02209082 _____ C:\Users\Mike & Cheryl\Downloads\GcmWin316Beta.exe
    2015-05-23 16:39 - 2015-06-23 07:14 - 00003674 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
    2015-05-23 16:38 - 2015-05-23 16:38 - 12888744 _____ C:\Users\Mike & Cheryl\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
    2015-05-21 08:21 - 2015-05-24 12:22 - 00000000 ____D C:\Users\DefaultAppPool
    2015-05-21 08:21 - 2015-05-21 08:21 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
    2015-05-21 08:21 - 2014-06-30 09:32 - 00002107 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2015-05-21 08:21 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-05-21 08:21 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-05-20 17:47 - 2015-05-20 18:28 - 00000000 ____D C:\Users\Mike & Cheryl\Documents\Med pack
    2015-05-19 14:52 - 2015-05-19 14:52 - 00000000 ____D C:\Users\Mike & Cheryl\Downloads\pdfcrack-0.11
    2015-05-19 14:51 - 2015-05-19 14:51 - 00748073 _____ C:\Users\Mike & Cheryl\Downloads\pdfcrack-0.11.zip
    2015-05-19 14:49 - 2015-05-19 14:49 - 06021120 _____ C:\Users\Mike & Cheryl\Downloads\apdfpr_setup_en.msi
    2015-05-17 19:36 - 2015-05-17 19:45 - 00000000 ____D C:\SFCFix
    2015-05-17 19:35 - 2015-05-17 19:45 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Local\niemiro
    2015-05-17 19:34 - 2015-05-17 19:34 - 01317376 _____ (niemiro) C:\Users\Mike & Cheryl\Downloads\SFCFix (1).exe
    2015-05-17 19:30 - 2015-05-17 19:30 - 07186992 _____ (Microsoft Corporation) C:\Users\Mike & Cheryl\Downloads\vcredist_x64 (3).exe
    2015-05-17 19:30 - 2015-05-17 19:30 - 06554576 _____ (Microsoft Corporation) C:\Users\Mike & Cheryl\Downloads\vcredist_x86.exe
    2015-05-17 16:27 - 2015-05-17 16:27 - 00000038 _____ C:\Users\Mike & Cheryl\Downloads\chill.m3u
    2015-05-16 10:06 - 2015-06-23 07:14 - 00002166 _____ C:\Users\Mike & Cheryl\Desktop\Tweaking.com - Windows Repair.lnk
    2015-05-16 10:06 - 2015-05-16 10:06 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2015-05-16 10:05 - 2015-05-16 10:05 - 12873576 _____ C:\Users\Mike & Cheryl\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2015-05-15 14:13 - 2015-05-15 14:13 - 00006468 _____ C:\Users\Mike & Cheryl\Downloads\couple.jpeg
    2015-05-15 12:50 - 2015-05-15 12:50 - 00001194 _____ C:\Users\Mike & Cheryl\Desktop\Sound Effects Generator.lnk
    2015-05-15 12:50 - 2015-05-15 12:50 - 00000000 ____D C:\Program Files (x86)\Sound Effects Generator
    2015-05-15 12:49 - 2015-05-15 12:49 - 00351288 _____ (Sean O'Connor ) C:\Users\Mike & Cheryl\Downloads\soundeffectsgeneratorsetup.exe
    2015-05-15 12:10 - 2015-05-15 12:10 - 00000028 _____ C:\Windows\Robota.INI
    2015-05-14 07:26 - 2015-05-14 07:26 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Mike & Cheryl\Downloads\flashplayer17axau_ha_install.exe
    2015-05-13 09:46 - 2015-05-01 14:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 09:46 - 2015-05-01 14:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 07:36 - 2015-04-18 04:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-13 07:36 - 2015-04-18 03:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-05-13 07:34 - 2015-04-20 04:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-13 07:34 - 2015-04-20 04:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-13 07:34 - 2015-04-20 03:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-13 07:34 - 2015-04-13 04:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-13 07:34 - 2015-04-08 04:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-05-13 07:34 - 2015-04-08 04:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-05-13 07:34 - 2015-04-08 04:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-05-07 21:59 - 2015-03-04 05:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-05-07 21:59 - 2015-03-04 05:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-05-07 21:59 - 2015-03-04 05:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-05-07 21:59 - 2015-03-04 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-05-07 21:59 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-05-07 21:59 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-05-07 21:59 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-05-07 21:59 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-05-07 21:59 - 2015-02-18 08:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-05-07 20:01 - 2015-05-07 20:02 - 20122312 _____ (MangoApps) C:\Users\Mike & Cheryl\Downloads\TinyTakeSetup_v_2_5_45.exe
    2015-05-04 19:37 - 2015-05-04 19:55 - 00000000 ____D C:\Users\Mike & Cheryl\Documents\Pension
    2015-05-04 15:57 - 2015-05-04 15:57 - 00000000 ___RD C:\Users\Mike & Cheryl\Documents\Notes
    2015-05-04 15:23 - 2015-05-07 17:22 - 00000678 _____ C:\Users\Mike & Cheryl\Desktop\Tom Hopkins - Shortcut.lnk
    2015-05-04 11:07 - 2015-05-04 11:07 - 02363405 _____ (WD6CNF ) C:\Users\Mike & Cheryl\Downloads\cw decoder.exe
    2015-05-04 11:04 - 2015-05-04 11:04 - 28848044 _____ C:\Users\Mike & Cheryl\Desktop\Tinkerbell music.wav
    2015-05-02 19:03 - 2015-05-02 19:03 - 00000000 _____ C:\Windows\exctrlst.INI
    2015-05-02 19:00 - 2015-05-02 19:00 - 00630000 _____ (Microsoft Corporation) C:\Users\Mike & Cheryl\Downloads\exctrlst_setup.exe
    2015-05-02 18:47 - 2015-05-02 18:47 - 00000000 _____ C:\Windows\system32\lodctr
    2015-05-01 22:06 - 2015-05-01 22:06 - 00000000 ____D C:\Users\Mike & Cheryl\Downloads\Autoruns
    2015-05-01 22:05 - 2015-05-01 22:05 - 00546464 _____ C:\Users\Mike & Cheryl\Downloads\Autoruns.zip
    2015-05-01 21:10 - 2015-05-01 21:17 - 03440760 _____ (Microsoft Corporation) C:\Users\Mike & Cheryl\Downloads\vcredist_IA64.exe
    2015-04-30 11:12 - 2015-04-30 11:12 - 00000080 _____ C:\Users\Mike & Cheryl\Desktop\dads accounts.txt
    2015-04-29 20:17 - 2015-04-29 20:17 - 00444571 _____ C:\Users\Mike & Cheryl\Downloads\2008.02.proma.csv.zip
    2015-04-29 20:16 - 2015-04-29 20:16 - 00109321 _____ C:\Users\Mike & Cheryl\Downloads\airband2009_live.zip
    2015-04-29 10:47 - 2015-06-20 11:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-04-29 08:00 - 2015-04-29 08:00 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Mike & Cheryl\Downloads\mbar-1.09.1.1004.exe
    2015-04-25 12:43 - 2015-04-25 12:43 - 00002659 _____ C:\Users\Mike & Cheryl\Downloads\how to 2mm led.htm
    2015-04-25 12:42 - 2015-04-25 12:42 - 00128164 _____ C:\Users\Mike & Cheryl\Downloads\A forum to discuss all aspects of modelling British railways - Yahoo Groups.html
    2015-04-25 12:42 - 2015-04-25 12:42 - 00002854 _____ C:\Users\Mike & Cheryl\Downloads\WD 2-8-0 service (1).htm
    2015-04-25 12:42 - 2015-04-25 12:42 - 00002104 _____ C:\Users\Mike & Cheryl\Downloads\Heljan lube (1).wri
    2015-04-25 12:42 - 2015-04-25 12:42 - 00000000 ____D C:\Users\Mike & Cheryl\Downloads\A forum to discuss all aspects of modelling British railways - Yahoo Groups_files
    2015-04-25 12:40 - 2015-04-25 12:40 - 00002854 _____ C:\Users\Mike & Cheryl\Downloads\WD 2-8-0 service.htm
    2015-04-25 12:40 - 2015-04-25 12:40 - 00002104 _____ C:\Users\Mike & Cheryl\Downloads\Heljan lube.wri
    2015-04-25 12:35 - 2015-04-25 12:35 - 00001128 _____ C:\Users\Mike & Cheryl\Downloads\Hornby Castle problems.txt
    2015-04-24 22:27 - 2015-04-24 22:27 - 06073414 _____ C:\Users\Mike & Cheryl\Downloads\sarychev_oblique_final_H264.mov
    2015-04-24 20:51 - 2015-04-24 20:53 - 00401408 _____ C:\Users\Mike & Cheryl\Documents\SWL2015.accdb
    2015-04-24 20:43 - 2015-04-24 20:44 - 01867776 _____ C:\Users\Mike & Cheryl\Documents\swl.accdb
    2015-04-24 20:43 - 2015-04-24 20:43 - 01338298 _____ C:\Users\Mike & Cheryl\Documents\Desktop call tracker.accdt
    2015-04-24 20:26 - 2011-07-17 12:31 - 00040448 _____ C:\Windows\SysWOW64\GoWin32.dll
    2015-04-24 20:26 - 2009-12-30 21:22 - 00056320 _____ (Thomas Gudehus EDV-Dienstleistungen) C:\Windows\SysWOW64\RACCD32a.dll
    2015-04-24 20:26 - 2006-11-29 21:48 - 00124688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsWinsck.ocx
    2015-04-24 20:26 - 2003-10-17 20:23 - 00081920 _____ C:\Windows\SysWOW64\qrz32.dll
    2015-04-24 20:26 - 2003-05-09 16:26 - 00062464 _____ C:\Windows\SysWOW64\agwdll32.dll
    2015-04-24 20:26 - 1998-06-26 01:00 - 01008432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsChrt20.ocx
    2015-04-24 20:26 - 1998-06-24 01:00 - 00609584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comctl32.ocx
    2015-04-24 20:26 - 1998-06-24 01:00 - 00525352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DBGrid32.ocx
    2015-04-24 20:26 - 1998-06-24 01:00 - 00166200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsMask32.ocx
    2015-04-24 20:26 - 1998-06-24 01:00 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comct232.ocx
    2015-04-24 20:26 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.dll
    2015-04-24 20:05 - 2015-04-24 20:05 - 00097792 _____ C:\Windows\SysWOW64\VariCode.tbl
    2015-04-24 20:05 - 2010-10-05 07:33 - 00491520 _____ (JE3HHT) C:\Windows\SysWOW64\MMVARI.ocx
    2015-04-24 18:56 - 2015-06-22 23:18 - 00000000 ____D C:\Users\Mike & Cheryl\Desktop\Radio from 2015
    2015-04-24 18:43 - 2015-04-24 18:43 - 00000480 _____ C:\Users\Mike & Cheryl\Desktop\B-Log - Shortcut.lnk
    2015-04-24 10:51 - 2015-04-24 10:51 - 00002124 _____ C:\Users\Mike & Cheryl\Desktop\Microsoft Security Essentials.lnk
    2015-04-24 08:07 - 2015-05-13 09:48 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2015-04-24 08:07 - 2015-05-13 09:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2015-04-24 08:05 - 2015-04-24 08:06 - 14160536 _____ (Microsoft Corporation) C:\Users\Mike & Cheryl\Downloads\mseinstall.exe
    2015-04-24 07:57 - 2015-03-14 04:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2015-04-24 07:57 - 2015-03-14 04:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2015-04-24 07:57 - 2015-03-14 04:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2015-04-24 07:57 - 2015-03-14 04:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2015-04-24 07:57 - 2015-01-29 04:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-04-24 07:57 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-04-23 22:22 - 2015-04-23 22:22 - 00025600 ____R (Gibson Research Corp.) C:\Users\Mike & Cheryl\Downloads\leaktest (1).exe
    2015-04-23 20:16 - 2015-04-23 22:21 - 00000022 _____ C:\Users\Mike & Cheryl\Downloads\kavremover.zip
    2015-04-23 20:16 - 2015-04-23 20:17 - 02109822 _____ C:\Windows\SysWOW64\kavremvr 2015-04-23 20-16-26 (pid 6232).log
    2015-04-22 21:10 - 2015-04-23 19:59 - 00000000 ____D C:\Users\Mike & Cheryl\Downloads\ProcessMonitor
    2015-04-22 21:10 - 2015-04-22 21:10 - 00910024 _____ C:\Users\Mike & Cheryl\Downloads\ProcessMonitor.zip
    2015-04-22 19:37 - 2015-04-22 19:36 - 02007367 _____ C:\Users\Corel\Desktop\CBS.log
    2015-04-22 17:07 - 2015-04-23 19:59 - 00000000 ____D C:\Users\Mike & Cheryl\Downloads\GetSystemInfo
    2015-04-22 17:07 - 2015-04-22 17:07 - 01059224 _____ C:\Users\Mike & Cheryl\Downloads\GetSystemInfo.zip
    2015-04-22 10:30 - 2015-04-22 10:30 - 06522673 _____ C:\Users\Mike & Cheryl\Downloads\Visual Studio 2008 overview.pptx
    2015-04-22 08:42 - 2015-04-23 19:59 - 00000000 ____D C:\Users\Mike & Cheryl\Downloads\netfx_setupverifier_new
    2015-04-22 08:42 - 2015-04-22 08:42 - 00244366 _____ C:\Users\Mike & Cheryl\Downloads\netfx_setupverifier_new.zip
    2015-04-21 19:54 - 2015-04-21 19:59 - 564744309 _____ C:\Users\Mike & Cheryl\Downloads\Windows6.1-KB947821-v34-x64.msu
    2015-04-21 18:12 - 2015-06-23 09:08 - 00032077 _____ C:\Users\Mike & Cheryl\Downloads\FRST.txt
    2015-04-21 18:12 - 2015-04-21 18:13 - 00046864 _____ C:\Users\Mike & Cheryl\Downloads\Addition.txt
    2015-04-21 18:02 - 2015-04-21 18:02 - 00002766 _____ C:\Users\Mike & Cheryl\Downloads\FSS.txt
    2015-04-20 09:14 - 2015-04-20 09:14 - 00000116 _____ C:\Users\Public\Documents\link.txt
    2015-04-20 08:26 - 2015-04-20 08:26 - 04961800 _____ (Microsoft Corporation) C:\Users\Mike & Cheryl\Downloads\vcredist_x64 (2).exe
    2015-04-19 20:20 - 2015-04-19 20:20 - 00133904 _____ C:\Users\Mike & Cheryl\Downloads\ptswxcel.zip
    2015-04-19 20:17 - 2015-04-19 20:17 - 00000000 ____D C:\Users\Mike & Cheryl\Downloads\ptswdbas
    2015-04-19 20:16 - 2015-03-28 16:16 - 00076536 _____ C:\Users\Mike & Cheryl\Downloads\ptswdbas.dbf
    2015-04-19 20:15 - 2015-04-19 20:15 - 00008314 _____ C:\Users\Mike & Cheryl\Downloads\ptswdbas.zip
    2015-04-19 12:15 - 2015-04-19 12:15 - 00001040 _____ C:\Users\Public\Desktop\TuneUp.lnk
