Cheeky1

# DelFix v10.8 - Logfile created 12/09/2014 at 11:25:08 # Updated 29/07/2014 by Xplode # Username : Aaron's Mini - AARONSMINI-PC # Operating System : Windows 7 Starter Service Pack 1 (32 bits) ~ Removing disinfection tools ... Deleted : C:\Qoobox Deleted : C:\FRST Deleted : C:\zoek_backup Deleted : C:\Users\Aaron's Mini\Desktop\FRST-OlderVersion Deleted : C:\ComboFix.txt Deleted : C:\TDSSKiller.2.6.23.0_16.12.2011_08.55.36_log.txt Deleted : C:\TDSSKiller.2.6.23.0_16.12.2011_09.26.50_log.txt Deleted : C:\zoek-results.log Deleted : C:\zoek-results2014-08-29-180035.log Deleted : C:\zoek-results2014-09-01-123435.log Deleted : C:\Users\Aaron's Mini\Desktop\Addition.txt Deleted : C:\Users\Aaron's Mini\Desktop\ComboFix.exe Deleted : C:\Users\Aaron's Mini\Desktop\Combofix_log.txt Deleted : C:\Users\Aaron's Mini\Desktop\FRST.exe Deleted : C:\Users\Aaron's Mini\Desktop\FRST.txt Deleted : C:\Users\Aaron's Mini\Desktop\FSS.exe Deleted : C:\Users\Aaron's Mini\Desktop\FSS.txt Deleted : C:\Users\Aaron's Mini\Desktop\FSS_2.txt Deleted : C:\Users\Aaron's Mini\Desktop\MiniToolBox.exe Deleted : C:\Users\Aaron's Mini\Desktop\Result.txt Deleted : C:\Users\Aaron's Mini\Desktop\SecurityCheck.exe Deleted : C:\Users\Aaron's Mini\Desktop\ServicesRepair.exe Deleted : C:\Users\Aaron's Mini\Desktop\tdsskiller.exe Deleted : C:\Users\Aaron's Mini\Desktop\zoek-results 2.txt Deleted : C:\Users\Aaron's Mini\Desktop\zoek-results.txt Deleted : C:\Users\Aaron's Mini\Desktop\zoek-results_9-1-14.txt Deleted : C:\Users\Aaron's Mini\Desktop\zoek.exe Deleted : C:\Users\Aaron's Mini\Downloads\Addition.txt Deleted : C:\Users\Aaron's Mini\Downloads\ComboFix.exe Deleted : C:\Users\Aaron's Mini\Downloads\esetsmartinstaller_enu.exe Deleted : C:\Users\Aaron's Mini\Downloads\FRST.exe Deleted : C:\Users\Aaron's Mini\Downloads\FRST.txt Deleted : C:\Users\Aaron's Mini\Downloads\SecurityCheck.exe Deleted : C:\Users\Aaron's Mini\Downloads\zoek.exe Deleted : C:\Windows\grep.exe Deleted : C:\Windows\PEV.exe Deleted : C:\Windows\NIRCMD.exe Deleted : C:\Windows\MBR.exe Deleted : C:\Windows\SED.exe Deleted : C:\Windows\SWREG.exe Deleted : C:\Windows\SWSC.exe Deleted : C:\Windows\SWXCACLS.exe Deleted : C:\Windows\Zip.exe Deleted : HKLM\SOFTWARE\Swearware Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~ Cleaning system restore ... Deleted : RP #150 [Windows Update | 08/29/2014 17:38:05] Deleted : RP #151 [zoek.exe restore point | 08/29/2014 17:48:16] Deleted : RP #152 [Windows Update | 08/30/2014 03:48:48] Deleted : RP #153 [Windows Update | 09/03/2014 23:12:56] Deleted : RP #155 [ComboFix created restore point | 09/08/2014 22:21:18] Deleted : RP #156 [Windows Update | 09/08/2014 22:54:53] Deleted : RP #157 [Microsoft Visual Studio Express 2012 for Windows Desktop - ENU | 09/09/2014 00:37:09] Deleted : RP #158 [Windows Update | 09/11/2014 01:57:20] Deleted : RP #159 [Windows Update | 09/11/2014 14:47:21] Deleted : RP #160 [Windows Update | 09/12/2014 01:09:12] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########

Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (31.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log`````````````````````` Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (31.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````

Oh...and the MBAM log was clean.

HitmanPro 3.7.9.225www.hitmanpro.com Computer name . . . . : AARONSMINI-PC Windows . . . . . . . : 6.1.1.7601.X86/2 User name . . . . . . : AaronsMini-PC\Aaron's Mini UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2014-09-10 21:46:28 Scan mode . . . . . . : Normal Scan duration . . . . : 4m 51s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 31 Objects scanned . . . : 1,262,611 Files scanned . . . . : 19,411 Remnants scanned . . : 235,225 files / 1,007,975 keysSuspicious files ____________________________________________________________ C:\Users\Aaron's Mini\Desktop\FRST-OlderVersion\FRST.exe Size . . . . . . . : 1,096,704 bytes Age . . . . . . . : 8.1 days (2014-09-02 20:28:56) Entropy . . . . . : 8.0 SHA-256 . . . . . : 261D08658E82BE04E994129791C26C803FDDE0A6687499CCD5CAFE2B4887D384 Needs elevation . : Yes Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/616c362266f00f6b9e2fe305c7b749ad/5408d154/windows/security/security-utilities/f/farbar-recovery-scan-tool/32/FRST.exe Fuzzy . . . . . . : 26.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. The file is downloaded from the Internet to this computer. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\Aaron's Mini\Desktop\FRST.exe Size . . . . . . . : 1,097,728 bytes Age . . . . . . . : 1.0 days (2014-09-09 20:38:17) Entropy . . . . . : 8.0 SHA-256 . . . . . : 48EDAF37E8B824E2FFE2DEF51B4B5F493610BC72DDBF16400920869BE4F6C815 Needs elevation . : Yes Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/80f9576e633cdcd9356bcd1221f99568/540f9d79/windows/security/security-utilities/f/farbar-recovery-scan-tool/32/FRST.exe Fuzzy . . . . . . : 27.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. The file is downloaded from the Internet to this computer. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-147099939-99406921-2600037334-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Aaron's Mini\Desktop\FRST.exe Forensic Cluster -41.2s C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf -32.2s C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf -32.0s C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf -31.5s C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf -26.0s C:\Users\Aaron's Mini\AppData\Local\temp\AdobeARM.log -24.7s C:\Users\Aaron's Mini\AppData\Local\temp\jusched.log -24.6s C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf -20.6s C:\Windows\Prefetch\READER_SL.EXE-565703D6.pf -19.8s C:\Windows\Prefetch\HPWUSCHD2.EXE-2BAFD0AB.pf -19.8s C:\Windows\Prefetch\HPWAMAIN.EXE-C23F85A6.pf -19.5s C:\Windows\Prefetch\IGFXTRAY.EXE-95873609.pf -19.4s C:\Windows\Prefetch\HKCMD.EXE-FA3EB5EE.pf -18.9s C:\Windows\Prefetch\IGFXPERS.EXE-F690CC93.pf -16.4s C:\Windows\Prefetch\SYNTPENH.EXE-4361DC86.pf -15.9s C:\Windows\Prefetch\JUSCHED.EXE-07F32FAE.pf -7.4s C:\Windows\Prefetch\SYNTPHELPER.EXE-4B6F43CF.pf -0.1s C:\Users\Aaron's Mini\AppData\Roaming\Microsoft\Windows\Cookies\F2WWHMNH.txt -0.1s C:\Users\Aaron's Mini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPE7TFJJ\81[1].htm -0.0s C:\Users\Aaron's Mini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J70DUYN7\FRST[1].exe 0.0s C:\Users\Aaron's Mini\Desktop\FRST.exe 0.2s C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf 4.7s C:\Windows\Prefetch\FRST.EXE-CBCAAD35.pf 5.5s C:\Users\Aaron's Mini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXQXE2V8\up32[2] C:\Users\Aaron's Mini\Desktop\FSS.exe Size . . . . . . . : 415,232 bytes Age . . . . . . . : 9.2 days (2014-09-01 17:13:37) Entropy . . . . . : 7.9 SHA-256 . . . . . : 149759CADFDF8C19A4104C7DB08BA490D33CFBD29785640385239087B79E1FD2 Needs elevation . : Yes Fuzzy . . . . . . : 23.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-147099939-99406921-2600037334-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Aaron's Mini\Desktop\FSS.exe Forensic Cluster 0.0s C:\Users\Aaron's Mini\Desktop\MiniToolBox.exe 0.0s C:\Users\Aaron's Mini\Desktop\FSS.exe C:\Users\Aaron's Mini\Desktop\MiniToolBox.exe Size . . . . . . . : 401,920 bytes Age . . . . . . . : 9.2 days (2014-09-01 17:13:37) Entropy . . . . . : 7.9 SHA-256 . . . . . : 55ADA329F40AC0E0F13EC464E56D09C12078ADEF021A934F059BCD3E962EC46E Needs elevation . : Yes Fuzzy . . . . . . : 23.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-147099939-99406921-2600037334-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Aaron's Mini\Desktop\MiniToolBox.exe Forensic Cluster 0.0s C:\Users\Aaron's Mini\Desktop\MiniToolBox.exe 0.0s C:\Users\Aaron's Mini\Desktop\FSS.exe C:\Users\Aaron's Mini\Downloads\FRST.exe Size . . . . . . . : 1,095,168 bytes Age . . . . . . . : 4635.9 days (2002-01-01 01:13:42) Entropy . . . . . : 8.0 SHA-256 . . . . . : 57B66108E3AF45CE791749857A6EB730F8D905EA16FEDB00F67F9FE63BD4CCD7 Needs elevation . : Yes Fuzzy . . . . . . : 22.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs.Cookies _____________________________________________________________________ C:\Users\Aaron's Mini\AppData\Roaming\Microsoft\Windows\Cookies\N8JN706G.txt C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:ad.360yield.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:ads.fdma-media.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:ads.yahoo.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:adtechus.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:advertising.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:at.atwola.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:atdmt.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:burstnet.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:casalemedia.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:collective-media.net C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:doubleclick.net C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:eas.apm.emediate.eu C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:fastclick.net C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:media6degrees.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:microsoftsto.112.2o7.net C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:oracle.112.2o7.net C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:ru4.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:smartadserver.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:sparknetworks.112.2o7.net C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:track.prd.inpwrd.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:tribalfusion.com C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\cookies.sqlite:www.googleadservices.com