    2015-04-19 12:15 - 2015-04-19 12:15 - 00000000 ____D C:\Program Files (x86)\TuneUpMedia
    2015-04-18 19:45 - 2015-04-18 20:07 - 01317376 _____ (niemiro) C:\Users\Mike & Cheryl\Downloads\SFCFix.exe
    2015-04-18 17:20 - 2015-04-18 19:44 - 00000067 _____ C:\Users\Mike & Cheryl\Desktop\Sysnative Forums.txt
    2015-04-18 17:15 - 2015-04-18 17:15 - 00003244 _____ C:\Windows\System32\Tasks\{9CF50FA4-87CE-4146-B8E2-792BE681D3FB}
    2015-04-18 15:27 - 2015-06-22 23:19 - 00000000 ____D C:\Users\Mike & Cheryl\Documents\WWSU
    2015-04-18 15:26 - 2015-04-18 15:54 - 00000000 ____D C:\Program Files (x86)\WWSU 64
    2015-04-18 15:26 - 2015-04-18 15:26 - 12668758 _____ C:\Users\Mike & Cheryl\Downloads\DBaseConverter.zip
    2015-04-18 15:26 - 2015-04-18 15:26 - 00004272 _____ C:\Users\Mike & Cheryl\Downloads\ConverterInstallationInstructions.html
    2015-04-18 15:26 - 2015-04-18 15:26 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WWSU 64
    2015-04-18 15:25 - 2015-05-22 17:30 - 00000000 ____D C:\Program Files (x86)\WWSU
    2015-04-18 15:25 - 2015-04-18 15:26 - 00286720 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
    2015-04-18 15:25 - 2015-04-18 15:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
    2015-04-18 15:25 - 2015-04-18 15:26 - 00001644 _____ C:\Windows\ODBCINST.INI
    2015-04-18 15:25 - 2015-04-18 15:26 - 00000288 _____ C:\Windows\ODBC.INI
    2015-04-18 15:24 - 2015-04-18 15:24 - 14760174 _____ C:\Users\Mike & Cheryl\Downloads\wwsu64.zip
    2015-04-18 15:24 - 2015-04-18 15:24 - 00004253 _____ C:\Users\Mike & Cheryl\Downloads\WWSUInstallationInstructions.html
    2015-04-18 11:41 - 2015-04-18 11:41 - 04961800 _____ (Microsoft Corporation) C:\Users\Corel\Downloads\vcredist_x64 (1).exe
    2015-04-18 11:40 - 2015-04-18 11:40 - 02373640 _____ (Microsoft Corporation) C:\Users\Corel\Downloads\vcredist_x64.exe
    2015-04-18 11:34 - 2015-04-18 11:34 - 00000000 ____D C:\Program Files\Reference Assemblies
    2015-04-18 11:34 - 2015-04-18 11:34 - 00000000 ____D C:\Program Files\MSBuild
    2015-04-18 11:34 - 2015-04-18 11:34 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2015-04-18 11:34 - 2015-04-18 11:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2015-04-18 00:12 - 2015-04-18 00:12 - 02373640 _____ (Microsoft Corporation) C:\Users\Mike & Cheryl\Downloads\vcredist_x64 (1).exe
    2015-04-18 00:08 - 2015-04-18 00:08 - 00003400 _____ C:\Windows\System32\Tasks\{A6FC1E7E-2F70-40AE-B173-366922DEE620}
    2015-04-18 00:06 - 2015-04-18 00:06 - 00003400 _____ C:\Windows\System32\Tasks\{E91781F1-1E16-41A5-AFB7-ADD2620E22D7}
    2015-04-17 23:53 - 2015-04-17 23:53 - 00000000 ____D C:\Users\Corel\AppData\Roaming\Epson
    2015-04-17 23:43 - 2015-04-18 00:02 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\Ulead Systems
    2015-04-17 23:41 - 2015-04-17 23:41 - 00000000 ____D C:\Program Files (x86)\Haali
    2015-04-17 23:39 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
    2015-04-17 23:39 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2015-04-17 23:39 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2015-04-17 23:39 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
    2015-04-17 23:39 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
    2015-04-17 23:39 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2015-04-17 23:39 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
    2015-04-17 23:39 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2015-04-17 23:39 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
    2015-04-17 23:39 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2015-04-17 23:39 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
    2015-04-17 23:39 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
    2015-04-17 23:39 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
    2015-04-17 23:39 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2015-04-17 23:39 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
    2015-04-17 23:39 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
    2015-04-17 23:39 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2015-04-17 23:39 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2015-04-17 23:39 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
    2015-04-17 23:39 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2015-04-17 23:39 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
    2015-04-17 23:39 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2015-04-17 23:39 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2015-04-17 23:39 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
    2015-04-17 23:39 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
    2015-04-17 23:39 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2015-04-17 23:39 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
    2015-04-17 23:39 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2015-04-17 23:39 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
    2015-04-17 23:39 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
    2015-04-17 23:39 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
    2015-04-17 23:39 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2015-04-17 23:39 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2015-04-17 23:39 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
    2015-04-17 23:39 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
    2015-04-17 23:39 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2015-04-17 23:39 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
    2015-04-17 23:39 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2015-04-17 23:39 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
    2015-04-17 23:39 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2015-04-17 23:39 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
    2015-04-17 23:39 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2015-04-17 23:39 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
    2015-04-17 23:39 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2015-04-17 23:39 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2015-04-17 23:39 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
    2015-04-17 23:39 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
    2015-04-17 23:39 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2015-04-17 23:39 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
    2015-04-17 23:39 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2015-04-17 23:39 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2015-04-17 23:39 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
    2015-04-17 23:39 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2015-04-17 23:39 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
    2015-04-17 23:39 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2015-04-17 23:39 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
    2015-04-17 23:39 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
    2015-04-17 23:39 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2015-04-17 23:39 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2015-04-17 23:39 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
    2015-04-17 23:39 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
    2015-04-17 23:39 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2015-04-17 23:39 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2015-04-17 23:39 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
    2015-04-17 23:39 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
    2015-04-17 23:39 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2015-04-17 23:39 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
    2015-04-17 23:39 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2015-04-17 23:39 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
    2015-04-17 23:39 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2015-04-17 23:39 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
    2015-04-17 23:39 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2015-04-17 23:39 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2015-04-17 23:39 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
    2015-04-17 23:39 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
    2015-04-17 23:39 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2015-04-17 23:39 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
    2015-04-17 23:39 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2015-04-17 23:39 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
    2015-04-17 23:39 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2015-04-17 23:39 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
    2015-04-17 23:39 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2015-04-17 23:39 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
    2015-04-17 23:39 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2015-04-17 23:39 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
    2015-04-17 23:39 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2015-04-17 23:39 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
    2015-04-17 23:39 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2015-04-17 23:39 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
    2015-04-17 23:39 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2015-04-17 23:39 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
    2015-04-17 23:39 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2015-04-17 23:39 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
    2015-04-17 23:39 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2015-04-17 23:39 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
    2015-04-17 23:39 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2015-04-17 23:39 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
    2015-04-17 23:39 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2015-04-17 23:39 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
    2015-04-17 23:39 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2015-04-17 23:39 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
    2015-04-17 23:39 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2015-04-17 23:39 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
    2015-04-17 23:39 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2015-04-17 23:39 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
    2015-04-17 23:39 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2015-04-17 23:39 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
    2015-04-17 23:39 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2015-04-17 23:39 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
    2015-04-17 23:39 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2015-04-17 23:39 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
    2015-04-17 23:39 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2015-04-17 23:39 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
    2015-04-17 23:39 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2015-04-17 23:39 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
    2015-04-17 23:39 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2015-04-17 23:39 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
    2015-04-17 23:39 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2015-04-17 23:39 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
    2015-04-17 23:39 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2015-04-17 23:39 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
    2015-04-17 23:39 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2015-04-17 23:39 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2015-04-17 23:39 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
    2015-04-17 23:39 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
    2015-04-17 23:39 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2015-04-17 23:39 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
    2015-04-17 23:39 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2015-04-17 23:39 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2015-04-17 23:39 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
    2015-04-17 23:39 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
    2015-04-17 23:39 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
    2015-04-17 23:39 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2015-04-17 23:39 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2015-04-17 23:39 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2015-04-17 23:39 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
    2015-04-17 23:39 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
    2015-04-17 23:39 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
    2015-04-17 23:39 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2015-04-17 23:39 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
    2015-04-17 23:39 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2015-04-17 23:39 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
    2015-04-17 23:39 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2015-04-17 23:39 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
    2015-04-17 23:39 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2015-04-17 23:39 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
    2015-04-17 23:39 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2015-04-17 23:39 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
    2015-04-17 23:39 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
    2015-04-17 23:39 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2015-04-17 23:39 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
    2015-04-17 23:39 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2015-04-17 23:39 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
    2015-04-17 23:39 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2015-04-17 23:39 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
    2015-04-17 23:39 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2015-04-17 22:37 - 2015-04-17 22:37 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2015-04-17 22:29 - 2015-04-17 22:29 - 02217984 _____ C:\Users\Mike & Cheryl\Downloads\adwcleaner_4.201.exe
    2015-04-17 16:36 - 2015-04-17 16:36 - 00000000 _____ C:\Windows\EEventManager.INI
    2015-04-17 16:06 - 2015-04-17 16:06 - 00000000 __SHD C:\Users\Corel\AppData\Local\EmieUserList
    2015-04-17 16:06 - 2015-04-17 16:06 - 00000000 __SHD C:\Users\Corel\AppData\Local\EmieSiteList
    2015-04-17 16:06 - 2015-04-17 16:06 - 00000000 __SHD C:\Users\Corel\AppData\Local\EmieBrowserModeList
    2015-04-17 16:02 - 2015-05-16 07:25 - 00156872 _____ C:\Users\Corel\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-04-17 16:00 - 2015-04-17 16:00 - 00002262 _____ C:\Users\Corel\Desktop\Google Chrome.lnk
    2015-04-17 16:00 - 2015-04-17 16:00 - 00001420 _____ C:\Users\Corel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-04-17 16:00 - 2015-04-17 16:00 - 00000000 ____D C:\Users\Corel\AppData\Local\Google
    2015-04-17 15:59 - 2015-05-16 18:07 - 00000000 ____D C:\Users\Corel\AppData\Local\NVIDIA Corporation
    2015-04-17 15:59 - 2015-05-16 18:07 - 00000000 ____D C:\Users\Corel
    2015-04-17 15:59 - 2015-04-17 15:59 - 00000020 ___SH C:\Users\Corel\ntuser.ini
    2015-04-17 15:59 - 2015-04-17 15:59 - 00000000 ____D C:\Users\Corel\AppData\Local\NVIDIA
    2015-04-17 15:59 - 2014-06-30 09:32 - 00002107 _____ C:\Users\Corel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2015-04-17 15:59 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Corel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-04-17 15:59 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Corel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-04-17 08:33 - 2015-04-17 08:33 - 03175832 _____ (Microsoft Corporation) C:\Users\Mike & Cheryl\Downloads\vcredist_x64.EXE
    2015-04-17 08:22 - 2015-04-17 08:22 - 00910000 _____ C:\Users\Mike & Cheryl\Downloads\MicrosoftSystemScan_694d8eb0-bd28-46e1-a9f1-23a868c5c688.exe
    2015-04-17 07:29 - 2015-04-17 07:29 - 00029384 _____ (Microsoft Corporation) C:\Users\Mike & Cheryl\Downloads\KB3024777-amd64.exe
    2015-04-17 07:24 - 2015-04-17 07:24 - 00985600 _____ C:\Users\Mike & Cheryl\Downloads\MicrosoftFixit50123.msi
    2015-04-16 23:00 - 2015-04-16 23:00 - 00003236 _____ C:\Windows\System32\Tasks\{FB379787-459E-46A7-A41C-9B88E758831C}
    2015-04-16 09:41 - 2015-04-16 09:41 - 00000000 ____D C:\$WINDOWS.~BT
    2015-04-15 08:05 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-04-15 08:05 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-04-15 08:05 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-04-15 08:05 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-04-15 08:05 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-04-15 08:05 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-04-15 08:05 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-04-15 08:05 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-04-15 08:05 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-04-15 08:05 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-04-15 08:05 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-04-15 08:05 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-04-15 08:05 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-04-15 08:05 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-04-15 08:05 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-04-15 08:05 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-04-15 08:05 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-15 08:05 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-04-15 08:05 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-04-15 08:05 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-04-15 08:05 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-15 08:05 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-04-15 08:05 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-04-15 08:04 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-04-15 08:04 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-15 08:04 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-04-14 16:55 - 2015-05-23 10:56 - 00000964 _____ C:\Users\Mike & Cheryl\Downloads\WinAudit.ini
    2015-04-14 16:55 - 2015-04-14 16:55 - 01499465 _____ C:\Users\Mike & Cheryl\Documents\ENIGMA.html
    2015-04-14 16:53 - 2015-04-14 16:53 - 01658880 _____ (Parmavex Services) C:\Users\Mike & Cheryl\Downloads\WinAudit.exe
    2015-04-11 10:28 - 2015-04-15 20:58 - 00000000 ____D C:\Users\Mike & Cheryl\Desktop\Abi
    2015-04-09 21:13 - 2015-04-09 21:13 - 00003308 _____ C:\Windows\System32\Tasks\{8BE88EFF-DD2E-4528-A356-B28775E21E0E}
    2015-04-08 13:43 - 2015-06-14 23:06 - 00000000 ____D C:\Users\Mike & Cheryl\Desktop\temp
    2015-04-08 09:23 - 2015-04-08 09:23 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\Macromedia
    2015-04-07 21:27 - 2015-04-07 21:27 - 00025600 ____R (Gibson Research Corp.) C:\Users\Mike & Cheryl\Downloads\leaktest.exe
    2015-04-07 21:26 - 2015-04-07 21:26 - 00029696 _____ (Gibson Research Corp.) C:\Users\Mike & Cheryl\Downloads\DCOMbob.exe
    2015-04-07 21:25 - 2015-04-07 21:25 - 00029248 _____ (Gibson Research Corp.) C:\Users\Mike & Cheryl\Downloads\MouseTrap.exe
    2015-04-07 10:29 - 2015-04-07 10:29 - 02494944 _____ (Trend Micro Inc.) C:\Users\Mike & Cheryl\Downloads\HousecallLauncher64.exe
    2015-04-07 09:09 - 2015-04-07 09:09 - 01273352 _____ C:\Users\Mike & Cheryl\Downloads\News-Earth.avi
    2015-04-06 08:30 - 2015-04-06 08:30 - 00689664 _____ C:\Users\Mike & Cheryl\Downloads\MicrosoftFixit50202.msi
    2015-04-05 20:27 - 2015-04-05 20:27 - 00001118 _____ C:\Windows\SysWOW64\BroomData.bit
    2015-04-05 20:27 - 2013-04-08 15:30 - 00022752 _____ C:\Windows\system32\PCloudBroom64.exe
    2015-04-05 19:58 - 2015-04-05 19:58 - 00852607 _____ C:\Users\Mike & Cheryl\Downloads\SecurityCheck.exe
    2015-04-05 19:54 - 2015-04-05 19:54 - 00000000 ____D C:\Program Files (x86)\Panda Security
    2015-04-05 19:54 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
    2015-04-05 19:49 - 2015-04-05 19:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ENIGMA-Windows-7-Professional-(64-bit).dat
    2015-04-05 19:49 - 2015-04-05 19:49 - 00000000 ____D C:\RegBackup
    2015-04-03 20:56 - 2015-04-03 20:56 - 00000000 ____D C:\Windows\CheckSur
    2015-04-03 20:36 - 2012-06-01 06:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
    2015-04-03 20:36 - 2012-06-01 06:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
    2015-04-03 20:36 - 2012-06-01 06:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
    2015-04-03 20:36 - 2012-06-01 06:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
    2015-04-03 20:36 - 2012-06-01 06:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
    2015-04-03 20:36 - 2012-06-01 06:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
    2015-04-03 20:36 - 2012-06-01 05:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
    2015-04-03 20:36 - 2012-06-01 05:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
    2015-04-03 20:36 - 2012-06-01 05:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
    2015-04-03 20:36 - 2012-06-01 05:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
    2015-04-03 20:36 - 2012-06-01 05:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
    2015-04-03 20:36 - 2012-06-01 05:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
    2015-04-03 18:58 - 2015-04-04 17:02 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
    2015-04-03 18:58 - 2015-04-04 17:02 - 00000000 ____D C:\inetpub
    2015-04-03 18:58 - 2015-04-03 21:01 - 00024488 _____ C:\Windows\iis7.log
    2015-04-03 18:58 - 2015-04-03 21:00 - 00000000 ____D C:\Windows\system32\inetsrv
    2015-04-03 18:58 - 2015-04-03 18:58 - 00000000 ____D C:\Windows\system32\BestPractices
    2015-04-03 18:36 - 2015-04-03 18:36 - 00003308 _____ C:\Windows\System32\Tasks\{7DF1D791-37C6-4632-B96D-000284A2493F}
    2015-04-03 16:15 - 2015-06-01 08:08 - 00000000 ___SD C:\Windows\system32\GWX
    2015-04-03 16:15 - 2015-05-20 10:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-04-03 16:14 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-04-03 09:08 - 2015-04-03 09:09 - 00191110 _____ C:\Users\Mike & Cheryl\Documents\ACook.xlsm
    2015-04-02 17:17 - 2015-04-02 17:17 - 00118149 _____ C:\Users\Mike & Cheryl\Downloads\wmpChrome.crx
    2015-04-02 17:14 - 2015-04-02 17:14 - 19643440 _____ (Imagination Technologies Ltd) C:\Users\Mike & Cheryl\Downloads\Pure_Evoke_Flow_v5.0.exe
    2015-04-01 17:00 - 2015-04-23 19:59 - 00000000 ____D C:\Windows\pss
    2015-03-31 13:32 - 2015-03-31 13:34 - 00000000 ____D C:\Users\Mike & Cheryl\Desktop\Lanza Holiday 2015
    2015-03-31 00:55 - 2011-06-11 01:58 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
    2015-03-31 00:55 - 2011-06-11 01:58 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
    2015-03-26 13:02 - 2015-03-26 13:02 - 00183327 _____ C:\Users\Mike & Cheryl\Downloads\WebcamViewer V1.0.zip
    2015-03-26 12:54 - 2015-03-26 12:54 - 00001026 _____ C:\Users\Mike & Cheryl\Desktop\mSetup - Shortcut.lnk
    2015-03-25 23:27 - 2015-03-31 22:00 - 00000000 ____D C:\Users\Public\Documents\Lightworks
    2015-03-25 23:26 - 2010-06-02 05:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2015-03-25 23:26 - 2010-06-02 05:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2015-03-25 23:26 - 2010-06-02 05:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
    2015-03-25 23:26 - 2010-06-02 05:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
    2015-03-25 23:26 - 2010-06-02 05:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2015-03-25 23:26 - 2010-06-02 05:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2015-03-25 23:26 - 2010-05-26 12:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2015-03-25 23:26 - 2010-05-26 12:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2015-03-25 23:26 - 2010-05-26 12:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
    2015-03-25 23:26 - 2010-05-26 12:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2015-03-25 23:25 - 2015-03-31 22:00 - 00000000 ____D C:\Program Files\Lightworks
    2015-03-25 20:04 - 2015-03-25 20:08 - 00000044 _____ C:\Users\Mike & Cheryl\updater_output.txt
    2015-03-25 20:03 - 2015-03-25 20:03 - 00003698 _____ C:\Windows\System32\Tasks\Red Giant Link
    2015-03-25 20:03 - 2015-03-25 20:03 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\Red Giant
    2015-03-25 12:48 - 2015-03-25 13:09 - 00006965 _____ C:\Users\Mike & Cheryl\Documents\westernday.xps
    2015-03-25 12:37 - 2015-03-25 12:37 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\MonkeyJam
    2015-03-25 12:37 - 2005-02-27 18:11 - 00424960 _____ C:\Windows\SysWOW64\wavdest.ax