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014 Ran by Aaron's Mini (administrator) on AARONSMINI-PC on 09-09-2014 20:38:24 Running from C:\Users\Aaron's Mini\Desktop Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [467036 2009-08-13] (IDT, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-147099939-99406921-2600037334-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-15] (Google Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033 FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @fileplanet.com/fpdlm -> C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Aaron's Mini\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S4 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.) [File not signed] S4 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe [221266 2009-08-13] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [16984 2009-07-27] (DeviceVM, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\Users\AARON'~1\AppData\Local\Temp\catchme.sys [X] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-08 20:55 - 2014-09-08 22:27 - 00000000 ____D () C:\Users\Aaron's Mini\Documents\Visual Studio 2012 2014-09-08 20:54 - 2014-09-08 20:54 - 00000000 ____D () C:\Program Files\NuGet 2014-09-08 20:50 - 2014-09-08 20:51 - 00000000 ____D () C:\Program Files\Common Files\Merge Modules 2014-09-08 20:50 - 2014-09-08 20:50 - 00000000 ____D () C:\Windows\symbols 2014-09-08 20:45 - 2014-09-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2014-09-08 20:45 - 2014-09-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 Express 2014-09-08 20:45 - 2014-09-08 20:45 - 00000000 ____D () C:\Program Files\Windows Kits 2014-09-08 20:42 - 2014-09-08 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 2014-09-08 20:42 - 2014-09-08 20:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs 2014-09-08 20:42 - 2014-09-08 20:42 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer 2014-09-08 20:41 - 2014-09-08 20:41 - 00000000 ____D () C:\Windows\system32\1033 2014-09-08 20:40 - 2014-09-08 20:53 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-09-08 20:38 - 2014-09-08 20:44 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 11.0 2014-09-08 20:37 - 2014-09-08 20:53 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-08 20:21 - 2014-09-08 20:21 - 00934728 _____ (Microsoft Corporation) C:\Users\Aaron's Mini\Downloads\wdexpress_full.exe 2014-09-08 19:15 - 2014-09-08 19:15 - 00015852 _____ () C:\ComboFix.txt 2014-09-06 21:12 - 2014-09-06 21:12 - 00015913 _____ () C:\Users\Aaron's Mini\Desktop\combo_2.txt 2014-09-05 20:50 - 2014-09-05 20:50 - 00000000 ____D () C:\Program Files\ESET 2014-09-05 20:49 - 2014-09-05 20:50 - 02347384 _____ (ESET) C:\Users\Aaron's Mini\Downloads\esetsmartinstaller_enu.exe 2014-09-05 18:00 - 2014-09-05 18:00 - 00011016 _____ () C:\Users\Aaron's Mini\Desktop\mbam-log-2014-09-05 (17-29-13).xml 2014-09-04 16:53 - 2014-09-09 20:38 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\FRST-OlderVersion 2014-09-03 18:19 - 2014-09-03 18:19 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-AARONSMINI-PC-Microsoft-Windows-7-Starter-(32-bit).dat 2014-09-03 18:19 - 2014-09-03 18:19 - 00000000 ____D () C:\RegBackup 2014-09-03 18:16 - 2014-09-03 18:18 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\Tweaking.com - Windows Repair 2014-09-02 20:28 - 2014-09-09 20:38 - 01097728 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\FRST.exe 2014-09-01 19:51 - 2014-09-01 19:51 - 00007325 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results 2.txt 2014-09-01 19:31 - 2014-09-01 19:03 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-09-01 19:04 - 2014-09-01 08:34 - 00007803 _____ () C:\zoek-results2014-09-01-123435.log 2014-09-01 19:02 - 2014-09-01 19:00 - 01288704 _____ () C:\Users\Aaron's Mini\Desktop\zoek.exe 2014-09-01 17:58 - 2014-09-01 17:58 - 00004313 _____ () C:\Users\Aaron's Mini\Desktop\FSS_2.txt 2014-09-01 17:33 - 2014-09-01 17:34 - 00000000 ____D () C:\Users\Public\Desktop\CC Support 2014-09-01 17:33 - 2014-09-01 17:32 - 04009167 _____ () C:\Users\Aaron's Mini\Desktop\ServicesRepair.exe 2014-09-01 17:19 - 2014-09-04 17:07 - 00002845 _____ () C:\Users\Aaron's Mini\Desktop\FSS.txt 2014-09-01 17:14 - 2014-09-01 17:15 - 00025226 _____ () C:\Users\Aaron's Mini\Desktop\Result.txt 2014-09-01 17:13 - 2014-09-01 17:11 - 00415232 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\FSS.exe 2014-09-01 17:13 - 2014-09-01 17:11 - 00401920 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\MiniToolBox.exe 2014-09-01 16:00 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-01 16:00 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-01 16:00 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-01 15:48 - 2014-09-08 19:15 - 00000000 ____D () C:\Qoobox 2014-09-01 15:47 - 2014-09-01 16:30 - 00000000 ____D () C:\Windows\erdnt 2014-09-01 15:45 - 2014-09-06 20:10 - 05576440 ____R (Swearware) C:\Users\Aaron's Mini\Desktop\ComboFix.exe 2014-09-01 15:44 - 2014-09-01 15:47 - 00000000 ____D () C:\Users\Aaron's Mini\AppData\Roaming\Free Download Manager 2014-09-01 15:44 - 2014-09-01 15:44 - 05576326 _____ (Swearware) C:\Users\Aaron's Mini\Downloads\ComboFix.exe 2014-09-01 15:42 - 2014-09-01 15:42 - 00001021 _____ () C:\Users\Aaron's Mini\Desktop\Free Download Manager.lnk 2014-09-01 15:38 - 2014-09-01 15:38 - 00245112 _____ (Software Installer ) C:\Users\Aaron's Mini\Downloads\Setup.exe 2014-09-01 10:57 - 2014-09-01 10:57 - 00392503 _____ () C:\Users\Aaron's Mini\Desktop\GMERlog.log 2014-09-01 10:24 - 2014-09-01 08:36 - 00380416 _____ () C:\Users\Aaron's Mini\Desktop\9wlrvzxt.exe 2014-09-01 08:36 - 2014-09-01 08:36 - 00380416 _____ () C:\Users\Aaron's Mini\Downloads\9wlrvzxt.exe 2014-09-01 08:35 - 2014-09-01 08:35 - 00007803 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results_9-1-14.txt 2014-09-01 08:02 - 2014-08-29 14:00 - 00048719 _____ () C:\zoek-results2014-08-29-180035.log 2014-08-29 14:03 - 2014-08-29 14:03 - 00048719 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results.txt 2014-08-29 13:48 - 2014-09-01 19:49 - 00007325 _____ () C:\zoek-results.log 2014-08-29 13:40 - 2014-09-01 19:26 - 00000000 ____D () C:\zoek_backup 2014-08-29 13:38 - 2014-08-29 13:39 - 01288704 _____ () C:\Users\Aaron's Mini\Downloads\zoek.exe 2014-08-29 13:17 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-29 13:17 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-29 13:17 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-29 13:17 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-29 13:17 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-29 13:17 - 2014-07-25 08:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-29 13:17 - 2014-07-25 07:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-29 13:17 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-29 13:17 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-29 13:16 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-29 13:16 - 2014-07-25 09:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-29 13:16 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-29 13:16 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-29 13:16 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-29 13:16 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-29 13:16 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-29 13:16 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-29 13:16 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-29 13:16 - 2014-07-25 07:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-29 13:16 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-29 13:16 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-29 13:16 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-29 13:16 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-29 13:15 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-29 13:15 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-29 13:15 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-29 13:15 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-29 13:15 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-29 13:15 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-29 13:15 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieUserList 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieSiteList 2014-08-29 13:13 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-29 13:13 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-29 13:13 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-08-29 12:42 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-29 12:42 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-29 12:42 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-29 12:42 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-29 12:41 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-29 12:41 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-29 12:41 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-29 12:40 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-29 12:40 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-26 00:11 - 2014-08-26 00:11 - 00077024 _____ () C:\Users\Zach Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-26 00:10 - 2014-08-26 00:10 - 00001409 _____ () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-26 00:10 - 2014-08-26 00:10 - 00000000 ____D () C:\Users\Zach Admin\AppData\Roaming\Adobe 2014-08-26 00:09 - 2014-08-26 00:12 - 00000000 ____D () C:\Users\Zach Admin 2014-08-26 00:09 - 2014-08-26 00:09 - 00000020 ___SH () C:\Users\Zach Admin\ntuser.ini 2014-08-26 00:09 - 2014-08-26 00:09 - 00000000 ____D () C:\Users\Zach Admin\AppData\Local\VirtualStore 2014-08-26 00:09 - 2009-08-28 17:13 - 00000000 ____D () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager 2014-08-26 00:09 - 2009-07-14 00:42 - 00000000 ___RD () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-08-26 00:09 - 2009-07-14 00:37 - 00000000 ___RD () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-08-25 23:54 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-25 23:53 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-25 23:53 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-25 23:52 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-25 23:47 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-08-25 23:47 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-25 23:41 - 2014-08-25 23:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-25 23:41 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-25 23:40 - 2014-08-25 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-25 23:40 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-25 23:40 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-25 23:40 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-25 23:36 - 2014-08-25 23:40 - 00006095 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-08-25 21:06 - 2014-08-25 21:06 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-25 18:45 - 2013-10-01 19:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-08-25 18:44 - 2013-10-01 20:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-08-25 18:44 - 2013-10-01 20:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-25 18:44 - 2013-10-01 20:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-25 18:44 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-08-25 18:44 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-08-25 18:44 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-08-25 18:44 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-08-25 18:44 - 2013-10-01 19:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-08-25 18:44 - 2013-10-01 18:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-08-25 18:44 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-08-25 16:41 - 2014-08-25 16:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-25 16:41 - 2014-08-25 16:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-08-25 16:41 - 2014-08-25 16:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-25 16:39 - 2014-08-25 16:39 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-08-25 16:38 - 2014-08-25 16:38 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-08-25 16:34 - 2014-08-25 16:34 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\Old Firefox Data 2014-08-25 16:32 - 2014-08-25 16:53 - 00015565 _____ () C:\Windows\IE11_main.log 2014-08-25 16:30 - 2014-08-25 17:19 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-08-25 16:29 - 2014-08-25 17:19 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-08-25 16:29 - 2014-08-25 17:19 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-08-25 16:02 - 2013-11-23 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-08-25 16:02 - 2013-10-18 21:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-08-25 16:01 - 2014-08-06 21:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-25 16:01 - 2014-08-06 21:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-25 16:01 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-08-25 16:01 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-08-25 16:01 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-08-25 16:01 - 2014-03-04 05:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-08-25 16:01 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-08-25 16:01 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-08-25 16:01 - 2013-08-04 21:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-08-25 16:01 - 2013-08-01 21:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-08-25 16:01 - 2013-08-01 20:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:43 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:43 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:43 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-08-25 16:01 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-08-25 16:00 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-25 16:00 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-08-25 16:00 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-08-25 16:00 - 2014-04-04 22:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-08-25 16:00 - 2014-04-04 22:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-08-25 16:00 - 2014-01-23 22:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-08-25 16:00 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-08-25 16:00 - 2013-11-26 07:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-08-25 16:00 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-08-25 16:00 - 2013-10-03 21:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-08-25 16:00 - 2013-10-03 21:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-08-25 16:00 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-08-25 16:00 - 2013-08-27 20:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-08-25 16:00 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-08-25 16:00 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-08-25 16:00 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-08-25 16:00 - 2013-07-04 05:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-08-25 16:00 - 2013-07-02 23:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-08-25 16:00 - 2013-07-02 23:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-08-25 16:00 - 2013-06-06 00:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-08-25 16:00 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-08-25 16:00 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-08-25 16:00 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-08-25 16:00 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-08-25 15:59 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-25 15:59 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-25 15:59 - 2014-02-03 22:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-08-25 15:59 - 2014-02-03 22:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-08-25 15:59 - 2014-02-03 22:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-08-25 15:59 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-08-25 15:59 - 2013-10-05 15:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-08-25 15:59 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-08-25 15:59 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-08-25 15:59 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-08-25 15:59 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-08-25 15:59 - 2013-06-25 18:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-08-25 15:58 - 2014-07-13 21:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-25 15:58 - 2014-06-15 21:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-25 15:58 - 2014-06-15 21:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-25 15:58 - 2014-06-15 21:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-25 15:58 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-08-25 15:58 - 2014-06-03 05:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-25 15:58 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-25 15:58 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-25 15:58 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-08-25 15:58 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-08-25 15:58 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-08-25 15:58 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-08-25 15:58 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-08-25 15:58 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-08-25 15:58 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-08-25 15:58 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-08-25 15:58 - 2014-01-27 22:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-08-25 15:58 - 2013-10-11 22:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-08-25 15:58 - 2013-10-11 22:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-08-25 15:58 - 2013-10-11 22:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-08-25 15:58 - 2013-10-11 22:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-08-25 15:58 - 2013-10-11 22:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-08-25 15:58 - 2013-10-11 21:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-08-25 15:58 - 2013-10-11 21:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-08-25 15:58 - 2013-10-03 21:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-08-25 15:58 - 2013-10-03 21:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-08-25 15:58 - 2013-07-12 06:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2014-08-25 15:58 - 2013-07-12 06:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-08-25 15:58 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-08-25 15:57 - 2014-05-08 05:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-08-25 15:57 - 2014-05-08 05:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-08-25 15:57 - 2013-11-26 21:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-08-25 15:56 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-08-25 15:56 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-08-25 15:56 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-08-25 15:56 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-08-25 15:56 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-08-25 15:56 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-08-25 15:56 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-08-25 15:56 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-08-25 15:56 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-08-25 15:55 - 2013-06-14 23:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-08-25 15:40 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-08-25 15:40 - 2014-04-11 22:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-08-25 15:40 - 2014-04-11 22:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-08-25 15:40 - 2014-04-11 22:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-08-25 15:40 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-08-25 15:40 - 2014-04-11 22:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-08-25 15:40 - 2014-04-11 22:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-08-25 15:40 - 2013-07-04 08:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-09 20:38 - 2014-09-04 16:53 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\FRST-OlderVersion 2014-09-09 20:38 - 2014-09-02 20:28 - 01097728 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\FRST.exe 2014-09-09 20:38 - 2002-01-01 01:46 - 00008816 _____ () C:\Users\Aaron's Mini\Desktop\FRST.txt 2014-09-09 20:38 - 2002-01-01 01:14 - 00000000 ____D () C:\FRST 2014-09-09 20:37 - 2011-03-15 17:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-09 20:35 - 2009-07-14 00:34 - 00016480 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-09 20:35 - 2009-07-14 00:34 - 00016480 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-09 20:34 - 2009-07-24 12:11 - 00805740 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-09 20:30 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-09 20:30 - 2009-07-14 00:39 - 00042386 _____ () C:\Windows\setupact.log 2014-09-08 22:28 - 2009-10-15 06:37 - 01461219 _____ () C:\Windows\WindowsUpdate.log 2014-09-08 22:27 - 2014-09-08 20:55 - 00000000 ____D () C:\Users\Aaron's Mini\Documents\Visual Studio 2012 2014-09-08 22:20 - 2011-03-15 17:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-08 20:54 - 2014-09-08 20:54 - 00000000 ____D () C:\Program Files\NuGet 2014-09-08 20:54 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-08 20:53 - 2014-09-08 20:40 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-09-08 20:53 - 2014-09-08 20:37 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-08 20:52 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-09-08 20:51 - 2014-09-08 20:50 - 00000000 ____D () C:\Program Files\Common Files\Merge Modules 2014-09-08 20:50 - 2014-09-08 20:50 - 00000000 ____D () C:\Windows\symbols 2014-09-08 20:48 - 2014-09-08 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 2014-09-08 20:45 - 2014-09-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2014-09-08 20:45 - 2014-09-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 Express 2014-09-08 20:45 - 2014-09-08 20:45 - 00000000 ____D () C:\Program Files\Windows Kits 2014-09-08 20:44 - 2014-09-08 20:38 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 11.0 2014-09-08 20:42 - 2014-09-08 20:42 - 00000000 ____D () C:\Program Files\Microsoft SDKs 2014-09-08 20:42 - 2014-09-08 20:42 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer 2014-09-08 20:42 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\MSBuild 2014-09-08 20:41 - 2014-09-08 20:41 - 00000000 ____D () C:\Windows\system32\1033 2014-09-08 20:40 - 2009-10-15 07:16 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2014-09-08 20:38 - 2011-03-06 23:08 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-09-08 20:21 - 2014-09-08 20:21 - 00934728 _____ (Microsoft Corporation) C:\Users\Aaron's Mini\Downloads\wdexpress_full.exe 2014-09-08 19:15 - 2014-09-08 19:15 - 00015852 _____ () C:\ComboFix.txt 2014-09-08 19:15 - 2014-09-01 15:48 - 00000000 ____D () C:\Qoobox 2014-09-08 19:08 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini 2014-09-08 18:40 - 2010-07-09 19:10 - 00277490 _____ () C:\Windows\PFRO.log 2014-09-06 21:12 - 2014-09-06 21:12 - 00015913 _____ () C:\Users\Aaron's Mini\Desktop\combo_2.txt 2014-09-06 20:10 - 2014-09-01 15:45 - 05576440 ____R (Swearware) C:\Users\Aaron's Mini\Desktop\ComboFix.exe 2014-09-05 20:50 - 2014-09-05 20:50 - 00000000 ____D () C:\Program Files\ESET 2014-09-05 20:50 - 2014-09-05 20:49 - 02347384 _____ (ESET) C:\Users\Aaron's Mini\Downloads\esetsmartinstaller_enu.exe 2014-09-05 18:00 - 2014-09-05 18:00 - 00011016 _____ () C:\Users\Aaron's Mini\Desktop\mbam-log-2014-09-05 (17-29-13).xml 2014-09-05 17:29 - 2002-01-01 00:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-04 17:07 - 2014-09-01 17:19 - 00002845 _____ () C:\Users\Aaron's Mini\Desktop\FSS.txt 2014-09-04 17:00 - 2002-01-01 01:46 - 00029361 _____ () C:\Users\Aaron's Mini\Desktop\Addition.txt 2014-09-03 19:10 - 2009-12-27 17:40 - 00075160 _____ () C:\Users\Aaron's Mini\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-03 18:56 - 2009-07-14 00:33 - 00311600 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-03 18:19 - 2014-09-03 18:19 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-AARONSMINI-PC-Microsoft-Windows-7-Starter-(32-bit).dat 2014-09-03 18:19 - 2014-09-03 18:19 - 00000000 ____D () C:\RegBackup 2014-09-03 18:18 - 2014-09-03 18:16 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\Tweaking.com - Windows Repair 2014-09-01 19:51 - 2014-09-01 19:51 - 00007325 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results 2.txt 2014-09-01 19:49 - 2014-08-29 13:48 - 00007325 _____ () C:\zoek-results.log 2014-09-01 19:26 - 2014-08-29 13:40 - 00000000 ____D () C:\zoek_backup 2014-09-01 19:26 - 2009-12-27 17:34 - 00000000 ____D () C:\Users\Aaron's Mini 2014-09-01 19:03 - 2014-09-01 19:31 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-09-01 19:00 - 2014-09-01 19:02 - 01288704 _____ () C:\Users\Aaron's Mini\Desktop\zoek.exe 2014-09-01 18:35 - 2009-07-13 22:04 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_148 2014-09-01 17:58 - 2014-09-01 17:58 - 00004313 _____ () C:\Users\Aaron's Mini\Desktop\FSS_2.txt 2014-09-01 17:34 - 2014-09-01 17:33 - 00000000 ____D () C:\Users\Public\Desktop\CC Support 2014-09-01 17:32 - 2014-09-01 17:33 - 04009167 _____ () C:\Users\Aaron's Mini\Desktop\ServicesRepair.exe 2014-09-01 17:15 - 2014-09-01 17:14 - 00025226 _____ () C:\Users\Aaron's Mini\Desktop\Result.txt 2014-09-01 17:11 - 2014-09-01 17:13 - 00415232 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\FSS.exe 2014-09-01 17:11 - 2014-09-01 17:13 - 00401920 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\MiniToolBox.exe 2014-09-01 16:34 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public 2014-09-01 16:30 - 2014-09-01 15:47 - 00000000 ____D () C:\Windows\erdnt 2014-09-01 16:23 - 2009-07-13 22:03 - 44040192 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 13107200 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-09-01 16:20 - 2009-08-28 16:04 - 00000000 ____D () C:\Program Files\HP 2014-09-01 16:04 - 2009-10-15 07:24 - 00000177 ____N () C:\dvmexp.idx 2014-09-01 15:47 - 2014-09-01 15:44 - 00000000 ____D () C:\Users\Aaron's Mini\AppData\Roaming\Free Download Manager 2014-09-01 15:44 - 2014-09-01 15:44 - 05576326 _____ (Swearware) C:\Users\Aaron's Mini\Downloads\ComboFix.exe 2014-09-01 15:42 - 2014-09-01 15:42 - 00001021 _____ () C:\Users\Aaron's Mini\Desktop\Free Download Manager.lnk 2014-09-01 15:38 - 2014-09-01 15:38 - 00245112 _____ (Software Installer ) C:\Users\Aaron's Mini\Downloads\Setup.exe 2014-09-01 11:43 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache 2014-09-01 10:57 - 2014-09-01 10:57 - 00392503 _____ () C:\Users\Aaron's Mini\Desktop\GMERlog.log 2014-09-01 08:36 - 2014-09-01 10:24 - 00380416 _____ () C:\Users\Aaron's Mini\Desktop\9wlrvzxt.exe 2014-09-01 08:36 - 2014-09-01 08:36 - 00380416 _____ () C:\Users\Aaron's Mini\Downloads\9wlrvzxt.exe 2014-09-01 08:35 - 2014-09-01 08:35 - 00007803 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results_9-1-14.txt 2014-09-01 08:34 - 2014-09-01 19:04 - 00007803 _____ () C:\zoek-results2014-09-01-123435.log 2014-08-29 14:03 - 2014-08-29 14:03 - 00048719 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results.txt 2014-08-29 14:00 - 2014-09-01 08:02 - 00048719 _____ () C:\zoek-results2014-08-29-180035.log 2014-08-29 13:39 - 2014-08-29 13:38 - 01288704 _____ () C:\Users\Aaron's Mini\Downloads\zoek.exe 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieUserList 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieSiteList 2014-08-26 00:47 - 2009-08-28 15:34 - 00000000 ____D () C:\Program Files\InstallShield Installation Information 2014-08-26 00:43 - 2009-08-28 15:32 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-08-26 00:39 - 2009-08-28 17:48 - 00000000 ____D () C:\ProgramData\CyberLink 2014-08-26 00:31 - 2010-07-11 15:38 - 00000000 ____D () C:\Users\Aaron's Mini\AppData\Local\Yahoo 2014-08-26 00:12 - 2014-08-26 00:09 - 00000000 ____D () C:\Users\Zach Admin 2014-08-26 00:11 - 2014-08-26 00:11 - 00077024 _____ () C:\Users\Zach Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-26 00:10 - 2014-08-26 00:10 - 00001409 _____ () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-26 00:10 - 2014-08-26 00:10 - 00000000 ____D () C:\Users\Zach Admin\AppData\Roaming\Adobe 2014-08-26 00:09 - 2014-08-26 00:09 - 00000020 ___SH () C:\Users\Zach Admin\ntuser.ini 2014-08-26 00:09 - 2014-08-26 00:09 - 00000000 ____D () C:\Users\Zach Admin\AppData\Local\VirtualStore 2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-25 23:41 - 2014-08-25 23:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-25 23:40 - 2014-08-25 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-25 23:40 - 2014-08-25 23:36 - 00006095 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-08-25 23:40 - 2013-08-10 16:40 - 00000000 ____D () C:\Program Files\Java 2014-08-25 21:06 - 2014-08-25 21:06 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-25 19:12 - 2013-08-11 15:27 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-25 17:19 - 2014-08-25 16:30 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-08-25 17:19 - 2014-08-25 16:29 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-08-25 17:19 - 2014-08-25 16:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-08-25 16:53 - 2014-08-25 16:32 - 00015565 _____ () C:\Windows\IE11_main.log 2014-08-25 16:41 - 2014-08-25 16:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-08-25 16:41 - 2014-08-25 16:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-25 16:41 - 2014-08-25 16:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-08-25 16:41 - 2014-08-25 16:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-25 16:39 - 2014-08-25 16:39 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-08-25 16:38 - 2014-08-25 16:38 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-08-25 16:34 - 2014-08-25 16:34 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\Old Firefox Data 2014-08-22 21:46 - 2014-08-29 13:13 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-22 20:42 - 2014-08-29 13:13 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-06 21:02 ==================== End Of Log ============================