    ==================== Three Months Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-23 09:06 - 2014-08-09 17:23 - 02055924 _____ C:\Windows\WindowsUpdate.log
    2015-06-23 09:05 - 2014-06-30 15:42 - 00000000 ___RD C:\Users\Mike & Cheryl\Sync
    2015-06-23 09:04 - 2014-10-09 11:50 - 00005014 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Enigma-Mike & Cheryl Enigma
    2015-06-23 09:03 - 2014-08-13 07:35 - 00167437 _____ C:\Windows\setupact.log
    2015-06-23 09:03 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-23 08:58 - 2014-06-30 10:15 - 00000000 ____D C:\Users\Mike & Cheryl\Documents\Outlook Files
    2015-06-23 08:53 - 2014-10-31 16:53 - 00000911 _____ C:\Windows\Tasks\EPSON XP-620 Series Update {F13783BE-AFF1-4A59-BE8B-CC727B85A05C}.job
    2015-06-23 08:51 - 2014-07-03 13:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-23 08:13 - 2009-07-14 06:13 - 00859062 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-23 08:12 - 2009-07-14 05:45 - 00035632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-23 08:12 - 2009-07-14 05:45 - 00035632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-23 08:06 - 2014-06-19 15:10 - 00000000 ____D C:\Windows\CSC
    2015-06-23 07:05 - 2014-11-29 17:45 - 00000000 ____D C:\Users\Mike & Cheryl\Documents\RegBack
    2015-06-22 22:40 - 2009-07-14 05:45 - 00528456 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-06-22 22:37 - 2014-06-29 20:34 - 00156872 _____ C:\Users\Mike & Cheryl\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-06-22 22:26 - 2014-06-29 22:21 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Local\PasswordSafe
    2015-06-21 22:30 - 2014-06-29 20:33 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\Adobe
    2015-06-21 20:33 - 2014-06-30 16:04 - 00000000 ____D C:\Users\Mike & Cheryl\Documents\My PSP Files
    2015-06-21 20:04 - 2014-06-30 12:28 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
    2015-06-21 19:16 - 2014-06-29 22:10 - 00000000 ____D C:\Users\Mike & Cheryl\Documents\Money
    2015-06-21 18:30 - 2014-10-01 10:38 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Local\NVIDIA Corporation
    2015-06-21 17:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool
    2015-06-21 17:29 - 2014-10-31 16:47 - 00000937 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
    2015-06-21 12:28 - 2014-11-04 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-06-21 12:28 - 2014-07-01 14:08 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\Mozilla
    2015-06-20 11:05 - 2014-07-28 14:32 - 00000102 _____ C:\Users\Mike & Cheryl\AppData\Roaming\default.pls
    2015-06-19 13:53 - 2014-12-28 19:44 - 00000069 _____ C:\Windows\NeroDigital.ini
    2015-06-18 16:05 - 2014-07-14 18:36 - 00000000 ____D C:\Program Files (x86)\FreeSCAN
    2015-06-18 11:09 - 2014-06-29 22:21 - 00000000 ____D C:\Users\Mike & Cheryl\Documents\My Safes
    2015-06-17 18:10 - 2014-07-02 13:41 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Local\Windows Live
    2015-06-17 14:42 - 2014-07-02 19:15 - 00027648 _____ C:\Users\Mike & Cheryl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-06-16 21:57 - 2014-12-19 22:50 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
    2015-06-16 21:57 - 2014-12-19 22:48 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Roaming\DVDVideoSoft
    2015-06-15 07:46 - 2014-08-13 15:20 - 00124400 _____ C:\Windows\PFRO.log
    2015-06-14 23:56 - 2014-07-08 08:32 - 00000010 _____ C:\Users\Mike & Cheryl\AppData\Local\sponge.last.runtime.cache
    2015-06-14 23:06 - 2014-06-30 11:39 - 00000000 ____D C:\Program Files (x86)\Google
    2015-06-14 21:01 - 2014-07-08 08:34 - 00816086 _____ C:\Users\Mike & Cheryl\AppData\Local\census.cache
    2015-06-14 21:01 - 2014-07-08 08:34 - 00202296 _____ C:\Users\Mike & Cheryl\AppData\Local\ars.cache
    2015-06-11 15:42 - 2014-06-30 11:39 - 00000000 ____D C:\Users\Mike & Cheryl\AppData\Local\Google
    2015-06-10 17:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2015-06-10 12:24 - 2014-12-10 10:37 - 00000000 ____D C:\Windows\system32\appraiser
    2015-06-10 12:24 - 2014-06-30 22:17 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-06-10 12:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-06-10 11:16 - 2014-06-30 18:34 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-06-10 08:51 - 2014-07-03 13:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-10 08:51 - 2014-07-03 13:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-10 08:51 - 2014-07-03 13:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-07 22:04 - 2014-08-13 18:52 - 00012107 _____ C:\Windows\DirectX.log
    2015-06-07 22:04 - 2014-08-13 18:52 - 00004950 _____ C:\Windows\DXError.log
    2015-06-02 13:01 - 2014-06-30 10:16 - 00000000 ____D C:\Users\Mike & Cheryl\Documents\Databases
    2015-05-24 17:56 - 2014-06-30 16:34 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel

    ==================== Files in the root of some directories =======

    2015-06-09 14:30 - 2015-06-09 14:30 - 0000065 _____ () C:\Users\Mike & Cheryl\AppData\Roaming\Camdata.ini
    2015-06-09 14:30 - 2015-06-09 14:30 - 0000408 _____ () C:\Users\Mike & Cheryl\AppData\Roaming\CamLayout.ini
    2015-06-09 14:30 - 2015-06-09 14:30 - 0000408 _____ () C:\Users\Mike & Cheryl\AppData\Roaming\CamShapes.ini
    2015-06-09 14:30 - 2015-06-09 14:30 - 0004549 _____ () C:\Users\Mike & Cheryl\AppData\Roaming\CamStudio.cfg
    2014-07-28 14:32 - 2015-06-20 11:05 - 0000102 _____ () C:\Users\Mike & Cheryl\AppData\Roaming\default.pls
    2015-06-09 14:26 - 2015-06-09 14:26 - 0000096 _____ () C:\Users\Mike & Cheryl\AppData\Roaming\version2.xml
    2014-07-08 08:34 - 2015-06-14 21:01 - 0202296 _____ () C:\Users\Mike & Cheryl\AppData\Local\ars.cache
    2014-07-08 08:34 - 2015-06-14 21:01 - 0816086 _____ () C:\Users\Mike & Cheryl\AppData\Local\census.cache
    2014-07-02 19:15 - 2015-06-17 14:42 - 0027648 _____ () C:\Users\Mike & Cheryl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-07-08 08:29 - 2014-07-08 08:29 - 0000036 _____ () C:\Users\Mike & Cheryl\AppData\Local\housecall.guid.cache
    2014-06-30 17:04 - 2015-05-16 11:09 - 0007600 _____ () C:\Users\Mike & Cheryl\AppData\Local\resmon.resmoncfg
    2014-07-08 08:32 - 2015-06-14 23:56 - 0000010 _____ () C:\Users\Mike & Cheryl\AppData\Local\sponge.last.runtime.cache

    Some files in TEMP:
    ====================
    C:\Users\Mike & Cheryl\AppData\Local\Temp\Quarantine.exe
    C:\Users\Mike & Cheryl\AppData\Local\Temp\sqlite3.dll


    Some zero byte size files/folders:
    ==========================
    C:\Windows\System32\CNMNPPM.DLL
    C:\Windows\System32\nvd3dum.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-13 10:20