Aye, I agree hehehe. the combofix log: ComboFix 14-09-05.01 - Aaron's Mini 09/08/2014 18:25:33.4.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1015.57 [GMT -4:00] Running from: c:\users\Aaron's Mini\Desktop\ComboFix.exe Command switches used :: c:\users\Aaron's Mini\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-08-08 to 2014-09-08 ))))))))))))))))))))))))))))))) . . 2014-09-08 22:55 . 2014-08-21 15:24 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7AA1A70-901C-44C9-8D08-F0B97AC491EC}\mpengine.dll 2014-09-08 22:39 . 2014-09-08 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-07 00:45 . 2014-09-08 23:08 -------- d-----w- c:\users\Aaron's Mini\AppData\Local\temp 2014-09-06 00:50 . 2014-09-06 00:50 -------- d-----w- c:\program files\ESET 2014-09-05 21:42 . 2014-08-21 15:24 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-09-03 23:05 . 2014-09-03 23:10 -------- d-----w- c:\windows\system32\catroot2 2014-09-03 22:40 . 2014-09-08 22:40 -------- d-----w- c:\windows\system32\wbem\repository 2014-09-03 22:19 . 2014-09-03 22:19 -------- d-----w- C:\RegBackup 2014-09-01 23:31 . 2014-09-01 23:03 24064 ----a-w- c:\windows\zoek-delete.exe 2014-09-01 19:44 . 2014-09-01 19:47 -------- d-----w- c:\users\Aaron's Mini\AppData\Roaming\Free Download Manager 2014-08-29 17:44 . 2014-08-14 15:30 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-08-29 17:44 . 2014-08-14 15:30 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6F785A5-5D19-47E0-956E-899E3D271307}\gapaengine.dll 2014-08-29 17:40 . 2014-09-01 23:26 -------- d-----w- C:\zoek_backup 2014-08-29 17:15 . 2014-07-25 11:07 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-08-29 17:15 . 2014-07-25 12:30 61952 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-08-29 17:15 . 2014-07-25 11:34 752640 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2014-08-29 17:15 . 2014-07-25 12:08 597504 ----a-w- c:\windows\system32\jscript9diag.dll 2014-08-29 17:15 . 2014-07-25 12:06 4204032 ----a-w- c:\windows\system32\jscript9.dll 2014-08-29 17:15 . 2014-07-25 12:53 10747392 ----a-w- c:\program files\Internet Explorer\F12Resources.dll 2014-08-29 17:14 . 2014-08-29 17:14 -------- d-sh--w- c:\users\Aaron's Mini\AppData\Local\EmieUserList 2014-08-29 17:14 . 2014-08-29 17:14 -------- d-sh--w- c:\users\Aaron's Mini\AppData\Local\EmieSiteList 2014-08-29 17:13 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys 2014-08-29 17:13 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll 2014-08-29 17:13 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll 2014-08-29 16:42 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll 2014-08-29 16:42 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe 2014-08-29 16:42 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll 2014-08-29 16:42 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll 2014-08-29 16:41 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll 2014-08-29 16:41 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll 2014-08-29 16:41 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll 2014-08-29 16:40 . 2014-05-14 13:23 179656 ----a-w- c:\windows\system32\wuwebv.dll 2014-08-29 16:40 . 2014-05-14 13:17 33792 ----a-w- c:\windows\system32\wuapp.exe 2014-08-26 04:09 . 2014-08-26 04:12 -------- d-----w- c:\users\Zach Admin 2014-08-26 03:54 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-26 03:53 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-26 03:53 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe 2014-08-26 03:52 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-26 03:47 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2014-08-26 03:46 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2014-08-26 03:42 . 2014-08-26 03:42 -------- d-----w- c:\programdata\Oracle 2014-08-26 03:41 . 2014-08-26 03:41 -------- d-----w- c:\program files\Common Files\Java 2014-08-26 03:40 . 2014-07-25 16:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-08-26 01:06 . 2014-08-26 01:06 -------- d-s---w- c:\windows\system32\CompatTel 2014-08-25 22:45 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll 2014-08-25 22:44 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-25 22:44 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys 2014-08-25 22:44 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-25 22:44 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll 2014-08-25 22:44 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll 2014-08-25 22:44 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll 2014-08-25 22:44 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll 2014-08-25 22:44 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe 2014-08-25 22:44 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe 2014-08-25 22:44 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe 2014-08-25 22:25 . 2014-08-25 22:25 -------- d-----w- c:\windows\Migration 2014-08-25 20:39 . 2014-08-25 20:39 640512 ----a-w- c:\windows\system32\advapi32.dll 2014-08-25 20:39 . 2014-08-25 20:39 619520 ----a-w- c:\windows\system32\tdh.dll 2014-08-25 20:39 . 2014-08-25 20:39 1289096 ----a-w- c:\windows\system32\ntdll.dll 2014-08-25 20:38 . 2014-08-25 20:38 231424 ----a-w- c:\windows\system32\mswsock.dll 2014-08-25 20:29 . 2014-08-25 21:19 -------- d-----w- c:\program files\Microsoft Security Client 2014-08-25 20:02 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll 2014-08-25 20:02 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll 2014-08-25 20:00 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll 2014-08-25 19:59 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll 2014-08-25 19:59 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll 2014-08-25 19:59 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2014-08-25 19:59 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll 2014-08-25 19:59 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2014-08-25 19:59 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll 2014-08-25 19:59 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys 2014-08-25 19:59 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2014-08-25 19:59 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2014-08-25 19:59 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll 2014-08-25 19:59 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-08-25 19:59 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll 2014-08-25 19:57 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2014-08-25 19:57 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2014-08-25 19:57 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2014-08-25 19:57 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys 2014-08-25 19:57 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2014-08-25 19:57 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2014-08-25 19:57 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys 2014-08-25 19:57 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll 2014-08-25 19:57 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-08-25 19:56 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2014-08-25 19:56 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe 2014-08-25 19:56 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe 2014-08-25 19:56 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2014-08-25 19:56 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2014-08-25 19:56 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll 2014-08-25 19:56 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll 2014-08-25 19:56 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll 2014-08-25 19:56 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll 2014-08-25 19:55 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2014-08-25 19:40 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll 2014-08-25 19:40 . 2014-04-12 02:15 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2014-08-25 19:40 . 2013-07-04 12:16 369848 ----a-w- c:\windows\system32\drivers\cng.sys 2014-08-25 19:40 . 2014-04-12 02:15 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2014-08-25 19:40 . 2014-04-12 02:12 15872 ----a-w- c:\windows\system32\sspisrv.dll 2014-08-25 19:40 . 2014-04-12 02:12 100352 ----a-w- c:\windows\system32\sspicli.dll 2014-08-25 19:40 . 2014-04-12 02:12 22016 ----a-w- c:\windows\system32\secur32.dll 2014-08-25 19:40 . 2014-04-12 02:11 22528 ----a-w- c:\windows\system32\lsass.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-05 21:29 . 2002-01-01 04:25 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2011-12-16 15:16 . 2011-12-16 15:16 1008141 ----a-w- c:\program files\rKill.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-15 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2014-03-11 14:13 951576 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920] R4 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584] R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032] S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-04-28 50688] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc . Contents of the 'Scheduled Tasks' folder . 2014-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 21:30] . 2014-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 21:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB FF - ProfilePath - c:\users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\igfxsrvc.exe c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2014-09-08 19:15:32 - machine was rebooted ComboFix-quarantined-files.txt 2014-09-08 23:15 ComboFix2.txt 2014-09-07 00:45 ComboFix3.txt 2014-09-01 22:44 ComboFix4.txt 2014-09-01 20:34 . Pre-Run: 110,047,117,312 bytes free Post-Run: 109,850,062,848 bytes free . - - End Of File - - ACE36091B13CD60B216C4C9D6B8820DF D645DD0274F8F5C9F4843DEC2A01384F

ComboFix 14-09-05.01 - Aaron's Mini 09/06/2014 20:25:07.3.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1015.420 [GMT -4:00] Running from: c:\users\Aaron's Mini\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-08-07 to 2014-09-07 ))))))))))))))))))))))))))))))) . . 2014-09-07 00:39 . 2014-09-07 00:39 -------- d-----w- c:\users\Aaron's Mini\AppData\Local\temp 2014-09-07 00:39 . 2014-09-07 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-06 00:50 . 2014-09-06 00:50 -------- d-----w- c:\program files\ESET 2014-09-05 21:42 . 2014-08-21 15:24 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC942827-5B7F-41FC-9768-A633429761C2}\mpengine.dll 2014-09-03 23:13 . 2014-08-21 15:24 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-09-03 23:05 . 2014-09-03 23:10 -------- d-----w- c:\windows\system32\catroot2 2014-09-03 22:40 . 2014-09-07 00:12 -------- d-----w- c:\windows\system32\wbem\repository 2014-09-03 22:19 . 2014-09-03 22:19 -------- d-----w- C:\RegBackup 2014-09-01 23:31 . 2014-09-01 23:03 24064 ----a-w- c:\windows\zoek-delete.exe 2014-09-01 19:44 . 2014-09-01 19:47 -------- d-----w- c:\users\Aaron's Mini\AppData\Roaming\Free Download Manager 2014-08-29 17:44 . 2014-08-14 15:30 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-08-29 17:44 . 2014-08-14 15:30 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6F785A5-5D19-47E0-956E-899E3D271307}\gapaengine.dll 2014-08-29 17:40 . 2014-09-01 23:26 -------- d-----w- C:\zoek_backup 2014-08-29 17:15 . 2014-07-25 11:07 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-08-29 17:15 . 2014-07-25 12:30 61952 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-08-29 17:15 . 2014-07-25 11:34 752640 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2014-08-29 17:15 . 2014-07-25 12:08 597504 ----a-w- c:\windows\system32\jscript9diag.dll 2014-08-29 17:15 . 2014-07-25 12:06 4204032 ----a-w- c:\windows\system32\jscript9.dll 2014-08-29 17:15 . 2014-07-25 12:53 10747392 ----a-w- c:\program files\Internet Explorer\F12Resources.dll 2014-08-29 17:14 . 2014-08-29 17:14 -------- d-sh--w- c:\users\Aaron's Mini\AppData\Local\EmieUserList 2014-08-29 17:14 . 2014-08-29 17:14 -------- d-sh--w- c:\users\Aaron's Mini\AppData\Local\EmieSiteList 2014-08-29 17:13 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys 2014-08-29 17:13 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll 2014-08-29 17:13 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll 2014-08-29 16:42 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll 2014-08-29 16:42 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe 2014-08-29 16:42 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll 2014-08-29 16:42 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll 2014-08-29 16:41 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll 2014-08-29 16:41 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll 2014-08-29 16:41 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll 2014-08-29 16:40 . 2014-05-14 13:23 179656 ----a-w- c:\windows\system32\wuwebv.dll 2014-08-29 16:40 . 2014-05-14 13:17 33792 ----a-w- c:\windows\system32\wuapp.exe 2014-08-26 04:09 . 2014-08-26 04:12 -------- d-----w- c:\users\Zach Admin 2014-08-26 03:54 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-26 03:53 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-26 03:53 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe 2014-08-26 03:52 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-26 03:47 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2014-08-26 03:46 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2014-08-26 03:42 . 2014-08-26 03:42 -------- d-----w- c:\programdata\Oracle 2014-08-26 03:41 . 2014-08-26 03:41 -------- d-----w- c:\program files\Common Files\Java 2014-08-26 03:40 . 2014-07-25 16:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-08-26 01:06 . 2014-08-26 01:06 -------- d-s---w- c:\windows\system32\CompatTel 2014-08-25 22:45 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll 2014-08-25 22:44 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-25 22:44 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys 2014-08-25 22:44 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-25 22:44 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll 2014-08-25 22:44 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll 2014-08-25 22:44 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll 2014-08-25 22:44 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll 2014-08-25 22:44 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe 2014-08-25 22:44 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe 2014-08-25 22:44 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe 2014-08-25 22:25 . 2014-08-25 22:25 -------- d-----w- c:\windows\Migration 2014-08-25 20:39 . 2014-08-25 20:39 640512 ----a-w- c:\windows\system32\advapi32.dll 2014-08-25 20:39 . 2014-08-25 20:39 619520 ----a-w- c:\windows\system32\tdh.dll 2014-08-25 20:39 . 2014-08-25 20:39 1289096 ----a-w- c:\windows\system32\ntdll.dll 2014-08-25 20:38 . 2014-08-25 20:38 231424 ----a-w- c:\windows\system32\mswsock.dll 2014-08-25 20:29 . 2014-08-25 21:19 -------- d-----w- c:\program files\Microsoft Security Client 2014-08-25 20:02 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll 2014-08-25 20:02 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll 2014-08-25 20:00 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll 2014-08-25 19:59 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll 2014-08-25 19:59 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll 2014-08-25 19:59 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2014-08-25 19:59 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll 2014-08-25 19:59 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2014-08-25 19:59 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll 2014-08-25 19:59 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys 2014-08-25 19:59 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2014-08-25 19:59 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2014-08-25 19:59 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll 2014-08-25 19:59 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-08-25 19:59 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll 2014-08-25 19:57 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2014-08-25 19:57 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2014-08-25 19:57 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2014-08-25 19:57 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys 2014-08-25 19:57 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2014-08-25 19:57 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2014-08-25 19:57 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys 2014-08-25 19:57 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll 2014-08-25 19:57 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-08-25 19:56 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2014-08-25 19:56 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe 2014-08-25 19:56 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe 2014-08-25 19:56 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2014-08-25 19:56 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2014-08-25 19:56 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll 2014-08-25 19:56 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll 2014-08-25 19:56 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll 2014-08-25 19:56 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll 2014-08-25 19:55 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2014-08-25 19:40 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll 2014-08-25 19:40 . 2014-04-12 02:15 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2014-08-25 19:40 . 2013-07-04 12:16 369848 ----a-w- c:\windows\system32\drivers\cng.sys 2014-08-25 19:40 . 2014-04-12 02:15 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2014-08-25 19:40 . 2014-04-12 02:12 15872 ----a-w- c:\windows\system32\sspisrv.dll 2014-08-25 19:40 . 2014-04-12 02:12 100352 ----a-w- c:\windows\system32\sspicli.dll 2014-08-25 19:40 . 2014-04-12 02:12 22016 ----a-w- c:\windows\system32\secur32.dll 2014-08-25 19:40 . 2014-04-12 02:11 22528 ----a-w- c:\windows\system32\lsass.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-05 21:29 . 2002-01-01 04:25 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2011-12-16 15:16 . 2011-12-16 15:16 1008141 ----a-w- c:\program files\rKill.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-15 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2014-03-11 14:13 951576 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920] R4 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584] R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032] S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-04-28 50688] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc . Contents of the 'Scheduled Tasks' folder . 2014-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 21:30] . 2014-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 21:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = http=127.0.0.1:49185;https=127.0.0.1:49185 IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB FF - ProfilePath - c:\users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Free Download Manager - c:\program files\Free Download Manager\fdm.exe . . . Completion time: 2014-09-06 20:45:04 ComboFix-quarantined-files.txt 2014-09-07 00:45 ComboFix2.txt 2014-09-01 22:44 ComboFix3.txt 2014-09-01 20:34 . Pre-Run: 108,547,059,712 bytes free Post-Run: 110,206,902,272 bytes free . - - End Of File - - 07CD7E09A4D52301E42E82945DFE3529 D645DD0274F8F5C9F4843DEC2A01384F

I removed what it found and rebooted the computer as MBAM directed. After the reboot, the proxy settings were different and I am unable to connect to the internet again. And, yes, because I was not able to connect to the internet, I was unable to the ESET scan.