    ==================== End of log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
    Ran by Mike & Cheryl at 2015-04-21 18:12:54
    Running from C:\Users\Mike & Cheryl\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
    AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
    Acronis True Image 2014 (HKLM-x32\...\{F11B92AF-B753-455B-BD04-898A84863B0B}Visible) (Version: 17.0.6673 - Acronis)
    Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Flash Player Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 9.0.124.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Any Video Converter 5.6.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
    AnyRail5 (HKLM-x32\...\AnyRail5 5.18.1) (Version: 5.18.1 - DRail Modelspoor Software)
    AnyRail5 (x32 Version: 5.18.1 - DRail Modelspoor Software) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{9B3B4129-220E-42C7-9C5B-91C65E0885B4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Beyond Compare 3.3.12 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.12.18414 - Scooter Software)
    BlackVue (HKLM-x32\...\BlackVue) (Version: - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Boris Graffiti (HKLM-x32\...\{262BF2CD-601D-4F43-919C-4B00B1D1F338}) (Version: 5.20.200 - Boris FX, Inc.)
    Canon MG6200 series On-screen Manual (HKLM-x32\...\Canon MG6200 series On-screen Manual) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dropbox (HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
    Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.5 - Ashisoft)
    EASEUS Data Recovery Wizard Professional 4.3.6 (HKLM-x32\...\{1965C9BB-9114-4A50-AEC7-E62414BB117B}) (Version: 4.3.6 - EASEUS)
    Easy Photo Scan (HKLM-x32\...\{EDB34773-E7B0-483A-8602-8EBAA7524F8F}) (Version: 1.00.0002 - Seiko Epson Corporation)
    Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
    Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
    EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
    Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.34.00 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON XP-620 Series Printer Uninstall (HKLM\...\EPSON XP-620 Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
    FileSearchEX (HKLM-x32\...\FileSearchEX) (Version: 1.0.9.4 - GOFF Concepts LLC)
    Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server US) (Version: 2.0.1.13 - MAGIX AG)
    Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
    FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
    Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
    FreeSCAN (HKLM-x32\...\FreeSCAN) (Version: - Sixspot Software)
    Geeks3D FurMark 1.14.1 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
    GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
    GoldWave v6.09 (HKLM\...\GoldWave v6.09) (Version: 6.09 - GoldWave Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
    Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
    Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
    iTunes (HKLM\...\{C36440D2-5DBE-4F20-8D39-39D83FDBBE4E}) (Version: 12.1.1.4 - Apple Inc.)
    Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
    Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
    Jasc Paint Shop Pro 9 20040928_12 Plugin Update Patch (HKLM-x32\...\Jasc Paint Shop Pro 9.00 Update Patch) (Version: - )
    Jasc Paint Shop Pro 9 GDI+ Patch (HKLM-x32\...\Jasc Paint Shop Pro 9 GDI+ Patch) (Version: - )
    Jasc Paint Shop Pro 9.01 Patch (HKLM-x32\...\Jasc Paint Shop Pro 9.01 Patch) (Version: - )
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
    Magic Bullet Looks Studio (HKLM-x32\...\Magic Bullet Looks Studio) (Version: - )
    MAGIX Music Maker 15 Download version 15.0.1.8 (US) (HKLM-x32\...\MAGIX Music Maker 15 Download version US) (Version: 15.0.1.8 - MAGIX AG)
    MAGIX Music Maker 15 Trial 15.0.1.8 (US) (HKLM-x32\...\MAGIX Music Maker 15 Trial US) (Version: 15.0.1.8 - MAGIX AG)
    MAGIX Screenshare 4.3.6.1987 (US) (HKLM-x32\...\MAGIX Screenshare US) (Version: 4.3.6.1987 - MAGIX AG)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Money (HKLM-x32\...\Money2005b) (Version: 14 - Microsoft)
    Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
    MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
    Nero 8 (HKLM-x32\...\{9A5B876D-A900-4AAB-B557-DE827BE46E6C}) (Version: 8.3.500 - Nero AG)
    NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Olympus Digital Wave Player (HKLM-x32\...\{FB91E774-867B-4567-ACE7-8144EF036068}) (Version: - )
    Password Safe (HKLM-x32\...\Password Safe) (Version: - )
    PDF-XChange 4 (HKLM\...\{443112E9-3445-4854-AFD3-52E706FDFB62}_is1) (Version: 4.0.214.2 - Tracker Software Products Ltd)
    Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.090 - Pinnacle Systems)
    Pinnacle Studio 12 (HKLM-x32\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.1.3.6605 - Pinnacle Systems)
    Pinnacle Studio 12 Ultimate Plugins (HKLM-x32\...\{D1860E6E-520E-4380-8433-E58E8F88B473}) (Version: 12.0.0.0 - Pinnacle Systems)
    Pinnacle Video Driver (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems)
    PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
    proDAD Vitascene 1.0 (HKLM-x32\...\proDAD-Vitascene-1.0) (Version: - )
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
    RTFx Volume 2 (HKLM-x32\...\{08C8525A-1E21-4E90-81A6-ACA36A10908C}) (Version: 11.00.0000 - Pinnacle Systems)
    ScoreFitter Volume 1 (HKLM-x32\...\{9DCBDF08-F1C0-4935-A958-9501384FC528}) (Version: 1.00.0000 - Pinnacle Systems)
    ScoreFitter Volume 2 (HKLM-x32\...\{74E5BA31-CB34-4388-BC7F-91DC8830AABC}) (Version: 1.00.0000 - Pinnacle Systems)
    SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
    Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
    Super Finder XT 1.6.3.2 (HKLM-x32\...\Super Finder XT_is1) (Version: - FSL - FreeSoftLand)
    TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
    Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
    TuneUp 2.5.2.0 (HKLM-x32\...\TuneUpMedia) (Version: 2.5.2.0 - TuneUp Media, Inc.)
    VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
    WinDirStat 1.1.2 (HKU\S-1-5-21-989875291-3784188841-2934234737-1000\...\WinDirStat) (Version: - )
    Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB (09/29/2009 2.0.0.0) (HKLM\...\75BD84FDFF77342C2A347F729669CBD84CE11B04) (Version: 09/29/2009 2.0.0.0 - OLYMPUS IMAGING CORP.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WWSU 6.4 (HKLM-x32\...\ST6UNST #1) (Version: - )
    WWSU Database Converter (HKLM-x32\...\ST6UNST #2) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-989875291-3784188841-2934234737-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-989875291-3784188841-2934234737-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-989875291-3784188841-2934234737-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-989875291-3784188841-2934234737-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-989875291-3784188841-2934234737-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-989875291-3784188841-2934234737-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-989875291-3784188841-2934234737-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-989875291-3784188841-2934234737-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-989875291-3784188841-2934234737-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-989875291-3784188841-2934234737-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-989875291-3784188841-2934234737-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike & Cheryl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    16-04-2015 23:32:58 b4regclean
    16-04-2015 23:35:58 Installed Microsoft Visual C++ 2005 Redistributable
    16-04-2015 23:41:04 Installed Microsoft Fix it 50202
    16-04-2015 23:45:18 Installed Microsoft Visual C++ 2005 Redistributable
    17-04-2015 07:15:21 Restore Operation
    17-04-2015 07:24:53 Installed Microsoft Fix it 50123
    17-04-2015 07:32:06 Windows Update
    17-04-2015 08:02:36 Installed Microsoft Visual C++ 2005 Redistributable
    17-04-2015 08:33:09 Installed Microsoft Visual C++ 2005 Redistributable (x64)
    17-04-2015 23:38:12 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    17-04-2015 23:38:37 Installed DirectX
    17-04-2015 23:41:07 Installed Apple Application Support
    17-04-2015 23:41:34 Installed QuickTime
    18-04-2015 00:22:09 work in progress
    18-04-2015 11:29:50 Windows Modules Installer
    18-04-2015 11:34:19 Windows Modules Installer
    18-04-2015 17:11:26 Windows Update
    19-04-2015 12:13:47 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
    20-04-2015 09:04:16 Prior to MS Visual remove
    20-04-2015 09:06:43 Removed Microsoft Visual C++ 2005 Redistributable
    20-04-2015 09:07:07 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    20-04-2015 09:07:50 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    20-04-2015 09:08:22 Removed Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    20-04-2015 09:09:04 Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    20-04-2015 09:09:52 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
    20-04-2015 09:10:27 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
    20-04-2015 09:11:10 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    20-04-2015 09:16:31 Installed Microsoft Visual C++ 2005 Redistributable
    20-04-2015 09:17:51 Restore Operation
    20-04-2015 10:50:01 Installed Microsoft Visual C++ 2005 Redistributable
    20-04-2015 10:50:58 Installed Microsoft Visual C++ 2005 Redistributable (x64)
    20-04-2015 11:02:22 Installed Microsoft Visual C++ 2005 Redistributable
    20-04-2015 11:12:36 Installed Microsoft Visual C++ 2005 Redistributable
    20-04-2015 11:17:58 Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    20-04-2015 11:18:28 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
    20-04-2015 11:24:56 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
    20-04-2015 21:13:54 Installed Microsoft Fix it 50123
    20-04-2015 21:15:43 Windows Update
    20-04-2015 22:11:36 Windows Update
    21-04-2015 13:32:28 Installed Microsoft Visual C++ 2005 Redistributable (x64)
    21-04-2015 18:05:41 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0C4B2E21-4F17-4B04-B38F-B015D2418ED0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {0CEFF09E-1F0F-4D79-85D1-A0E52F55F0E1} - System32\Tasks\{A6FC1E7E-2F70-40AE-B173-366922DEE620} => pcalua.exe -a "C:\Program Files (x86)\Corel\Corel VideoStudio X8 Setup Files\Setup\RunTime\MSVC2008\vcredist_x64.exe" -d "C:\Program Files (x86)\Corel\Corel VideoStudio X8 Setup Files\Setup\RunTime\MSVC2008"
    Task: {14DC9496-396B-4D8B-8DF8-0BBC801CC498} - System32\Tasks\{9E67F11E-02E4-41B6-A980-678E4A122BC2} => pcalua.exe -a E:\autorun.exe -d E:\
    Task: {1C6F7EB0-BE48-44EF-8421-DD94D65EACF8} - System32\Tasks\{46B503BA-03BC-40D3-A735-B782D06055A7} => Iexplore.exe http://ui.skype.com/ui/0/6.3.0.107.4...ll?page=tsMain
    Task: {1D267279-ECDD-40C7-B86B-B8489F2EF678} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
    Task: {207AB9E1-1D81-4D43-8B4F-374540376FCF} - System32\Tasks\{A0506D45-0AF7-4515-BA38-6E2B05D8B367} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
    Task: {238664D1-5511-48EB-83EC-593516D1CFB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {2A0F5E93-60E7-4C8A-9956-7D0B4545D79F} - System32\Tasks\{5962A1E0-6AC8-413D-AE0D-286D17AD86B1} => pcalua.exe -a "C:\Users\Mike &amp; Cheryl\Downloads\windirstat1_1_2_setup.exe" -d "C:\Users\Mike &amp; Cheryl\Downloads"
    Task: {33CB8187-8B81-4E64-9D01-7275C2C14F0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
    Task: {3A69D3E3-B01E-48B1-9570-BC04FCBE0B72} - System32\Tasks\{011CC1DE-AFE5-49C0-82A5-BF630694E43F} => pcalua.exe -a E:\Driver\Setup.exe -d E:\Driver
    Task: {43C46797-306F-4126-AA0C-B0EE2F671C48} - System32\Tasks\{8BE88EFF-DD2E-4528-A356-B28775E21E0E} => pcalua.exe -a "C:\Program Files (x86)\Corel\Corel VideoStudio X8 Setup Files\MSIInstaller.exe" -d "C:\Program Files (x86)\Corel\Corel VideoStudio X8 Setup Files"
    Task: {459C16AA-DCF8-474F-ADB3-BDDF6D7F3CDC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {4C554C4E-A8D8-4C37-B9DA-416ABD5FE8DC} - System32\Tasks\{7DF1D791-37C6-4632-B96D-000284A2493F} => pcalua.exe -a "C:\Program Files (x86)\Corel\Corel VideoStudio X8 Setup Files\MSIInstaller.exe" -d "C:\Program Files (x86)\Corel\Corel VideoStudio X8 Setup Files"
    Task: {546EC9E8-6E38-454F-BB92-99D11AE2B4A4} - System32\Tasks\{9163BA38-90E6-4AB0-B66D-5CC707AE848F} => pcalua.exe -a "C:\Users\Mike &amp; Cheryl\Desktop\vcredist_IA64.exe" -d "C:\Users\Mike &amp; Cheryl\Desktop"
    Task: {54DD6A13-72AE-4081-ABB9-5038164ACE0B} - System32\Tasks\{5A2228D5-100D-4536-9655-3BEDE9271C5C} => pcalua.exe -a "C:\Users\Mike &amp; Cheryl\Downloads\content_pack02_int.exe" -d "C:\Users\Mike &amp; Cheryl\Downloads"
    Task: {708C0FAE-0B38-45F6-BB28-D6E7FA6139DF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {9541F798-C350-4D68-A2AA-9F4566ED0BC6} - System32\Tasks\{9DD2F31A-AB6B-4598-92ED-12ABEE5B172D} => pcalua.exe -a "C:\Users\Mike &amp; Cheryl\Downloads\content_pack04_int.exe" -d "C:\Users\Mike &amp; Cheryl\Downloads"
    Task: {9766D399-8670-4F17-8CF0-6BCFD560D2B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
    Task: {9B29365C-39B7-4228-8F19-DC48FA6E82F1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
    Task: {9DB40B62-21C1-40D6-9C9A-79E57B5E61AC} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
    Task: {A9B749ED-6089-49BF-ABEB-C47DAC28CE18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
    Task: {AF76C966-6DE6-4E0D-BABC-4A92F5B2E453} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {B79B3088-426F-45A1-A701-1322A4EDD26E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Enigma-Mike & Cheryl Enigma => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
    Task: {C25E2A7C-E635-4C37-8AC1-4A3BCB2E4A0C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
    Task: {CC2381E0-61DA-4DB7-BC89-ACFCF9ECB91E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
    Task: {CE7E3AB1-8420-46C8-A317-1288C5282673} - System32\Tasks\{FB379787-459E-46A7-A41C-9B88E758831C} => pcalua.exe -a "C:\Users\Mike &amp; Cheryl\Downloads\C plus\vcredist_x86.exe" -d "C:\Users\Mike &amp; Cheryl\Downloads\C plus"
    Task: {D36866AC-A321-4330-A298-F72ECE31981D} - System32\Tasks\{E91781F1-1E16-41A5-AFB7-ADD2620E22D7} => pcalua.exe -a "C:\Program Files (x86)\Corel\Corel VideoStudio X8 Setup Files\Setup\RunTime\MSVC2008\vcredist_x86.exe" -d "C:\Program Files (x86)\Corel\Corel VideoStudio X8 Setup Files\Setup\RunTime\MSVC2008"
    Task: {D3BD8570-F916-4392-9694-0AF732D946B4} - System32\Tasks\{9CF50FA4-87CE-4146-B8E2-792BE681D3FB} => pcalua.exe -a "C:\Users\Mike &amp; Cheryl\Downloads\C plus\vcredist_x64 (1).exe" -d "C:\Users\Mike &amp; Cheryl\Downloads\C plus"
    Task: {DF9B1D43-403B-49CA-A623-ACA61C318A59} - System32\Tasks\EPSON XP-620 Series Update {F13783BE-AFF1-4A59-BE8B-CC727B85A05C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNOE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
    Task: {E0F17662-8CA3-4C71-9ABA-79478F23596A} - System32\Tasks\{E7F2D994-555A-4453-B93C-A0BAC865FC7E} => pcalua.exe -a "C:\Users\Mike &amp; Cheryl\Desktop\magixinstaller.exe" -d "C:\Users\Mike &amp; Cheryl\Desktop"
    Task: {F5F05F4C-1C17-4F44-9A41-28E8E2BDC44F} - System32\Tasks\{2F885C7A-CA4E-41A5-9C01-D047E893C61C} => pcalua.exe -a "C:\Users\Mike &amp; Cheryl\Downloads\content_pack03_int.exe" -d "C:\Users\Mike &amp; Cheryl\Downloads"
    Task: {F875588C-71EF-44E2-A0AE-97B1812B2660} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\EPSON XP-620 Series Update {F13783BE-AFF1-4A59-BE8B-CC727B85A05C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNOE.EXE:/EXE:{F13783BE-AFF1-4A59-BE8B-CC727B85A05C} /F:UpdateSYSTEM
    Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-06-30 09:27 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-06-19 15:12 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-02-21 15:03 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-07-08 08:32 - 2014-07-08 08:32 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
    2014-11-20 22:16 - 2014-11-20 22:16 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
    2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
    2013-10-10 12:02 - 2013-10-10 12:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
    2014-11-20 22:16 - 2014-11-20 22:16 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2014-06-19 15:41 - 2013-04-11 15:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProtexisLicensing => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSI_SVC_2 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSI_SVC_2_x64 => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike & Cheryl\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: EPLTarget =>