Running the malwarebytes threat scan and quaranteening what it found, somehow knocked out the internet again. Since I can't access the export function of the program...this xml doc is the best I can do. I've attached it.mbam-log-2014-09-05 (17-29-13).xml

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014 Ran by Aaron's Mini (administrator) on AARONSMINI-PC on 04-09-2014 16:54:20 Running from C:\Users\Aaron's Mini\Desktop Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\RocketTab\Client.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [467036 2009-08-13] (IDT, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-147099939-99406921-2600037334-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-15] (Google Inc.) HKU\S-1-5-21-147099939-99406921-2600037334-1000\...\Run: [Free Download Manager] => "C:\Program Files\Free Download Manager\fdm.exe" -autorun ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:49315;https=127.0.0.1:49315 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033 FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @fileplanet.com/fpdlm -> C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Aaron's Mini\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S4 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.) [File not signed] S4 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe [221266 2009-08-13] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [16984 2009-07-27] (DeviceVM, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\Users\AARON'~1\AppData\Local\Temp\catchme.sys [X] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 16:53 - 2014-09-04 16:53 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\FRST-OlderVersion 2014-09-03 18:19 - 2014-09-03 18:19 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-AARONSMINI-PC-Microsoft-Windows-7-Starter-(32-bit).dat 2014-09-03 18:19 - 2014-09-03 18:19 - 00000000 ____D () C:\RegBackup 2014-09-03 18:16 - 2014-09-03 18:18 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\Tweaking.com - Windows Repair 2014-09-02 20:28 - 2014-09-04 16:53 - 01096704 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\FRST.exe 2014-09-01 19:51 - 2014-09-01 19:51 - 00007325 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results 2.txt 2014-09-01 19:31 - 2014-09-01 19:03 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-09-01 19:04 - 2014-09-01 08:34 - 00007803 _____ () C:\zoek-results2014-09-01-123435.log 2014-09-01 19:02 - 2014-09-01 19:00 - 01288704 _____ () C:\Users\Aaron's Mini\Desktop\zoek.exe 2014-09-01 18:44 - 2014-09-01 18:44 - 00018271 _____ () C:\ComboFix.txt 2014-09-01 18:12 - 2014-09-01 18:45 - 00000000 ____D () C:\ComboFix 2014-09-01 17:58 - 2014-09-01 17:58 - 00004313 _____ () C:\Users\Aaron's Mini\Desktop\FSS_2.txt 2014-09-01 17:33 - 2014-09-01 17:34 - 00000000 ____D () C:\Users\Public\Desktop\CC Support 2014-09-01 17:33 - 2014-09-01 17:32 - 04009167 _____ () C:\Users\Aaron's Mini\Desktop\ServicesRepair.exe 2014-09-01 17:19 - 2014-09-02 20:38 - 00004125 _____ () C:\Users\Aaron's Mini\Desktop\FSS.txt 2014-09-01 17:14 - 2014-09-01 17:15 - 00025226 _____ () C:\Users\Aaron's Mini\Desktop\Result.txt 2014-09-01 17:13 - 2014-09-01 17:11 - 00415232 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\FSS.exe 2014-09-01 17:13 - 2014-09-01 17:11 - 00401920 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\MiniToolBox.exe 2014-09-01 16:00 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-01 16:00 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-01 16:00 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-01 15:48 - 2014-09-01 18:44 - 00000000 ____D () C:\Qoobox 2014-09-01 15:47 - 2014-09-01 16:30 - 00000000 ____D () C:\Windows\erdnt 2014-09-01 15:45 - 2014-09-01 15:44 - 05576326 ____R (Swearware) C:\Users\Aaron's Mini\Desktop\ComboFix.exe 2014-09-01 15:44 - 2014-09-01 15:47 - 00000000 ____D () C:\Users\Aaron's Mini\AppData\Roaming\Free Download Manager 2014-09-01 15:44 - 2014-09-01 15:44 - 05576326 _____ (Swearware) C:\Users\Aaron's Mini\Downloads\ComboFix.exe 2014-09-01 15:42 - 2014-09-01 15:42 - 00001021 _____ () C:\Users\Aaron's Mini\Desktop\Free Download Manager.lnk 2014-09-01 15:41 - 2014-09-01 15:41 - 00000000 ____D () C:\Program Files\RocketTab 2014-09-01 15:38 - 2014-09-01 15:38 - 00245112 _____ (Software Installer ) C:\Users\Aaron's Mini\Downloads\Setup.exe 2014-09-01 10:57 - 2014-09-01 10:57 - 00392503 _____ () C:\Users\Aaron's Mini\Desktop\GMERlog.log 2014-09-01 10:24 - 2014-09-01 08:36 - 00380416 _____ () C:\Users\Aaron's Mini\Desktop\9wlrvzxt.exe 2014-09-01 08:36 - 2014-09-01 08:36 - 00380416 _____ () C:\Users\Aaron's Mini\Downloads\9wlrvzxt.exe 2014-09-01 08:35 - 2014-09-01 08:35 - 00007803 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results_9-1-14.txt 2014-09-01 08:02 - 2014-08-29 14:00 - 00048719 _____ () C:\zoek-results2014-08-29-180035.log 2014-08-29 14:03 - 2014-08-29 14:03 - 00048719 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results.txt 2014-08-29 13:48 - 2014-09-01 19:49 - 00007325 _____ () C:\zoek-results.log 2014-08-29 13:40 - 2014-09-01 19:26 - 00000000 ____D () C:\zoek_backup 2014-08-29 13:38 - 2014-08-29 13:39 - 01288704 _____ () C:\Users\Aaron's Mini\Downloads\zoek.exe 2014-08-29 13:17 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-29 13:17 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-29 13:17 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-29 13:17 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-29 13:17 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-29 13:17 - 2014-07-25 08:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-29 13:17 - 2014-07-25 07:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-29 13:17 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-29 13:17 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-29 13:16 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-29 13:16 - 2014-07-25 09:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-29 13:16 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-29 13:16 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-29 13:16 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-29 13:16 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-29 13:16 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-29 13:16 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-29 13:16 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-29 13:16 - 2014-07-25 07:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-29 13:16 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-29 13:16 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-29 13:16 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-29 13:16 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-29 13:15 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-29 13:15 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-29 13:15 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-29 13:15 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-29 13:15 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-29 13:15 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-29 13:15 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieUserList 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieSiteList 2014-08-29 13:13 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-29 13:13 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-29 13:13 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-08-29 12:42 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-29 12:42 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-29 12:42 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-29 12:42 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-29 12:41 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-29 12:41 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-29 12:41 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-29 12:40 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-29 12:40 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-26 00:11 - 2014-08-26 00:11 - 00077024 _____ () C:\Users\Zach Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-26 00:10 - 2014-08-26 00:10 - 00001409 _____ () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-26 00:10 - 2014-08-26 00:10 - 00000000 ____D () C:\Users\Zach Admin\AppData\Roaming\Adobe 2014-08-26 00:09 - 2014-08-26 00:12 - 00000000 ____D () C:\Users\Zach Admin 2014-08-26 00:09 - 2014-08-26 00:09 - 00000020 ___SH () C:\Users\Zach Admin\ntuser.ini 2014-08-26 00:09 - 2014-08-26 00:09 - 00000000 ____D () C:\Users\Zach Admin\AppData\Local\VirtualStore 2014-08-26 00:09 - 2009-08-28 17:13 - 00000000 ____D () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager 2014-08-26 00:09 - 2009-07-14 00:42 - 00000000 ___RD () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-08-26 00:09 - 2009-07-14 00:37 - 00000000 ___RD () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-08-25 23:54 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-25 23:53 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-25 23:53 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-25 23:52 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-25 23:47 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-08-25 23:47 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-25 23:41 - 2014-08-25 23:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-25 23:41 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-25 23:40 - 2014-08-25 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-25 23:40 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-25 23:40 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-25 23:40 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-25 23:36 - 2014-08-25 23:40 - 00006095 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-08-25 21:06 - 2014-08-25 21:06 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-25 18:45 - 2013-10-01 19:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-08-25 18:44 - 2013-10-01 20:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-08-25 18:44 - 2013-10-01 20:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-25 18:44 - 2013-10-01 20:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-25 18:44 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-08-25 18:44 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-08-25 18:44 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-08-25 18:44 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-08-25 18:44 - 2013-10-01 19:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-08-25 18:44 - 2013-10-01 18:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-08-25 18:44 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-08-25 16:41 - 2014-08-25 16:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-25 16:41 - 2014-08-25 16:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-08-25 16:41 - 2014-08-25 16:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-25 16:39 - 2014-08-25 16:39 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-08-25 16:38 - 2014-08-25 16:38 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-08-25 16:34 - 2014-08-25 16:34 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\Old Firefox Data 2014-08-25 16:32 - 2014-08-25 16:53 - 00015565 _____ () C:\Windows\IE11_main.log 2014-08-25 16:30 - 2014-08-25 17:19 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-08-25 16:29 - 2014-08-25 17:19 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-08-25 16:29 - 2014-08-25 17:19 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-08-25 16:02 - 2013-11-23 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-08-25 16:02 - 2013-10-18 21:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-08-25 16:01 - 2014-08-06 21:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-25 16:01 - 2014-08-06 21:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-25 16:01 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-08-25 16:01 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-08-25 16:01 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-08-25 16:01 - 2014-03-04 05:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-08-25 16:01 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-08-25 16:01 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-08-25 16:01 - 2013-08-04 21:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-08-25 16:01 - 2013-08-01 21:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-08-25 16:01 - 2013-08-01 20:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:43 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:43 - 00003584 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:43 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-08-25 16:01 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-08-25 16:00 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-25 16:00 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-08-25 16:00 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-08-25 16:00 - 2014-04-04 22:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-08-25 16:00 - 2014-04-04 22:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-08-25 16:00 - 2014-01-23 22:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-08-25 16:00 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-08-25 16:00 - 2013-11-26 07:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-08-25 16:00 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-08-25 16:00 - 2013-10-03 21:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-08-25 16:00 - 2013-10-03 21:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-08-25 16:00 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-08-25 16:00 - 2013-08-27 20:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-08-25 16:00 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-08-25 16:00 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-08-25 16:00 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-08-25 16:00 - 2013-07-04 05:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-08-25 16:00 - 2013-07-02 23:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-08-25 16:00 - 2013-07-02 23:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-08-25 16:00 - 2013-06-06 00:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-08-25 16:00 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-08-25 16:00 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-08-25 16:00 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-08-25 16:00 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-08-25 15:59 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-25 15:59 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-25 15:59 - 2014-02-03 22:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-08-25 15:59 - 2014-02-03 22:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-08-25 15:59 - 2014-02-03 22:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-08-25 15:59 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-08-25 15:59 - 2013-10-05 15:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-08-25 15:59 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-08-25 15:59 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-08-25 15:59 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-08-25 15:59 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-08-25 15:59 - 2013-06-25 18:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-08-25 15:58 - 2014-07-13 21:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-25 15:58 - 2014-06-15 21:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-25 15:58 - 2014-06-15 21:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-25 15:58 - 2014-06-15 21:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-25 15:58 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-08-25 15:58 - 2014-06-03 05:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-25 15:58 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-25 15:58 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-25 15:58 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-08-25 15:58 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-08-25 15:58 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-08-25 15:58 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-08-25 15:58 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-08-25 15:58 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-08-25 15:58 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-08-25 15:58 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-08-25 15:58 - 2014-01-27 22:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-08-25 15:58 - 2013-10-11 22:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-08-25 15:58 - 2013-10-11 22:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-08-25 15:58 - 2013-10-11 22:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-08-25 15:58 - 2013-10-11 22:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-08-25 15:58 - 2013-10-11 22:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-08-25 15:58 - 2013-10-11 21:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-08-25 15:58 - 2013-10-11 21:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-08-25 15:58 - 2013-10-03 21:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-08-25 15:58 - 2013-10-03 21:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-08-25 15:58 - 2013-07-12 06:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2014-08-25 15:58 - 2013-07-12 06:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-08-25 15:58 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-08-25 15:57 - 2014-05-08 05:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-08-25 15:57 - 2014-05-08 05:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-08-25 15:57 - 2013-11-26 21:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-08-25 15:56 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-08-25 15:56 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-08-25 15:56 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-08-25 15:56 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-08-25 15:56 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-08-25 15:56 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-08-25 15:56 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-08-25 15:56 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-08-25 15:56 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-08-25 15:55 - 2013-06-14 23:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-08-25 15:40 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-08-25 15:40 - 2014-04-11 22:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-08-25 15:40 - 2014-04-11 22:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-08-25 15:40 - 2014-04-11 22:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-08-25 15:40 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-08-25 15:40 - 2014-04-11 22:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-08-25 15:40 - 2014-04-11 22:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-08-25 15:40 - 2013-07-04 08:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 16:56 - 2009-07-24 12:11 - 00805740 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-04 16:56 - 2002-01-01 01:46 - 00009043 _____ () C:\Users\Aaron's Mini\Desktop\FRST.txt 2014-09-04 16:55 - 2009-10-15 06:37 - 02051242 _____ () C:\Windows\WindowsUpdate.log 2014-09-04 16:54 - 2002-01-01 01:14 - 00000000 ____D () C:\FRST 2014-09-04 16:53 - 2014-09-04 16:53 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\FRST-OlderVersion 2014-09-04 16:53 - 2014-09-02 20:28 - 01096704 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\FRST.exe 2014-09-04 16:52 - 2011-03-15 17:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-04 16:51 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-04 16:51 - 2009-07-14 00:39 - 00042050 _____ () C:\Windows\setupact.log 2014-09-03 19:14 - 2009-07-14 00:34 - 00016480 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-03 19:14 - 2009-07-14 00:34 - 00016480 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-03 19:10 - 2009-12-27 17:40 - 00075160 _____ () C:\Users\Aaron's Mini\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-03 18:56 - 2010-07-09 19:10 - 00272422 _____ () C:\Windows\PFRO.log 2014-09-03 18:56 - 2009-07-14 00:33 - 00311600 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-03 18:20 - 2011-03-15 17:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-03 18:19 - 2014-09-03 18:19 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-AARONSMINI-PC-Microsoft-Windows-7-Starter-(32-bit).dat 2014-09-03 18:19 - 2014-09-03 18:19 - 00000000 ____D () C:\RegBackup 2014-09-03 18:18 - 2014-09-03 18:16 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\Tweaking.com - Windows Repair 2014-09-02 20:38 - 2014-09-01 17:19 - 00004125 _____ () C:\Users\Aaron's Mini\Desktop\FSS.txt 2014-09-01 19:51 - 2014-09-01 19:51 - 00007325 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results 2.txt 2014-09-01 19:49 - 2014-08-29 13:48 - 00007325 _____ () C:\zoek-results.log 2014-09-01 19:26 - 2014-08-29 13:40 - 00000000 ____D () C:\zoek_backup 2014-09-01 19:26 - 2009-12-27 17:34 - 00000000 ____D () C:\Users\Aaron's Mini 2014-09-01 19:03 - 2014-09-01 19:31 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-09-01 19:00 - 2014-09-01 19:02 - 01288704 _____ () C:\Users\Aaron's Mini\Desktop\zoek.exe 2014-09-01 18:45 - 2014-09-01 18:12 - 00000000 ____D () C:\ComboFix 2014-09-01 18:44 - 2014-09-01 18:44 - 00018271 _____ () C:\ComboFix.txt 2014-09-01 18:44 - 2014-09-01 15:48 - 00000000 ____D () C:\Qoobox 2014-09-01 18:36 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini 2014-09-01 18:35 - 2009-07-13 22:04 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_148 2014-09-01 17:58 - 2014-09-01 17:58 - 00004313 _____ () C:\Users\Aaron's Mini\Desktop\FSS_2.txt 2014-09-01 17:34 - 2014-09-01 17:33 - 00000000 ____D () C:\Users\Public\Desktop\CC Support 2014-09-01 17:32 - 2014-09-01 17:33 - 04009167 _____ () C:\Users\Aaron's Mini\Desktop\ServicesRepair.exe 2014-09-01 17:15 - 2014-09-01 17:14 - 00025226 _____ () C:\Users\Aaron's Mini\Desktop\Result.txt 2014-09-01 17:11 - 2014-09-01 17:13 - 00415232 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\FSS.exe 2014-09-01 17:11 - 2014-09-01 17:13 - 00401920 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\MiniToolBox.exe 2014-09-01 16:34 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public 2014-09-01 16:30 - 2014-09-01 15:47 - 00000000 ____D () C:\Windows\erdnt 2014-09-01 16:23 - 2009-07-13 22:03 - 44040192 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 13107200 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-09-01 16:20 - 2009-08-28 16:04 - 00000000 ____D () C:\Program Files\HP 2014-09-01 16:04 - 2009-10-15 07:24 - 00000177 ____N () C:\dvmexp.idx 2014-09-01 15:47 - 2014-09-01 15:44 - 00000000 ____D () C:\Users\Aaron's Mini\AppData\Roaming\Free Download Manager 2014-09-01 15:44 - 2014-09-01 15:45 - 05576326 ____R (Swearware) C:\Users\Aaron's Mini\Desktop\ComboFix.exe 2014-09-01 15:44 - 2014-09-01 15:44 - 05576326 _____ (Swearware) C:\Users\Aaron's Mini\Downloads\ComboFix.exe 2014-09-01 15:42 - 2014-09-01 15:42 - 00001021 _____ () C:\Users\Aaron's Mini\Desktop\Free Download Manager.lnk 2014-09-01 15:41 - 2014-09-01 15:41 - 00000000 ____D () C:\Program Files\RocketTab 2014-09-01 15:38 - 2014-09-01 15:38 - 00245112 _____ (Software Installer ) C:\Users\Aaron's Mini\Downloads\Setup.exe 2014-09-01 11:43 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache 2014-09-01 10:57 - 2014-09-01 10:57 - 00392503 _____ () C:\Users\Aaron's Mini\Desktop\GMERlog.log 2014-09-01 09:03 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-01 08:36 - 2014-09-01 10:24 - 00380416 _____ () C:\Users\Aaron's Mini\Desktop\9wlrvzxt.exe 2014-09-01 08:36 - 2014-09-01 08:36 - 00380416 _____ () C:\Users\Aaron's Mini\Downloads\9wlrvzxt.exe 2014-09-01 08:35 - 2014-09-01 08:35 - 00007803 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results_9-1-14.txt 2014-09-01 08:34 - 2014-09-01 19:04 - 00007803 _____ () C:\zoek-results2014-09-01-123435.log 2014-08-29 14:03 - 2014-08-29 14:03 - 00048719 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results.txt 2014-08-29 14:00 - 2014-09-01 08:02 - 00048719 _____ () C:\zoek-results2014-08-29-180035.log 2014-08-29 13:39 - 2014-08-29 13:38 - 01288704 _____ () C:\Users\Aaron's Mini\Downloads\zoek.exe 2014-08-29 13:23 - 2002-01-01 00:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieUserList 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieSiteList 2014-08-26 00:47 - 2009-08-28 15:34 - 00000000 ____D () C:\Program Files\InstallShield Installation Information 2014-08-26 00:43 - 2009-08-28 15:32 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-08-26 00:39 - 2009-08-28 17:48 - 00000000 ____D () C:\ProgramData\CyberLink 2014-08-26 00:31 - 2010-07-11 15:38 - 00000000 ____D () C:\Users\Aaron's Mini\AppData\Local\Yahoo 2014-08-26 00:12 - 2014-08-26 00:09 - 00000000 ____D () C:\Users\Zach Admin 2014-08-26 00:11 - 2014-08-26 00:11 - 00077024 _____ () C:\Users\Zach Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-26 00:10 - 2014-08-26 00:10 - 00001409 _____ () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-26 00:10 - 2014-08-26 00:10 - 00000000 ____D () C:\Users\Zach Admin\AppData\Roaming\Adobe 2014-08-26 00:09 - 2014-08-26 00:09 - 00000020 ___SH () C:\Users\Zach Admin\ntuser.ini 2014-08-26 00:09 - 2014-08-26 00:09 - 00000000 ____D () C:\Users\Zach Admin\AppData\Local\VirtualStore 2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-25 23:41 - 2014-08-25 23:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-25 23:40 - 2014-08-25 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-25 23:40 - 2014-08-25 23:36 - 00006095 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-08-25 23:40 - 2013-08-10 16:40 - 00000000 ____D () C:\Program Files\Java 2014-08-25 21:06 - 2014-08-25 21:06 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-25 19:12 - 2013-08-11 15:27 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-25 17:19 - 2014-08-25 16:30 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-08-25 17:19 - 2014-08-25 16:29 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-08-25 17:19 - 2014-08-25 16:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-08-25 16:53 - 2014-08-25 16:32 - 00015565 _____ () C:\Windows\IE11_main.log 2014-08-25 16:41 - 2014-08-25 16:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-08-25 16:41 - 2014-08-25 16:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-25 16:41 - 2014-08-25 16:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-08-25 16:41 - 2014-08-25 16:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-25 16:39 - 2014-08-25 16:39 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-08-25 16:38 - 2014-08-25 16:38 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-08-25 16:34 - 2014-08-25 16:34 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\Old Firefox Data 2014-08-22 21:46 - 2014-08-29 13:13 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-22 20:42 - 2014-08-29 13:13 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-06 21:43 - 2014-08-25 16:01 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-06 21:39 - 2014-08-25 16:01 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Aaron's Mini\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Aaron's Mini\AppData\Local\Temp\System.Data.SQLite49715.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-29 14:47 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2014 Ran by Aaron's Mini at 2014-09-04 16:59:12 Running from C:\Users\Aaron's Mini\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.) Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) ArcSoft WebCam Companion 3 (HKLM\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.355 - ArcSoft) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.5 - Atheros Communications Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation) Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Download Manager 2.3.10 (HKLM\...\Download Manager) (Version: 2.3.10 - IGN Entertainment, Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden Homepage Protection (HKLM\...\Homepage Protection) (Version: - AOL Products) HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent) HP Instant Web (HKLM\...\{53F08287-443D-4FC0-B74D-1169B6B9A71C}) (Version: 1.0.5.0 - DeviceVM, Inc.) HP Setup (HKLM\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard) HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard) HP User Guides 0166 (HKLM\...\{11B7161D-3461-40CD-B31F-84065AC84A4E}) (Version: 1.00.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6217.0 - IDT) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - ) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden PowerRecover (Version: 5.5.1923 - CyberLink Corp.) Hidden Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.) RocketTab (HKLM\...\RocketTab) (Version: - RocketTab) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Trojan Killer 2.1 (HKLM\...\{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1) (Version: - GridinSoft, Inc.) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) X-Com Apocalypse (HKLM\...\X-Com Apocalypse) (Version: 1.00 - 2K Games) X-Com Terror From the Deep (HKLM\...\X-Com Terror From the Deep) (Version: 1.00 - 2K Games) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-147099939-99406921-2600037334-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Aaron's Mini\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-147099939-99406921-2600037334-1000_Classes\CLSID\{F83DEC6C-F5E6-403A-9C83-36FB1B7007E2}\InprocServer32 -> C:\Users\Aaron's Mini\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\YBPAddon_2.7.1.dll No File ==================== Restore Points ========================= 25-08-2014 20:04:16 Windows Update 26-08-2014 03:30:51 Windows Update 26-08-2014 04:24:08 HPSF Restore Point 26-08-2014 04:25:16 Removed Microsoft Silverlight 26-08-2014 04:34:20 Configured Power2Go 26-08-2014 04:41:54 Removed HP QuickSync. 26-08-2014 04:45:51 Configured PowerStarter 29-08-2014 16:38:21 Windows Update 29-08-2014 17:38:05 Windows Update 29-08-2014 17:48:16 zoek.exe restore point 30-08-2014 03:48:48 Windows Update 03-09-2014 23:12:56 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2014-09-03 18:45 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2109BF53-FB27-4127-B095-533B49F6434B} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2010-11-20] (Microsoft Corporation) Task: {333DBF66-E7B0-4D49-A050-2A6035A8AE62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-15] (Google Inc.) Task: {338CC730-8CED-49E2-A957-606A68CC9B51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company) Task: {56E3EA91-70C9-4470-AB2D-FB4CDA6A6830} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company) Task: {64C74AFC-3CD8-4197-9D76-FEF0C774A6FB} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] () Task: {65D7B8DC-2423-4762-9197-3B59E95C6198} - System32\Tasks\RecoveryCDWin7 => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] () Task: {A1B52EC7-ABA8-4AD6-819E-ABA4B09AA875} - System32\Tasks\RocketTab Update Task => C:\Program Files\RocketTab\uninstall.exe [2014-09-01] () Task: {B7D769D4-EA3D-4026-AF1D-44044D87E7EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company) Task: {E83F237C-AB0C-41F1-AAA1-1E92D41DECEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-15] (Google Inc.) Task: {F1A375C8-2455-4B5C-87D6-32FC49736E22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-01 15:41 - 2014-09-01 15:41 - 01420520 _____ () C:\Program Files\RocketTab\Client.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: ACDaemon => 3 MSCONFIG\Services: AeLookupSvc => 3 MSCONFIG\Services: AESTFilters => 2 MSCONFIG\Services: ALG => 3 MSCONFIG\Services: AppIDSvc => 3 MSCONFIG\Services: AudioEndpointBuilder => 2 MSCONFIG\Services: Audiosrv => 2 MSCONFIG\Services: AxInstSV => 3 MSCONFIG\Services: BDESVC => 3 MSCONFIG\Services: BFE => 2 MSCONFIG\Services: BITS => 3 MSCONFIG\Services: Browser => 3 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: CertPropSvc => 3 MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2 MSCONFIG\Services: COMSysApp => 3 MSCONFIG\Services: CryptSvc => 2 MSCONFIG\Services: defragsvc => 3 MSCONFIG\Services: Dhcp => 2 MSCONFIG\Services: Dnscache => 2 MSCONFIG\Services: dot3svc => 3 MSCONFIG\Services: DPS => 2 MSCONFIG\Services: DvmMDES => 2 MSCONFIG\Services: EapHost => 3 MSCONFIG\Services: EFS => 3 MSCONFIG\Services: eventlog => 2 MSCONFIG\Services: EventSystem => 2 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: fdPHost => 3 MSCONFIG\Services: FDResPub => 3 MSCONFIG\Services: FontCache => 2 MSCONFIG\Services: FontCache3.0.0.0 => 3 MSCONFIG\Services: GameConsoleService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: hidserv => 3 MSCONFIG\Services: hkmsvc => 3 MSCONFIG\Services: HomeGroupListener => 3 MSCONFIG\Services: HomeGroupProvider => 3 MSCONFIG\Services: HP Support Assistant Service => 2 MSCONFIG\Services: HPDrvMntSvc.exe => 2 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: idsvc => 3 MSCONFIG\Services: IEEtwCollectorService => 3 MSCONFIG\Services: IKEEXT => 2 MSCONFIG\Services: IPBusEnum => 3 MSCONFIG\Services: iphlpsvc => 2 MSCONFIG\Services: KeyIso => 3 MSCONFIG\Services: KtmRm => 3 MSCONFIG\Services: LanmanServer => 2 MSCONFIG\Services: LanmanWorkstation => 2 MSCONFIG\Services: lltdsvc => 3 MSCONFIG\Services: lmhosts => 2 MSCONFIG\Services: MMCSS => 2 MSCONFIG\Services: MpsSvc => 2 MSCONFIG\Services: MSDTC => 3 MSCONFIG\Services: MSiSCSI => 3 MSCONFIG\Services: msiserver => 3 MSCONFIG\Services: napagent => 3 MSCONFIG\Services: Netlogon => 3 MSCONFIG\Services: Netman => 3 MSCONFIG\Services: netprofm => 3 MSCONFIG\Services: NlaSvc => 2 MSCONFIG\Services: nsi => 2 MSCONFIG\Services: p2pimsvc => 3 MSCONFIG\Services: p2psvc => 3 MSCONFIG\Services: PcaSvc => 2 MSCONFIG\Services: pla => 3 MSCONFIG\Services: PNRPAutoReg => 3 MSCONFIG\Services: PNRPsvc => 3 MSCONFIG\Services: PolicyAgent => 3 MSCONFIG\Services: Power => 2 MSCONFIG\Services: ProtectedStorage => 3 MSCONFIG\Services: QWAVE => 3 MSCONFIG\Services: RasAuto => 3 MSCONFIG\Services: RasMan => 3 MSCONFIG\Services: RemoteRegistry => 3 MSCONFIG\Services: RpcLocator => 3 MSCONFIG\Services: SamSs => 2 MSCONFIG\Services: SCardSvr => 3 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: SDRSVC => 3 MSCONFIG\Services: seclogon => 2 MSCONFIG\Services: SENS => 2 MSCONFIG\Services: SessionEnv => 3 MSCONFIG\Services: ShellHWDetection => 2 MSCONFIG\Services: SNMPTRAP => 3 MSCONFIG\Services: Spooler => 2 MSCONFIG\Services: sppuinotify => 3 MSCONFIG\Services: SSDPSRV => 3 MSCONFIG\Services: SstpSvc => 3 MSCONFIG\Services: STacSV => 2 MSCONFIG\Services: StiSvc => 2 MSCONFIG\Services: swprv => 3 MSCONFIG\Services: SysMain => 2 MSCONFIG\Services: TabletInputService => 3 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: TBS => 3 MSCONFIG\Services: TermService => 3 MSCONFIG\Services: Themes => 2 MSCONFIG\Services: THREADORDER => 3 MSCONFIG\Services: TrkWks => 2 MSCONFIG\Services: TrustedInstaller => 3 MSCONFIG\Services: UI0Detect => 3 MSCONFIG\Services: upnphost => 3 MSCONFIG\Services: UxSms => 2 MSCONFIG\Services: VaultSvc => 3 MSCONFIG\Services: vds => 3 MSCONFIG\Services: VSS => 3 MSCONFIG\Services: W32Time => 3 MSCONFIG\Services: wbengine => 3 MSCONFIG\Services: WbioSrvc => 3 MSCONFIG\Services: wcncsvc => 3 MSCONFIG\Services: WcsPlugInService => 3 MSCONFIG\Services: WdiServiceHost => 3 MSCONFIG\Services: WdiSystemHost => 3 MSCONFIG\Services: WebClient => 3 MSCONFIG\Services: Wecsvc => 3 MSCONFIG\Services: wercplsupport => 3 MSCONFIG\Services: WerSvc => 3 MSCONFIG\Services: WinDefend => 2 MSCONFIG\Services: WinHttpAutoProxySvc => 3 MSCONFIG\Services: Winmgmt => 2 MSCONFIG\Services: WinRM => 3 MSCONFIG\Services: Wlansvc => 2 MSCONFIG\Services: wmiApSrv => 3 MSCONFIG\Services: WMPNetworkSvc => 3 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: WPDBusEnum => 3 MSCONFIG\Services: wscsvc => 2 MSCONFIG\Services: WSearch => 2 MSCONFIG\Services: wuauserv => 2 MSCONFIG\Services: wudfsvc => 3 MSCONFIG\Services: WwanSvc => 3 MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey ==================== Faulty Device Manager Devices ============= Name: HP Webcam-50 Description: USB Video Device Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: usbvideo Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/03/2014 06:58:40 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Operation: Subscribing Writer Context: Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {4896f8d7-86a6-4607-8c9e-40888fdd28ba} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Subscribing Writer Context: Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {4896f8d7-86a6-4607-8c9e-40888fdd28ba} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Operation: Subscribing Writer Context: Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {329efe64-c769-40f1-882d-fa1bc06f3fa2} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Subscribing Writer Context: Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {329efe64-c769-40f1-882d-fa1bc06f3fa2} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 12346) (User: ) Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. was encountered while trying to initialize the Registry Writer. This may cause future shadow-copy creations to fail. Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Operation: Subscribing Writer Context: Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {18efaebc-593e-450a-8f79-68d10185aef7} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Subscribing Writer Context: Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {18efaebc-593e-450a-8f79-68d10185aef7} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 12342) (User: ) Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. was encountered while trying to initialize the Registry Writer. This may cause future shadow-copy creations to fail. Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine Subscribing the Registry server writer failed. hr = 8004230208lx. hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. . System errors: ============= Error: (09/03/2014 06:58:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Audio service hung on starting. Error: (09/03/2014 06:46:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1058 Error: (09/03/2014 06:46:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1058 Error: (09/03/2014 06:46:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1058 Error: (09/03/2014 06:46:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1058 Error: (09/03/2014 06:46:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1058 Error: (09/03/2014 06:46:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1058 Error: (09/03/2014 06:44:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (09/03/2014 06:44:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (09/03/2014 06:27:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1058 Microsoft Office Sessions: ========================= Error: (09/03/2014 06:58:40 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 8193) (User: ) Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Subscribing Writer Context: Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {4896f8d7-86a6-4607-8c9e-40888fdd28ba} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 13) (User: ) Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Subscribing Writer Context: Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {4896f8d7-86a6-4607-8c9e-40888fdd28ba} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 8193) (User: ) Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Subscribing Writer Context: Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {329efe64-c769-40f1-882d-fa1bc06f3fa2} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 13) (User: ) Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Subscribing Writer Context: Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {329efe64-c769-40f1-882d-fa1bc06f3fa2} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 12346) (User: ) Description: 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 8193) (User: ) Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Subscribing Writer Context: Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {18efaebc-593e-450a-8f79-68d10185aef7} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 13) (User: ) Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Subscribing Writer Context: Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {18efaebc-593e-450a-8f79-68d10185aef7} Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 12342) (User: ) Description: 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. Error: (09/03/2014 06:53:02 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Subscribing the Registry server writer failed. hr = 8004230208lx0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. ==================== Memory info =========================== Processor: Intel® Atom CPU N270 @ 1.60GHz Percentage of memory in use: 79% Total physical RAM: 1015.3 MB Available physical RAM: 203.88 MB Total Pagefile: 2039.3 MB Available Pagefile: 947.37 MB Total Virtual: 2047.88 MB Available Virtual: 1925 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:137.47 GB) (Free:101.51 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:11.38 GB) (Free:1.91 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149.1 GB) (Disk ID: CD68444D) Partition 1: (Not Active) - (Size=137.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=11.4 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=201 MB) - (Type=07 NTFS) ==================== End Of Log ============================ Farbar Service Scanner Version: 21-07-2014 Ran by Aaron's Mini (administrator) on 04-09-2014 at 17:07:42 Running from "C:\Users\Aaron's Mini\Desktop" Microsoft Windows 7 Starter Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. IE proxy is enabled. ProxyServer: http=127.0.0.1:49315;https=127.0.0.1:49315 Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => File is digitally signed C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\system32\dhcpcore.dll => File is digitally signed C:\Windows\system32\Drivers\afd.sys => File is digitally signed C:\Windows\system32\Drivers\tdx.sys => File is digitally signed C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed C:\Windows\system32\dnsrslvr.dll => File is digitally signed C:\Windows\system32\mpssvc.dll => File is digitally signed C:\Windows\system32\bfe.dll => File is digitally signed C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\system32\SDRSVC.dll => File is digitally signed C:\Windows\system32\vssvc.exe => File is digitally signed C:\Windows\system32\wscsvc.dll => File is digitally signed C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\system32\wuaueng.dll => File is digitally signed C:\Windows\system32\qmgr.dll => File is digitally signed C:\Windows\system32\es.dll => File is digitally signed C:\Windows\system32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\system32\ipnathlp.dll => File is digitally signed C:\Windows\system32\iphlpsvc.dll => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed **** End of log ****