    ==================== Accounts: =============================

    Administrator (S-1-5-21-989875291-3784188841-2934234737-500 - Administrator - Disabled)
    Corel (S-1-5-21-989875291-3784188841-2934234737-1004 - Administrator - Enabled) => C:\Users\Corel
    Guest (S-1-5-21-989875291-3784188841-2934234737-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-989875291-3784188841-2934234737-1002 - Limited - Enabled)
    Mike & Cheryl (S-1-5-21-989875291-3784188841-2934234737-1000 - Administrator - Enabled) => C:\Users\Mike & Cheryl

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/21/2015 01:32:49 PM) (Source: MsiInstaller) (EventID: 11935) (User: Enigma)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64"'. Please refer to Help and Support for more information. HRESULT: 0x80070003. assembly interface: IAssemblyCache, function: CreateAssemblyCacheItem, component: {837BF1EB-D770-94EB-A01F-C8B3B9A1E18E}

    Error: (04/21/2015 00:14:07 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
    Description: NvStreamSvcCan continue stopping. [0]

    Error: (04/21/2015 00:14:07 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
    Description: NvStreamSvcMessaging remove all devices. [0]

    Error: (04/21/2015 11:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/20/2015 00:34:00 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/20/2015 11:12:56 AM) (Source: MsiInstaller) (EventID: 11935) (User: Enigma)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x80070003. assembly interface: IAssemblyCache, function: CreateAssemblyCacheItem, component: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}

    Error: (04/20/2015 11:02:43 AM) (Source: MsiInstaller) (EventID: 11935) (User: Enigma)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x80070003. assembly interface: IAssemblyCache, function: CreateAssemblyCacheItem, component: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}

    Error: (04/20/2015 10:51:28 AM) (Source: MsiInstaller) (EventID: 11935) (User: Enigma)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64"'. Please refer to Help and Support for more information. HRESULT: 0x80070003. assembly interface: IAssemblyCache, function: CreateAssemblyCacheItem, component: {837BF1EB-D770-94EB-A01F-C8B3B9A1E18E}

    Error: (04/20/2015 10:50:45 AM) (Source: MsiInstaller) (EventID: 11935) (User: Enigma)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x80070003. assembly interface: IAssemblyCache, function: CreateAssemblyCacheItem, component: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}

    Error: (04/20/2015 09:35:54 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: nvstreamsvc.exe, version: 3.1.2000.0, time stamp: 0x545adf9d
    Faulting module name: nvstreamsvc.exe, version: 3.1.2000.0, time stamp: 0x545adf9d
    Exception code: 0xc0000005
    Fault offset: 0x000000000049ed79
    Faulting process id: 0xf70
    Faulting application start time: 0xnvstreamsvc.exe0
    Faulting application path: nvstreamsvc.exe1
    Faulting module path: nvstreamsvc.exe2
    Report Id: nvstreamsvc.exe3


    System errors:
    =============
    Error: (04/21/2015 03:23:52 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

    Error: (04/21/2015 00:08:27 PM) (Source: KLIF) (EventID: 0) (User: )
    Description: Сonnection is not established

    Error: (04/21/2015 00:08:27 PM) (Source: KLIF) (EventID: 0) (User: )
    Description: Сonnection is not established

    Error: (04/21/2015 00:02:55 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

    Error: (04/21/2015 11:58:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (04/21/2015 11:58:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (04/21/2015 11:58:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (04/21/2015 11:58:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (04/21/2015 11:58:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (04/21/2015 11:58:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (04/21/2015 01:32:49 PM) (Source: MsiInstaller) (EventID: 11935) (User: Enigma)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64"'. Please refer to Help and Support for more information. HRESULT: 0x80070003. assembly interface: IAssemblyCache, function: CreateAssemblyCacheItem, component: {837BF1EB-D770-94EB-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (04/21/2015 00:14:07 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
    Description: NvStreamSvcCan continue stopping. [0]

    Error: (04/21/2015 00:14:07 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
    Description: NvStreamSvcMessaging remove all devices. [0]

    Error: (04/21/2015 11:25:34 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPQuicker.exe

    Error: (04/20/2015 00:34:00 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPQuicker.exe

    Error: (04/20/2015 11:12:56 AM) (Source: MsiInstaller) (EventID: 11935) (User: Enigma)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x80070003. assembly interface: IAssemblyCache, function: CreateAssemblyCacheItem, component: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (04/20/2015 11:02:43 AM) (Source: MsiInstaller) (EventID: 11935) (User: Enigma)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x80070003. assembly interface: IAssemblyCache, function: CreateAssemblyCacheItem, component: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (04/20/2015 10:51:28 AM) (Source: MsiInstaller) (EventID: 11935) (User: Enigma)
    Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64"'. Please refer to Help and Support for more information. HRESULT: 0x80070003. assembly interface: IAssemblyCache, function: CreateAssemblyCacheItem, component: {837BF1EB-D770-94EB-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (04/20/2015 10:50:45 AM) (Source: MsiInstaller) (EventID: 11935) (User: Enigma)
    Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x80070003. assembly interface: IAssemblyCache, function: CreateAssemblyCacheItem, component: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (04/20/2015 09:35:54 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: nvstreamsvc.exe3.1.2000.0545adf9dnvstreamsvc.exe3.1.2000.0545adf9dc0000005000000000049ed79f7001d07b44a19c55a2C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe41f1d273-e738-11e4-a3fb-74d435864ce8


    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-12 08:54:11.716
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-12 08:54:11.715
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-12 08:52:57.802
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-12 08:52:57.790
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-11 12:45:36.279
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-11 12:45:36.277
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-11 12:43:40.085
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-11 12:43:40.085
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-13 06:42:22.348
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-11-13 06:42:22.348
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
    Percentage of memory in use: 20%
    Total physical RAM: 16328.5 MB
    Available physical RAM: 12923.88 MB
    Total Pagefile: 32655.2 MB
    Available Pagefile: 29158.92 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:454.92 GB) (Free:125.1 GB) NTFS
    Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:704.03 GB) NTFS
    Drive f: (Cheryl) (Fixed) (Total:931.51 GB) (Free:270.25 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E81E0E54)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=454.9 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=10.5 GB) - (Type=27)

    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: E81E0E61)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 2 (Size: 931.5 GB) (Disk ID: 0001536A)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
    Last edited by Corrine; 06-23-2015 at 10:32 AM. Reason: Added Logs
    Kind regards

    Mike (Sussex UK)


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,885

    Re: Malware infection missed by MS SE but found by MBAM, persistent errors

    Hi, Mike.

    I edited your post to copy/paste the attached logs as it facilitates review.

    Regarding the image copy of the MBAM findings, PUPs are Potentially Unwanted Products. As to Microsoft Security Essentials missing the PUPs, each product has different detection rules for identifying PUPs. That said, since their are signs in your log of having Kaspersky uninstalled/reinstalled on the computer since 2014 and it appears that it also didn't target the PUPs that Malwarebytes and your apparent run of AdwCleaner took care of. However, there are some things we can clean up on your computer as well as dealing with the outdated, vulnerable third-party Java and Adobe Flash Player.

    Please do the following:

    1. Oracle Java is outdated. Oracle released the scheduled critical security updates for its Java SE Runtime Environment software. Install the update from here: Java SE 8u45. UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional. If you have not done so, it is recommended that you make the following change in the Java Control Panel to suppress the offers for the pre-checked unwanted extras.

    1. Launch the Windows Start menu
    2. Click on Programs
    3. Find the Java program listing
    4. Click Configure Java to launch the Java Control Panel
    5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
    6. Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.


    2. Adobe Flash Player is outdated. For some time, Adobe has been releasing Flash Player updates on the second Tuesday of the month. However, yet another critical security vulnerability has been identified in Flash Player and a critical update was released today. Below are the direct download links for the latest version.

    Non-IE Plugin (Opera, Firefox, Etc.): http://download.macromedia.com/get/f..._18_plugin.exe
    Flash Player For Internet Explorer, Windows 7 and earlier: http://download.macromedia.com/get/f...8_active_x.exe

    3. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S4 McOobeSv2; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.


    4. Since it appears you ran AdwCleaner, let's see if there are any leftovers to be removed. Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Malware infection missed by MS SE but found by MBAM, persistent errors

    Hi Corrine

    Very many thanks for the help.

    I took the steps you recommended.
    JRT ran but never produced a txt document either opened or saved?





    Fix result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
    Ran by Mike & Cheryl at 2015-06-23 18:46:31 Run:1
    Running from C:\Users\Mike & Cheryl\Downloads
    Loaded Profiles: Mike & Cheryl (Available Profiles: Mike & Cheryl & Corel & DefaultAppPool)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S4 McOobeSv2; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]


    EmptyTemp:
    end
    *****************


    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-989875291-3784188841-2934234737-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKU\S-1-5-21-989875291-3784188841-2934234737-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    gupdate => Service removed successfully
    gupdatem => Service removed successfully
    McOobeSv2 => Service removed successfully
    EmptyTemp: => 414.4 MB temporary data Removed.




    The system needed a reboot..


    ==== End of Fixlog 18:47:17 ====
    Kind regards

    Mike (Sussex UK)

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,885

    Re: Malware infection missed by MS SE but found by MBAM, persistent errors

    Hi, Mike.

    Did you download JRT to your desktop and run it from there? That is where any log produced would be saved.

    You mentioned errors in your initial post. What errors were you referring to? Also, how is the computer running now?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: Malware infection missed by MS SE but found by MBAM, persistent errors

    Quote Originally Posted by Corrine View Post
    Hi, Mike.

    Did you download JRT to your desktop and run it from there? That is where any log produced would be saved.

    You mentioned errors in your initial post. What errors were you referring to? Also, how is the computer running now?

    Hi, yes ran from desktop after switching off MS Securities.

    Errors noted in event manager attached.

    System seems to be running very well thanks!

    Malware infection missed by MS SE but found by MBAM, persistent errors-errors-jpg
    Kind regards

    Mike (Sussex UK)

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,885

    Re: Malware infection missed by MS SE but found by MBAM, persistent errors

    Hi, Mike.

    That log and a telephone call from one of the fake "Microsoft Support" people will give you a headache. The two articles listed below should ease your mind about the Event Viewer:

    What is the Event Viewer, and should I care?
    HTG Explains: What The Windows Event Viewer Is and How You Can Use It

    Since your computer is working good, let's clean up the tools that were used.

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Re: Malware infection missed by MS SE but found by MBAM, persistent errors

    Again I am in your debt!

    # DelFix v1.010 - Logfile created 23/06/2015 at 21:38:44
    # Updated 26/04/2015 by Xplode
    # Username : Mike & Cheryl - ENIGMA
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)


    ~ Removing disinfection tools ...


    Deleted : C:\FRST
    Deleted : C:\AdwCleaner
    Deleted : C:\RegBackup
    Deleted : C:\Users\Mike & Cheryl\Downloads\adwcleaner_4.201.exe
    Deleted : C:\Users\Mike & Cheryl\Downloads\adwcleaner_4.207.exe
    Deleted : C:\Users\Mike & Cheryl\Downloads\Fixlog.txt
    Deleted : C:\Users\Mike & Cheryl\Downloads\FRST64.exe
    Deleted : C:\Users\Mike & Cheryl\Downloads\FSS.txt
    Deleted : C:\Users\Mike & Cheryl\Downloads\fssetup-217.zip
    Deleted : C:\Users\Mike & Cheryl\Downloads\GetSystemInfo.zip
    Deleted : C:\Users\Mike & Cheryl\Downloads\SecurityCheck (1).exe
    Deleted : C:\Users\Mike & Cheryl\Downloads\SecurityCheck.exe
    Deleted : HKLM\SOFTWARE\OldTimer Tools
    Deleted : HKLM\SOFTWARE\AdwCleaner


    ########## - EOF - ##########


    Do you really think that was a fake MS support?

    I was logged in to MS at the time and it all seemed genuine.
    However their poor IT knowledge alerted me and I did not pass on anything to them.
    Other than a email address.

    They did run a remote control on my system! This has me worried now
    Kind regards

    Mike (Sussex UK)

  8. #8

    Re: Malware infection missed by MS SE but found by MBAM, persistent errors

    This is the email sent to me after the session:



    Dear Mike ******
    Thank you for visiting Answer Desk for a complimentary consultation on Apr 06 2015 02:07 AM.
    If the consultation didn't meet your expectations, we'd like to try again. We hope you'll speak to Eds Barrion again when you can, or we can connect you with another Answer Tech who can help you find a solution-just go to our contact us page to reconnect.
    Please mention your service request number: 1285450503.
    It's our goal at Answer Desk to give you the support that you need and help you get the most out of your Microsoft devices, software and services so we want to share the following online resources with you. They provide helpful articles, tips, solutions, videos and more.
    · Get help from the Microsoft Community
    · Try self-help and other online resources
    · Learn how to use the new Windows and its latest features
    Thanks again for choosing Answer Desk. We're here if you need us.
    The Microsoft Answer Desk team

    Please note: this email was automatically generated - replies won't be received. If you want to contact us, visit Microsoft Support.


    Headers:

    Return-path: <CS3TS.GNRL.WW.00.EN.CVG.MDC.TS.1FL.ADK.SG.CH@css.one.microsoft.com>
    Envelope-to: mike@*************com
    Delivery-date: Sun, 05 Apr 2015 19:10:16 +0100
    Received: from [212.159.8.109] (helo=avasin11.plus.net)
    by inmx05.plus.net with esmtp (PlusNet MXCore v2.00) id 1Yeozw-00074k-42
    for mike@*************.com; Sun, 05 Apr 2015 19:10:16 +0100
    Received: from smtp.mssupport.microsoft.com ([131.107.1.44])
    by avasin11.plus.net with Plusnet Cloudmark Gateway
    id CJAC1q0060wy0ij01JAF12; Sun, 05 Apr 2015 19:10:16 +0100
    X-CM-Score: 0.00
    X-CNFS-Analysis: v=2.1 cv=QM7mR27L c=1 sm=1 tr=0
    a=g5LjfNTSCzfENc3V1Fk0Cw==:117 a=g5LjfNTSCzfENc3V1Fk0Cw==:17 a=yMhMjlubAAAA:8
    a=0Bzu9jTXAAAA:8 a=e9J7MTPGsLIA:10 a=mP-Z5y9rAAAA:8 a=OxEP3x8uqWReHWR2oK0A:9
    a=TbxdeUL-GF3YF3ox:21 a=vltV0oybYt32Bnqy:21 a=wPNLvfGTeEIA:10
    a=P4BPESC9ntqUilDtwSYA:9 a=IOgIvm0XiRPa5MF4:21 a=fkBqyW-V6361nSy3:21
    a=JmsgVk6Y6rttPopt:21
    Received: from tk5-exhub-e802.partners.extranet.microsoft.com (10.251.58.68)
    by TK5-EXMLT-E801.partners.extranet.microsoft.com (10.251.58.30) with
    Microsoft SMTP Server (TLS) id 8.1.291.1; Sun, 5 Apr 2015 11:10:12 -0700
    Received: from CO2PQCAPSMTCS03.partners.extranet.microsoft.com (10.251.159.74)
    by TK5-EXHUB-E802.partners.extranet.microsoft.com (10.251.58.56) with
    Microsoft SMTP Server id 8.1.340.0; Sun, 5 Apr 2015 11:10:12 -0700
    Received: from mail pickup service by
    CO2PQCAPSMTCS03.partners.extranet.microsoft.com with Microsoft SMTPSVC; Sun,
    5 Apr 2015 18:10:12 +0000
    X-Mailer: Microsoft Avondale Mailer
    X-SRX: 1285450503
    Thread-Topic: SRX1285450503ID - ADO / Windows 7 / Installing of Video Issue
    thread-index: AdBvy8IbZLbGNlskQXeZfQ1qkcJZ0g==
    From: Microsoft Customer Support
    <CS3TS.GNRL.WW.00.EN.CVG.MDC.TS.1FL.ADK.SG.CH@css.one.microsoft.com>
    To: <mike@*************.com>
    CC:
    Date: Sun, 5 Apr 2015 18:10:11 +0000
    Message-ID: <1A1715CBC43348B89D85F126C774C2A1@partners.extranet.microsoft.com>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_94DA0_01D06FCB.C21BF240"
    Content-Class: urn:content-classes:message
    Importance: normal
    Priority: normal
    X-MimeOLE: Produced By Microsoft MimeOLE V6.1.7601.17609
    X-OriginalArrivalTime: 05 Apr 2015 18:10:12.0050 (UTC) FILETIME=[C22CBB20:01D06FCB]
    X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
    X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
    Subject: SRX1285450503ID - ADO / Windows 7 / Installing of Video Issue
    Kind regards

    Mike (Sussex UK)

  9. #9
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,885

    Re: Malware infection missed by MS SE but found by MBAM, persistent errors

    Not to worry, Mike. The Answer Desk is legitimate, not "fake support" and you can see microsoft.com in the header, for example, "Received: from smtp.mssupport.microsoft.com" that is legit. However, most of the help is not free unless a security issue and is provided by contractors.

    Although it is due for an update, please refer to the Safe Computing Practices and other recommendations in "So how did I get infected in the first place?".

    Also see Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software by quietman7.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  10. #10

    Re: Malware infection missed by MS SE but found by MBAM, persistent errors

    :) good news indeed, but shows they have terrible IT skills lol.
    Many thanks for all your help.

    Have a great day

    Mike
    Kind regards

    Mike (Sussex UK)

  11. #11
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,885

    Re: Malware infection missed by MS SE but found by MBAM, persistent errors

    You are most welcome, Mike.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. Replies: 0
    Last Post: 03-31-2015, 01:54 AM
  2. Replies: 1
    Last Post: 01-07-2014, 09:07 PM
  3. Replies: 0
    Last Post: 06-14-2013, 10:01 PM
  4. How the pros sniff out a malware infection
    By JMH in forum Security News
    Replies: 0
    Last Post: 01-08-2013, 06:58 PM

Log in

Log in