Repair done! I've attached them all. Some are quite large. The internet now is functional as is the brightness control. Upon startup, after logging in, I see a "taskeng.exe" empty window appear. I closes on its own, but this is new. I don't know what it is either. _Windows_Repair_Log.txt Remove_Temp_Files.txt Repair_Icons.txt Repair_MSI_Windows_Installer.txt Repair_Volume_Shadow_Copy_Service.txt Repair_Windows_Firewall.txt Repair_Windows_Updates.txt Repair_Winsock_and_DNS_Cache.txt Repair_WMI.txt Unhidden_Files.txt

Windows does not detect any networking hardware. <<< that is from the 'connect to the internet' section of the control panel. Also, I can not adjust screen brightness. When I try to select the option enter the screen to adjust it, nothing happens...I click the link and nothing happens. When the computer boots up, the screen is nice and bright, but the moment I move the mouse the screen dims and I can not make it brighter. Maybe the connectivity and brightness issues are related?

FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03 Ran by Aaron's Mini (administrator) on AARONSMINI-PC on 02-09-2014 20:29:10 Running from C:\Users\Aaron's Mini\Desktop Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\RocketTab\Client.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [467036 2009-08-13] (IDT, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\.DEFAULT\...\Policies\system: [WallpaperStyle] 2 HKU\S-1-5-21-147099939-99406921-2600037334-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-15] (Google Inc.) HKU\S-1-5-21-147099939-99406921-2600037334-1000\...\Run: [Free Download Manager] => "C:\Program Files\Free Download Manager\fdm.exe" -autorun ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:49166;https=127.0.0.1:49166 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033 FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @fileplanet.com/fpdlm -> C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Aaron's Mini\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S4 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.) [File not signed] S4 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe [221266 2009-08-13] (IDT, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [16984 2009-07-27] (DeviceVM, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\Users\AARON'~1\AppData\Local\Temp\catchme.sys [X] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-02 20:28 - 2002-01-01 01:13 - 01095168 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\FRST.exe 2014-09-01 19:51 - 2014-09-01 19:51 - 00007325 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results 2.txt 2014-09-01 19:31 - 2014-09-01 19:03 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-09-01 19:04 - 2014-09-01 08:34 - 00007803 _____ () C:\zoek-results2014-09-01-123435.log 2014-09-01 19:02 - 2014-09-01 19:00 - 01288704 _____ () C:\Users\Aaron's Mini\Desktop\zoek.exe 2014-09-01 18:44 - 2014-09-01 18:44 - 00018271 _____ () C:\ComboFix.txt 2014-09-01 18:12 - 2014-09-01 18:45 - 00000000 ____D () C:\ComboFix 2014-09-01 17:58 - 2014-09-01 17:58 - 00004313 _____ () C:\Users\Aaron's Mini\Desktop\FSS_2.txt 2014-09-01 17:33 - 2014-09-01 17:34 - 00000000 ____D () C:\Users\Public\Desktop\CC Support 2014-09-01 17:33 - 2014-09-01 17:32 - 04009167 _____ () C:\Users\Aaron's Mini\Desktop\ServicesRepair.exe 2014-09-01 17:19 - 2014-09-01 17:56 - 00004313 _____ () C:\Users\Aaron's Mini\Desktop\FSS.txt 2014-09-01 17:14 - 2014-09-01 17:15 - 00025226 _____ () C:\Users\Aaron's Mini\Desktop\Result.txt 2014-09-01 17:13 - 2014-09-01 17:11 - 00415232 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\FSS.exe 2014-09-01 17:13 - 2014-09-01 17:11 - 00401920 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\MiniToolBox.exe 2014-09-01 16:00 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-01 16:00 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-01 16:00 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-01 16:00 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-01 15:48 - 2014-09-01 18:44 - 00000000 ____D () C:\Qoobox 2014-09-01 15:47 - 2014-09-01 16:30 - 00000000 ____D () C:\Windows\erdnt 2014-09-01 15:45 - 2014-09-01 15:44 - 05576326 ____R (Swearware) C:\Users\Aaron's Mini\Desktop\ComboFix.exe 2014-09-01 15:44 - 2014-09-01 15:47 - 00000000 ____D () C:\Users\Aaron's Mini\AppData\Roaming\Free Download Manager 2014-09-01 15:44 - 2014-09-01 15:44 - 05576326 _____ (Swearware) C:\Users\Aaron's Mini\Downloads\ComboFix.exe 2014-09-01 15:42 - 2014-09-01 15:42 - 00001021 _____ () C:\Users\Aaron's Mini\Desktop\Free Download Manager.lnk 2014-09-01 15:41 - 2014-09-01 15:41 - 00000000 ____D () C:\Program Files\RocketTab 2014-09-01 15:38 - 2014-09-01 15:38 - 00245112 _____ (Software Installer ) C:\Users\Aaron's Mini\Downloads\Setup.exe 2014-09-01 10:57 - 2014-09-01 10:57 - 00392503 _____ () C:\Users\Aaron's Mini\Desktop\GMERlog.log 2014-09-01 10:24 - 2014-09-01 08:36 - 00380416 _____ () C:\Users\Aaron's Mini\Desktop\9wlrvzxt.exe 2014-09-01 08:36 - 2014-09-01 08:36 - 00380416 _____ () C:\Users\Aaron's Mini\Downloads\9wlrvzxt.exe 2014-09-01 08:35 - 2014-09-01 08:35 - 00007803 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results_9-1-14.txt 2014-09-01 08:02 - 2014-08-29 14:00 - 00048719 _____ () C:\zoek-results2014-08-29-180035.log 2014-08-29 14:03 - 2014-08-29 14:03 - 00048719 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results.txt 2014-08-29 13:48 - 2014-09-01 19:49 - 00007325 _____ () C:\zoek-results.log 2014-08-29 13:40 - 2014-09-01 19:26 - 00000000 ____D () C:\zoek_backup 2014-08-29 13:38 - 2014-08-29 13:39 - 01288704 _____ () C:\Users\Aaron's Mini\Downloads\zoek.exe 2014-08-29 13:17 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-29 13:17 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-29 13:17 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-29 13:17 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-29 13:17 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-29 13:17 - 2014-07-25 08:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-29 13:17 - 2014-07-25 07:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-29 13:17 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-29 13:17 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-29 13:16 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-29 13:16 - 2014-07-25 09:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-29 13:16 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-29 13:16 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-29 13:16 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-29 13:16 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-29 13:16 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-29 13:16 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-29 13:16 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-29 13:16 - 2014-07-25 07:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-29 13:16 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-29 13:16 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-29 13:16 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-29 13:16 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-29 13:15 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-29 13:15 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-29 13:15 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-29 13:15 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-29 13:15 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-29 13:15 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-29 13:15 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieUserList 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieSiteList 2014-08-29 13:13 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-29 13:13 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-29 13:13 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-08-29 12:42 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-29 12:42 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-29 12:42 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-29 12:42 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-29 12:41 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-29 12:41 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-29 12:41 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-29 12:40 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-29 12:40 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-26 00:11 - 2014-08-26 00:11 - 00077024 _____ () C:\Users\Zach Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-26 00:10 - 2014-08-26 00:10 - 00001409 _____ () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-26 00:10 - 2014-08-26 00:10 - 00000000 ____D () C:\Users\Zach Admin\AppData\Roaming\Adobe 2014-08-26 00:09 - 2014-08-26 00:12 - 00000000 ____D () C:\Users\Zach Admin 2014-08-26 00:09 - 2014-08-26 00:09 - 00000020 ___SH () C:\Users\Zach Admin\ntuser.ini 2014-08-26 00:09 - 2014-08-26 00:09 - 00000000 ____D () C:\Users\Zach Admin\AppData\Local\VirtualStore 2014-08-26 00:09 - 2009-08-28 17:13 - 00000000 ____D () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager 2014-08-26 00:09 - 2009-07-14 00:42 - 00000000 ___RD () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-08-26 00:09 - 2009-07-14 00:37 - 00000000 ___RD () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-08-25 23:54 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-25 23:53 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-25 23:53 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-25 23:52 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-25 23:47 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-08-25 23:47 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-25 23:41 - 2014-08-25 23:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-25 23:41 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-25 23:40 - 2014-08-25 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-25 23:40 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-25 23:40 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-25 23:40 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-25 23:36 - 2014-08-25 23:40 - 00006095 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-08-25 21:06 - 2014-08-25 21:06 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-25 18:45 - 2013-10-01 19:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-08-25 18:44 - 2013-10-01 20:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-08-25 18:44 - 2013-10-01 20:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-25 18:44 - 2013-10-01 20:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-25 18:44 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-08-25 18:44 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-08-25 18:44 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-08-25 18:44 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-08-25 18:44 - 2013-10-01 19:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-08-25 18:44 - 2013-10-01 18:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-08-25 18:44 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-08-25 16:41 - 2014-08-25 16:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-25 16:41 - 2014-08-25 16:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-08-25 16:41 - 2014-08-25 16:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-25 16:39 - 2014-08-25 16:39 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-08-25 16:38 - 2014-08-25 16:38 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-08-25 16:34 - 2014-08-25 16:34 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\Old Firefox Data 2014-08-25 16:32 - 2014-08-25 16:53 - 00015565 _____ () C:\Windows\IE11_main.log 2014-08-25 16:30 - 2014-08-25 17:19 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-08-25 16:29 - 2014-08-25 17:19 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-08-25 16:29 - 2014-08-25 17:19 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-08-25 16:02 - 2013-11-23 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-08-25 16:02 - 2013-10-18 21:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-08-25 16:01 - 2014-08-06 21:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-25 16:01 - 2014-08-06 21:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-25 16:01 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-08-25 16:01 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-08-25 16:01 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-08-25 16:01 - 2014-03-04 05:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-08-25 16:01 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-08-25 16:01 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-08-25 16:01 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-08-25 16:01 - 2013-08-04 21:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-08-25 16:01 - 2013-08-01 21:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-08-25 16:01 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-08-25 16:01 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-08-25 16:01 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-08-25 16:00 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-25 16:00 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-08-25 16:00 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-08-25 16:00 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-08-25 16:00 - 2014-04-04 22:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-08-25 16:00 - 2014-04-04 22:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-08-25 16:00 - 2014-01-23 22:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-08-25 16:00 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-08-25 16:00 - 2013-11-26 07:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-08-25 16:00 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-08-25 16:00 - 2013-10-03 21:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-08-25 16:00 - 2013-10-03 21:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-08-25 16:00 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-08-25 16:00 - 2013-08-27 20:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-08-25 16:00 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-08-25 16:00 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-08-25 16:00 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-08-25 16:00 - 2013-07-04 05:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-08-25 16:00 - 2013-07-02 23:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-08-25 16:00 - 2013-07-02 23:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-08-25 16:00 - 2013-06-06 00:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-08-25 16:00 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-08-25 16:00 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-08-25 16:00 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-08-25 16:00 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-08-25 15:59 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-25 15:59 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-25 15:59 - 2014-02-03 22:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-08-25 15:59 - 2014-02-03 22:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-08-25 15:59 - 2014-02-03 22:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-08-25 15:59 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-08-25 15:59 - 2013-10-05 15:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-08-25 15:59 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-08-25 15:59 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-08-25 15:59 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-08-25 15:59 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-08-25 15:59 - 2013-06-25 18:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-08-25 15:58 - 2014-07-13 21:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-25 15:58 - 2014-06-15 21:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-25 15:58 - 2014-06-15 21:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-25 15:58 - 2014-06-15 21:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-25 15:58 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-08-25 15:58 - 2014-06-03 05:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-25 15:58 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-25 15:58 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-25 15:58 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-08-25 15:58 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-08-25 15:58 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-08-25 15:58 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-08-25 15:58 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-08-25 15:58 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-08-25 15:58 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-08-25 15:58 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-08-25 15:58 - 2014-01-27 22:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-08-25 15:58 - 2013-10-11 22:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-08-25 15:58 - 2013-10-11 22:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-08-25 15:58 - 2013-10-11 22:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-08-25 15:58 - 2013-10-11 22:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-08-25 15:58 - 2013-10-11 22:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-08-25 15:58 - 2013-10-11 21:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-08-25 15:58 - 2013-10-11 21:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-08-25 15:58 - 2013-10-03 21:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-08-25 15:58 - 2013-10-03 21:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-08-25 15:58 - 2013-07-12 06:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2014-08-25 15:58 - 2013-07-12 06:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-08-25 15:58 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-08-25 15:57 - 2014-05-08 05:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-08-25 15:57 - 2014-05-08 05:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-08-25 15:57 - 2013-11-26 21:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-08-25 15:57 - 2013-11-26 21:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-08-25 15:56 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-08-25 15:56 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-08-25 15:56 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-08-25 15:56 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-08-25 15:56 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-08-25 15:56 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-08-25 15:56 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-08-25 15:56 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-08-25 15:56 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-08-25 15:55 - 2013-06-14 23:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-08-25 15:40 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-08-25 15:40 - 2014-04-11 22:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-08-25 15:40 - 2014-04-11 22:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-08-25 15:40 - 2014-04-11 22:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-08-25 15:40 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-08-25 15:40 - 2014-04-11 22:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-08-25 15:40 - 2014-04-11 22:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-08-25 15:40 - 2013-07-04 08:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-02 20:29 - 2002-01-01 01:46 - 00009061 _____ () C:\Users\Aaron's Mini\Desktop\FRST.txt 2014-09-02 20:29 - 2002-01-01 01:14 - 00000000 ____D () C:\FRST 2014-09-02 20:27 - 2011-03-15 17:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-02 20:20 - 2011-03-15 17:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-02 20:12 - 2009-10-15 06:37 - 01695881 _____ () C:\Windows\WindowsUpdate.log 2014-09-02 20:08 - 2009-07-14 00:34 - 00016480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-02 20:08 - 2009-07-14 00:34 - 00016480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-02 20:05 - 2009-07-24 12:11 - 00805740 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-02 20:01 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-01 19:51 - 2014-09-01 19:51 - 00007325 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results 2.txt 2014-09-01 19:49 - 2014-08-29 13:48 - 00007325 _____ () C:\zoek-results.log 2014-09-01 19:48 - 2010-07-09 19:10 - 00272076 _____ () C:\Windows\PFRO.log 2014-09-01 19:26 - 2014-08-29 13:40 - 00000000 ____D () C:\zoek_backup 2014-09-01 19:26 - 2009-12-27 17:34 - 00000000 ____D () C:\Users\Aaron's Mini 2014-09-01 19:03 - 2014-09-01 19:31 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-09-01 19:00 - 2014-09-01 19:02 - 01288704 _____ () C:\Users\Aaron's Mini\Desktop\zoek.exe 2014-09-01 18:45 - 2014-09-01 18:12 - 00000000 ____D () C:\ComboFix 2014-09-01 18:44 - 2014-09-01 18:44 - 00018271 _____ () C:\ComboFix.txt 2014-09-01 18:44 - 2014-09-01 15:48 - 00000000 ____D () C:\Qoobox 2014-09-01 18:36 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini 2014-09-01 17:58 - 2014-09-01 17:58 - 00004313 _____ () C:\Users\Aaron's Mini\Desktop\FSS_2.txt 2014-09-01 17:56 - 2014-09-01 17:19 - 00004313 _____ () C:\Users\Aaron's Mini\Desktop\FSS.txt 2014-09-01 17:34 - 2014-09-01 17:33 - 00000000 ____D () C:\Users\Public\Desktop\CC Support 2014-09-01 17:32 - 2014-09-01 17:33 - 04009167 _____ () C:\Users\Aaron's Mini\Desktop\ServicesRepair.exe 2014-09-01 17:15 - 2014-09-01 17:14 - 00025226 _____ () C:\Users\Aaron's Mini\Desktop\Result.txt 2014-09-01 17:11 - 2014-09-01 17:13 - 00415232 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\FSS.exe 2014-09-01 17:11 - 2014-09-01 17:13 - 00401920 _____ (Farbar) C:\Users\Aaron's Mini\Desktop\MiniToolBox.exe 2014-09-01 16:34 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public 2014-09-01 16:30 - 2014-09-01 15:47 - 00000000 ____D () C:\Windows\erdnt 2014-09-01 16:23 - 2009-07-13 22:03 - 44040192 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 13107200 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-09-01 16:23 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-09-01 16:20 - 2009-08-28 16:04 - 00000000 ____D () C:\Program Files\HP 2014-09-01 16:04 - 2009-10-15 07:24 - 00000177 ____H () C:\dvmexp.idx 2014-09-01 15:53 - 2009-07-14 00:39 - 00041938 _____ () C:\Windows\setupact.log 2014-09-01 15:47 - 2014-09-01 15:44 - 00000000 ____D () C:\Users\Aaron's Mini\AppData\Roaming\Free Download Manager 2014-09-01 15:44 - 2014-09-01 15:45 - 05576326 ____R (Swearware) C:\Users\Aaron's Mini\Desktop\ComboFix.exe 2014-09-01 15:44 - 2014-09-01 15:44 - 05576326 _____ (Swearware) C:\Users\Aaron's Mini\Downloads\ComboFix.exe 2014-09-01 15:42 - 2014-09-01 15:42 - 00001021 _____ () C:\Users\Aaron's Mini\Desktop\Free Download Manager.lnk 2014-09-01 15:41 - 2014-09-01 15:41 - 00000000 ____D () C:\Program Files\RocketTab 2014-09-01 15:38 - 2014-09-01 15:38 - 00245112 _____ (Software Installer ) C:\Users\Aaron's Mini\Downloads\Setup.exe 2014-09-01 11:43 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache 2014-09-01 10:57 - 2014-09-01 10:57 - 00392503 _____ () C:\Users\Aaron's Mini\Desktop\GMERlog.log 2014-09-01 09:03 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-01 08:36 - 2014-09-01 10:24 - 00380416 _____ () C:\Users\Aaron's Mini\Desktop\9wlrvzxt.exe 2014-09-01 08:36 - 2014-09-01 08:36 - 00380416 _____ () C:\Users\Aaron's Mini\Downloads\9wlrvzxt.exe 2014-09-01 08:35 - 2014-09-01 08:35 - 00007803 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results_9-1-14.txt 2014-09-01 08:34 - 2014-09-01 19:04 - 00007803 _____ () C:\zoek-results2014-09-01-123435.log 2014-08-30 07:58 - 2009-07-14 00:33 - 00311600 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-29 14:03 - 2014-08-29 14:03 - 00048719 _____ () C:\Users\Aaron's Mini\Desktop\zoek-results.txt 2014-08-29 14:00 - 2014-09-01 08:02 - 00048719 _____ () C:\zoek-results2014-08-29-180035.log 2014-08-29 13:39 - 2014-08-29 13:38 - 01288704 _____ () C:\Users\Aaron's Mini\Downloads\zoek.exe 2014-08-29 13:23 - 2002-01-01 00:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieUserList 2014-08-29 13:14 - 2014-08-29 13:14 - 00000000 __SHD () C:\Users\Aaron's Mini\AppData\Local\EmieSiteList 2014-08-26 00:47 - 2009-08-28 15:34 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-08-26 00:43 - 2009-08-28 15:32 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2014-08-26 00:39 - 2009-08-28 17:48 - 00000000 ____D () C:\ProgramData\CyberLink 2014-08-26 00:31 - 2010-07-11 15:38 - 00000000 ____D () C:\Users\Aaron's Mini\AppData\Local\Yahoo 2014-08-26 00:12 - 2014-08-26 00:09 - 00000000 ____D () C:\Users\Zach Admin 2014-08-26 00:11 - 2014-08-26 00:11 - 00077024 _____ () C:\Users\Zach Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-26 00:10 - 2014-08-26 00:10 - 00001409 _____ () C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-26 00:10 - 2014-08-26 00:10 - 00000000 ____D () C:\Users\Zach Admin\AppData\Roaming\Adobe 2014-08-26 00:09 - 2014-08-26 00:09 - 00000020 ___SH () C:\Users\Zach Admin\ntuser.ini 2014-08-26 00:09 - 2014-08-26 00:09 - 00000000 ____D () C:\Users\Zach Admin\AppData\Local\VirtualStore 2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-25 23:41 - 2014-08-25 23:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-25 23:40 - 2014-08-25 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-25 23:40 - 2014-08-25 23:36 - 00006095 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-08-25 23:40 - 2013-08-10 16:40 - 00000000 ____D () C:\Program Files\Java 2014-08-25 21:06 - 2014-08-25 21:06 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-25 19:12 - 2013-08-11 15:27 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-25 17:19 - 2014-08-25 16:30 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-08-25 17:19 - 2014-08-25 16:29 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-08-25 17:19 - 2014-08-25 16:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-08-25 16:53 - 2014-08-25 16:32 - 00015565 _____ () C:\Windows\IE11_main.log 2014-08-25 16:41 - 2014-08-25 16:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-08-25 16:41 - 2014-08-25 16:41 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-25 16:41 - 2014-08-25 16:41 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-08-25 16:41 - 2014-08-25 16:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-25 16:41 - 2014-08-25 16:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-25 16:41 - 2014-08-25 16:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-25 16:39 - 2014-08-25 16:39 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-08-25 16:39 - 2014-08-25 16:39 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-08-25 16:38 - 2014-08-25 16:38 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-08-25 16:34 - 2014-08-25 16:34 - 00000000 ____D () C:\Users\Aaron's Mini\Desktop\Old Firefox Data 2014-08-22 21:46 - 2014-08-29 13:13 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-22 20:42 - 2014-08-29 13:13 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-06 21:43 - 2014-08-25 16:01 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-06 21:39 - 2014-08-25 16:01 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Aaron's Mini\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Aaron's Mini\AppData\Local\Temp\System.Data.SQLite16361.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-29 14:47 ==================== End Of Log ============================ ______________ FSS log: Farbar Service Scanner Version: 21-07-2014 Ran by Aaron's Mini (administrator) on 02-09-2014 at 20:36:44 Running from "C:\Users\Aaron's Mini\Desktop" Microsoft Windows 7 Starter Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is set to Disabled. The default start type is Auto. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is set to Disabled. The default start type is Auto. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is unreachable Attempt to access Google.com returned error: Other errors Attempt to access Yahoo.com returned error: Other errors IE proxy is enabled. ProxyServer: http=127.0.0.1:49166;https=127.0.0.1:49166 Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is set to Disabled. The default start type is 3. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is set to Disabled. The default start type is Auto. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => File is digitally signed C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\system32\dhcpcore.dll => File is digitally signed C:\Windows\system32\Drivers\afd.sys => File is digitally signed C:\Windows\system32\Drivers\tdx.sys => File is digitally signed C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed C:\Windows\system32\dnsrslvr.dll => File is digitally signed C:\Windows\system32\mpssvc.dll => File is digitally signed C:\Windows\system32\bfe.dll => File is digitally signed C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\system32\SDRSVC.dll => File is digitally signed C:\Windows\system32\vssvc.exe => File is digitally signed C:\Windows\system32\wscsvc.dll => File is digitally signed C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\system32\wuaueng.dll => File is digitally signed C:\Windows\system32\qmgr.dll => File is digitally signed C:\Windows\system32\es.dll => File is digitally signed C:\Windows\system32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\system32\ipnathlp.dll => File is digitally signed C:\Windows\system32\iphlpsvc.dll => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed **** End of log ****

Zoek.exe v5.0.0.0 Updated 06-August-2014 Tool run by Aaron's Mini on Mon 09/01/2014 at 19:03:28.16. Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Aaron's Mini\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-08-29-180035.log 48719 bytes C:\zoek-results2014-09-01-123435.log 7803 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager deleted C:\Users\Aaron's Mini\Searches deleted "C:\Program Files\Free Download Manager\fdm.exe" deleted "C:\Program Files\Free Download Manager\fdmbtsupp.dll" deleted "C:\Program Files\Free Download Manager\fdmcs.dat" deleted "C:\Program Files\Free Download Manager" deleted "C:\Program Files\SearchProtect" deleted "C:\Program Files\SearchProtect" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\AARON'~1\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033 - Undetermined - C:\Program Files\Free Download Manager\Firefox\Extension - Undetermined - %ProfilePath%\extensions\fdm_ffext@freedownloadmanager.org AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033 14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U67 0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1 AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 546ED69C34E82F2326D17508D3768F4A - C:\Program Files\Download Manager\npfpdlm.dll - IGN Download Manager Plug-in 93A6E62490C778FE0F8F61D246218998 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{91AD80FB-29E7-463C-8ABC-671586442A42}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en" {89022F4C-44A1-4FDE-A12D-C4835266CC16} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=HPNTDF" {91AD80FB-29E7-463C-8ABC-671586442A42} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADSA_enUS423" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-147099939-99406921-2600037334-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} deleted successfully HKEY_CLASSES_ROOT\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:49169;https=127.0.0.1:49169" "ProxyOverride"="<-loopback>" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Free Download Manager_is1 deleted successfully ==== Empty IE Cache ====================== C:\Users\Aaron's Mini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Aaron's Mini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Zach Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Aaron's Mini\AppData\Local\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\Cache emptied successfully C:\Users\Aaron's Mini\AppData\Local\Mozilla\Firefox\Profiles\6suhuphw.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=243 folders=22 35872119 bytes) ==== Empty Temp Folders ====================== C:\Users\Aaron's Mini\AppData\Local\temp will be emptied at reboot C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\Zach Admin\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\AARON'~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Mon 09/01/2014 at 19:49:56.02 ======================

ComboFix 14-08-31.01 - Aaron's Mini 09/01/2014 18:17:11.2.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1015.478 [GMT -4:00] Running from: c:\users\Aaron's Mini\Desktop\ComboFix.exe Command switches used :: c:\users\Aaron's Mini\Desktop\CFScript.txt AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2014-08-01 to 2014-09-01 ))))))))))))))))))))))))))))))) . . 2014-09-01 22:33 . 2014-09-01 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-01 22:10 . 2014-09-01 22:10 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A7BBE1-6AA5-401F-B9C9-627166692FFE}\MpKsl03246042.sys 2014-09-01 21:37 . 2014-09-01 21:37 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A7BBE1-6AA5-401F-B9C9-627166692FFE}\offreg.dll 2014-09-01 20:22 . 2014-09-01 22:36 -------- d-----w- c:\users\Aaron's Mini\AppData\Local\temp 2014-09-01 19:44 . 2014-09-01 19:47 -------- d-----w- c:\users\Aaron's Mini\AppData\Roaming\Free Download Manager 2014-09-01 19:42 . 2014-09-01 19:42 -------- d-----w- c:\program files\Free Download Manager 2014-09-01 19:41 . 2014-09-01 19:41 -------- d-----w- c:\program files\SearchProtect 2014-09-01 19:41 . 2014-09-01 19:41 -------- d-----w- c:\program files\RocketTab 2014-09-01 12:32 . 2014-09-01 11:59 24064 ----a-w- c:\windows\zoek-delete.exe 2014-09-01 12:08 . 2014-08-21 15:24 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A7BBE1-6AA5-401F-B9C9-627166692FFE}\mpengine.dll 2014-08-29 17:44 . 2014-08-14 15:30 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-08-29 17:44 . 2014-08-14 15:30 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6F785A5-5D19-47E0-956E-899E3D271307}\gapaengine.dll 2014-08-29 17:40 . 2014-09-01 12:28 -------- d-----w- C:\zoek_backup 2014-08-29 17:40 . 2014-08-21 15:24 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-08-29 17:15 . 2014-07-25 11:07 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-08-29 17:15 . 2014-07-25 12:30 61952 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-08-29 17:15 . 2014-07-25 11:34 752640 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2014-08-29 17:15 . 2014-07-25 12:08 597504 ----a-w- c:\windows\system32\jscript9diag.dll 2014-08-29 17:15 . 2014-07-25 12:06 4204032 ----a-w- c:\windows\system32\jscript9.dll 2014-08-29 17:15 . 2014-07-25 12:53 10747392 ----a-w- c:\program files\Internet Explorer\F12Resources.dll 2014-08-29 17:14 . 2014-08-29 17:14 -------- d-sh--w- c:\users\Aaron's Mini\AppData\Local\EmieUserList 2014-08-29 17:14 . 2014-08-29 17:14 -------- d-sh--w- c:\users\Aaron's Mini\AppData\Local\EmieSiteList 2014-08-29 17:13 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys 2014-08-29 17:13 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll 2014-08-29 17:13 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll 2014-08-29 16:42 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll 2014-08-29 16:42 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe 2014-08-29 16:42 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll 2014-08-29 16:42 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll 2014-08-29 16:41 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll 2014-08-29 16:41 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll 2014-08-29 16:41 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll 2014-08-29 16:40 . 2014-05-14 13:23 179656 ----a-w- c:\windows\system32\wuwebv.dll 2014-08-29 16:40 . 2014-05-14 13:17 33792 ----a-w- c:\windows\system32\wuapp.exe 2014-08-26 04:09 . 2014-08-26 04:12 -------- d-----w- c:\users\Zach Admin 2014-08-26 03:54 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-26 03:53 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-26 03:53 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe 2014-08-26 03:52 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-26 03:47 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2014-08-26 03:46 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2014-08-26 03:42 . 2014-08-26 03:42 -------- d-----w- c:\programdata\Oracle 2014-08-26 03:41 . 2014-08-26 03:41 -------- d-----w- c:\program files\Common Files\Java 2014-08-26 03:40 . 2014-07-25 16:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-08-26 01:06 . 2014-08-26 01:06 -------- d-s---w- c:\windows\system32\CompatTel 2014-08-25 22:45 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll 2014-08-25 22:44 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-25 22:44 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys 2014-08-25 22:44 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-25 22:44 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll 2014-08-25 22:44 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll 2014-08-25 22:44 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll 2014-08-25 22:44 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll 2014-08-25 22:44 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe 2014-08-25 22:44 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe 2014-08-25 22:44 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe 2014-08-25 22:25 . 2014-08-25 22:25 -------- d-----w- c:\windows\Migration 2014-08-25 20:39 . 2014-08-25 20:39 640512 ----a-w- c:\windows\system32\advapi32.dll 2014-08-25 20:39 . 2014-08-25 20:39 619520 ----a-w- c:\windows\system32\tdh.dll 2014-08-25 20:39 . 2014-08-25 20:39 1289096 ----a-w- c:\windows\system32\ntdll.dll 2014-08-25 20:38 . 2014-08-25 20:38 231424 ----a-w- c:\windows\system32\mswsock.dll 2014-08-25 20:29 . 2014-08-25 21:19 -------- d-----w- c:\program files\Microsoft Security Client 2014-08-25 20:02 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll 2014-08-25 20:02 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll 2014-08-25 20:00 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll 2014-08-25 19:59 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll 2014-08-25 19:59 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll 2014-08-25 19:59 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2014-08-25 19:59 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll 2014-08-25 19:59 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2014-08-25 19:59 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll 2014-08-25 19:59 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys 2014-08-25 19:59 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2014-08-25 19:59 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2014-08-25 19:59 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll 2014-08-25 19:59 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-08-25 19:59 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll 2014-08-25 19:57 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2014-08-25 19:57 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2014-08-25 19:57 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2014-08-25 19:57 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys 2014-08-25 19:57 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2014-08-25 19:57 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2014-08-25 19:57 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys 2014-08-25 19:57 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll 2014-08-25 19:57 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-08-25 19:56 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2014-08-25 19:56 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe 2014-08-25 19:56 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe 2014-08-25 19:56 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2014-08-25 19:56 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2014-08-25 19:56 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll 2014-08-25 19:56 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll 2014-08-25 19:56 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll 2014-08-25 19:56 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll 2014-08-25 19:55 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2014-08-25 19:40 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll 2014-08-25 19:40 . 2014-04-12 02:15 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2014-08-25 19:40 . 2013-07-04 12:16 369848 ----a-w- c:\windows\system32\drivers\cng.sys 2014-08-25 19:40 . 2014-04-12 02:15 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2014-08-25 19:40 . 2014-04-12 02:12 15872 ----a-w- c:\windows\system32\sspisrv.dll 2014-08-25 19:40 . 2014-04-12 02:12 100352 ----a-w- c:\windows\system32\sspicli.dll 2014-08-25 19:40 . 2014-04-12 02:12 22016 ----a-w- c:\windows\system32\secur32.dll 2014-08-25 19:40 . 2014-04-12 02:11 22528 ----a-w- c:\windows\system32\lsass.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-29 17:23 . 2002-01-01 04:25 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2011-12-16 15:16 . 2011-12-16 15:16 1008141 ----a-w- c:\program files\rKill.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-15 39408] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2014-05-09 6983168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "WallpaperStyle"= 2 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2014-03-11 14:13 951576 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920] R4 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584] R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032] S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984] S1 MpKsl03246042;MpKsl03246042;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A7BBE1-6AA5-401F-B9C9-627166692FFE}\MpKsl03246042.sys [2014-09-01 39464] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-04-28 50688] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc . Contents of the 'Scheduled Tasks' folder . 2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 21:30] . 2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 21:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = http=127.0.0.1:49169;https=127.0.0.1:49169 uInternet Settings,ProxyOverride = <-loopback> IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB FF - ProfilePath - c:\users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\RocketTab\Client.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\WerFault.exe c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE . ************************************************************************** . Completion time: 2014-09-01 18:44:18 - machine was rebooted ComboFix-quarantined-files.txt 2014-09-01 22:44 ComboFix2.txt 2014-09-01 20:34 . Pre-Run: 108,229,029,888 bytes free Post-Run: 108,156,440,576 bytes free . - - End Of File - - F6F01899E8364C1303DC6CE7BB109B52 D645DD0274F8F5C9F4843DEC2A01384F

Farbar Service Scanner Version: 21-07-2014 Ran by Aaron's Mini (administrator) on 01-09-2014 at 17:56:23 Running from "C:\Users\Aaron's Mini\Desktop" Microsoft Windows 7 Starter Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is set to Disabled. The default start type is Auto. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is set to Disabled. The default start type is Auto. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is unreachable Attempt to access Google.com returned error: Other errors Attempt to access Yahoo.com returned error: Other errors IE proxy is enabled. ProxyServer: http=127.0.0.1:49163;https=127.0.0.1:49163 Windows Firewall: ============= MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is OK. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK. Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is set to Disabled. The default start type is 3. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is set to Disabled. The default start type is Auto. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => File is digitally signed C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\system32\dhcpcore.dll => File is digitally signed C:\Windows\system32\Drivers\afd.sys => File is digitally signed C:\Windows\system32\Drivers\tdx.sys => File is digitally signed C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed C:\Windows\system32\dnsrslvr.dll => File is digitally signed C:\Windows\system32\mpssvc.dll => File is digitally signed C:\Windows\system32\bfe.dll => File is digitally signed C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\system32\SDRSVC.dll => File is digitally signed C:\Windows\system32\vssvc.exe => File is digitally signed C:\Windows\system32\wscsvc.dll => File is digitally signed C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\system32\wuaueng.dll => File is digitally signed C:\Windows\system32\qmgr.dll => File is digitally signed C:\Windows\system32\es.dll => File is digitally signed C:\Windows\system32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\system32\ipnathlp.dll => File is digitally signed C:\Windows\system32\iphlpsvc.dll => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed **** End of log ****

Log Opened: 2014-09-01 @ 17:34:03 17:34:03 - ----------------- 17:34:03 - | Begin Logging | 17:34:03 - ----------------- 17:34:03 - Fix started on a WIN_7 X86 computer 17:34:03 - Prep in progress. Please Wait. 17:34:10 - Prep complete 17:34:10 - Repairing Services Now. Please wait... INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc> SetACL finished successfully. INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore. INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl' INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters> INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv> SetACL finished successfully. 17:34:13 - Services Repair Complete. 17:34:16 - Reboot Initiated

Minitoolbox log: MiniToolBox by Farbar Version: 21-07-2014 Ran by Aaron's Mini (administrator) on 01-09-2014 at 17:14:50 Running from "C:\Users\Aaron's Mini\Desktop" Microsoft Windows 7 Starter Service Pack 1 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Could not flush the DNS Resolver Cache: Function failed during execution. ========================= IE Proxy Settings: ============================== Proxy is enabled. ProxyServer: http=127.0.0.1:49176;https=127.0.0.1:49176 "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Broadcom 802.11b/g WLAN = Wireless Network Connection (Connected) Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : AaronsMini-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20) Physical Address. . . . . . . . . : 18-A9-05-8D-DC-EF DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{07D10F77-0495-41FD-B6C5-D7E2FB9502D6}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 127.0.0.1 Ping request could not find host google.com. Please check the name and try again. Server: UnKnown Address: 127.0.0.1 Ping request could not find host yahoo.com. Please check the name and try again. Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 10...18 a9 05 8d dc ef ......Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20) 1...........................Software Loopback Interface 1 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 1 306 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation) Catalog5 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog5 07 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (09/01/2014 04:42:23 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Operation: Subscribing Writer Context: Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {e102793d-025f-4a5d-8f0d-77f238e85ddb} Error: (09/01/2014 04:42:23 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Subscribing Writer Context: Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {e102793d-025f-4a5d-8f0d-77f238e85ddb} Error: (09/01/2014 04:24:51 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Operation: Subscribing Writer Context: Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {bbf46f53-79b7-4eb5-829c-c1477df5a0ba} Error: (09/01/2014 04:24:51 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Subscribing Writer Context: Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {bbf46f53-79b7-4eb5-829c-c1477df5a0ba} Error: (09/01/2014 04:00:17 PM) (Source: System Restore) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x80042302). Error: (09/01/2014 04:00:17 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Error: (09/01/2014 04:00:17 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} and name Coordinator cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Error: (09/01/2014 04:00:17 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Operation: Instantiating VSS server Error: (09/01/2014 04:00:17 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Instantiating VSS server Error: (09/01/2014 11:37:01 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. System errors: ============= Error: (09/01/2014 05:14:33 PM) (Source: Service Control Manager) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1058 Error: (09/01/2014 05:14:33 PM) (Source: Service Control Manager) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1058 Error: (09/01/2014 05:14:33 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1058 Error: (09/01/2014 05:13:55 PM) (Source: Service Control Manager) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1058 Error: (09/01/2014 05:13:55 PM) (Source: Service Control Manager) (User: ) Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1058 Error: (09/01/2014 05:13:54 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1058 Error: (09/01/2014 05:13:54 PM) (Source: DCOM) (User: ) Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89} Error: (09/01/2014 04:59:27 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1058 Error: (09/01/2014 04:59:27 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1058 Error: (09/01/2014 04:52:25 PM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1058 Microsoft Office Sessions: ========================= Error: (09/01/2014 04:42:23 PM) (Source: VSS)(User: ) Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Subscribing Writer Context: Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {e102793d-025f-4a5d-8f0d-77f238e85ddb} Error: (09/01/2014 04:42:23 PM) (Source: VSS)(User: ) Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Subscribing Writer Context: Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {e102793d-025f-4a5d-8f0d-77f238e85ddb} Error: (09/01/2014 04:24:51 PM) (Source: VSS)(User: ) Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Subscribing Writer Context: Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {bbf46f53-79b7-4eb5-829c-c1477df5a0ba} Error: (09/01/2014 04:24:51 PM) (Source: VSS)(User: ) Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Subscribing Writer Context: Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {bbf46f53-79b7-4eb5-829c-c1477df5a0ba} Error: (09/01/2014 04:00:17 PM) (Source: System Restore)(User: ) Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x80042302 Error: (09/01/2014 04:00:17 PM) (Source: VSS)(User: ) Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (09/01/2014 04:00:17 PM) (Source: VSS)(User: ) Description: {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f}Coordinator0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (09/01/2014 04:00:17 PM) (Source: VSS)(User: ) Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Instantiating VSS server Error: (09/01/2014 04:00:17 PM) (Source: VSS)(User: ) Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Operation: Instantiating VSS server Error: (09/01/2014 11:37:01 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 =========================== Installed Programs ============================ Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.) Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.) ArcSoft WebCam Companion 3 (HKLM\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.355 - ArcSoft) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.5 - Atheros Communications Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation) Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Download Manager 2.3.10 (HKLM\...\Download Manager) (Version: 2.3.10 - IGN Entertainment, Inc.) Free Download Manager 3.9.4 (HKLM\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden Homepage Protection (HKLM\...\Homepage Protection) (Version: - AOL Products) HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent) HP Instant Web (HKLM\...\{53F08287-443D-4FC0-B74D-1169B6B9A71C}) (Version: 1.0.5.0 - DeviceVM, Inc.) HP Setup (HKLM\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard) HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard) HP User Guides 0166 (HKLM\...\{11B7161D-3461-40CD-B31F-84065AC84A4E}) (Version: 1.00.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6217.0 - IDT) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - ) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden PowerRecover (Version: 5.5.1923 - CyberLink Corp.) Hidden Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.) RocketTab (HKLM\...\RocketTab) (Version: - RocketTab) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Trojan Killer 2.1 (HKLM\...\{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1) (Version: - GridinSoft, Inc.) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) X-Com Apocalypse (HKLM\...\X-Com Apocalypse) (Version: 1.00 - 2K Games) X-Com Terror From the Deep (HKLM\...\X-Com Terror From the Deep) (Version: 1.00 - 2K Games) ========================= Devices: ================================ Name: HP Webcam-50 Description: USB Video Device Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: usbvideo Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ========================= Memory info: =================================== Percentage of memory in use: 50% Total physical RAM: 1015.3 MB Available physical RAM: 506.13 MB Total Pagefile: 2039.3 MB Available Pagefile: 1514.91 MB Total Virtual: 2047.88 MB Available Virtual: 1942.31 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:137.47 GB) (Free:100.83 GB) NTFS 2 Drive d: (RECOVERY) (Fixed) (Total:11.38 GB) (Free:1.91 GB) NTFS 3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.6 GB) FAT32 ========================= Users: ======================================== User accounts for \\ Aaron's Mini Administrator Guest Zach Admin ========================= Minidump Files ================================== No minidump file found **** End of log **** ______________________________ FSS log: Farbar Service Scanner Version: 21-07-2014 Ran by Aaron's Mini (administrator) on 01-09-2014 at 17:19:34 Running from "C:\Users\Aaron's Mini\Desktop" Microsoft Windows 7 Starter Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is set to Disabled. The default start type is Auto. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is set to Disabled. The default start type is Auto. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is unreachable Attempt to access Google.com returned error: Other errors Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is set to Disabled. The default start type is Auto. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK. bfe Service is not running. Checking service configuration: The start type of bfe service is set to Disabled. The default start type is Auto. The ImagePath of bfe service is OK. The ServiceDll of bfe service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is set to Disabled. The default start type is 3. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is set to Disabled. The default start type is Auto. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => File is digitally signed C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\system32\dhcpcore.dll => File is digitally signed C:\Windows\system32\Drivers\afd.sys => File is digitally signed C:\Windows\system32\Drivers\tdx.sys => File is digitally signed C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed C:\Windows\system32\dnsrslvr.dll => File is digitally signed C:\Windows\system32\mpssvc.dll => File is digitally signed C:\Windows\system32\bfe.dll => File is digitally signed C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\system32\SDRSVC.dll => File is digitally signed C:\Windows\system32\vssvc.exe => File is digitally signed C:\Windows\system32\wscsvc.dll => File is digitally signed C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\system32\wuaueng.dll => File is digitally signed C:\Windows\system32\qmgr.dll => File is digitally signed C:\Windows\system32\es.dll => File is digitally signed C:\Windows\system32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\system32\ipnathlp.dll => File is digitally signed C:\Windows\system32\iphlpsvc.dll => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed **** End of log ****

I lost internet connectivity and am unable to get it back using the given instructions. But, here is the combofix log: ComboFix 14-08-31.01 - Aaron's Mini 09/01/2014 16:04:57.1.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1015.341 [GMT -4:00] Running from: c:\users\Aaron's Mini\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\HP\HPBTWD.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_CltMngSvc . . ((((((((((((((((((((((((( Files Created from 2014-08-01 to 2014-09-01 ))))))))))))))))))))))))))))))) . . 2014-09-01 19:57 . 2014-09-01 19:57 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A7BBE1-6AA5-401F-B9C9-627166692FFE}\offreg.dll 2014-09-01 19:56 . 2014-09-01 19:56 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A7BBE1-6AA5-401F-B9C9-627166692FFE}\MpKsl69d2259d.sys 2014-09-01 19:44 . 2014-09-01 19:47 -------- d-----w- c:\users\Aaron's Mini\AppData\Roaming\Free Download Manager 2014-09-01 19:42 . 2014-09-01 19:42 -------- d-----w- c:\program files\Free Download Manager 2014-09-01 19:41 . 2014-09-01 19:41 -------- d-----w- c:\program files\SearchProtect 2014-09-01 19:41 . 2014-09-01 19:41 -------- d-----w- c:\program files\RocketTab 2014-09-01 12:32 . 2014-09-01 11:59 24064 ----a-w- c:\windows\zoek-delete.exe 2014-09-01 12:08 . 2014-08-21 15:24 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A7BBE1-6AA5-401F-B9C9-627166692FFE}\mpengine.dll 2014-08-29 17:44 . 2014-08-14 15:30 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-08-29 17:44 . 2014-08-14 15:30 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6F785A5-5D19-47E0-956E-899E3D271307}\gapaengine.dll 2014-08-29 17:40 . 2014-09-01 12:28 -------- d-----w- C:\zoek_backup 2014-08-29 17:40 . 2014-08-21 15:24 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-08-29 17:15 . 2014-07-25 11:07 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-08-29 17:15 . 2014-07-25 12:30 61952 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-08-29 17:15 . 2014-07-25 11:34 752640 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2014-08-29 17:15 . 2014-07-25 12:08 597504 ----a-w- c:\windows\system32\jscript9diag.dll 2014-08-29 17:15 . 2014-07-25 12:06 4204032 ----a-w- c:\windows\system32\jscript9.dll 2014-08-29 17:15 . 2014-07-25 12:53 10747392 ----a-w- c:\program files\Internet Explorer\F12Resources.dll 2014-08-29 17:14 . 2014-08-29 17:14 -------- d-sh--w- c:\users\Aaron's Mini\AppData\Local\EmieUserList 2014-08-29 17:14 . 2014-08-29 17:14 -------- d-sh--w- c:\users\Aaron's Mini\AppData\Local\EmieSiteList 2014-08-29 17:13 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys 2014-08-29 17:13 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll 2014-08-29 17:13 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll 2014-08-29 16:42 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll 2014-08-29 16:42 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe 2014-08-29 16:42 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll 2014-08-29 16:42 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll 2014-08-29 16:41 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll 2014-08-29 16:41 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll 2014-08-29 16:41 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll 2014-08-29 16:40 . 2014-05-14 13:23 179656 ----a-w- c:\windows\system32\wuwebv.dll 2014-08-29 16:40 . 2014-05-14 13:17 33792 ----a-w- c:\windows\system32\wuapp.exe 2014-08-26 04:09 . 2014-08-26 04:12 -------- d-----w- c:\users\Zach Admin 2014-08-26 03:54 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-26 03:53 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-26 03:53 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe 2014-08-26 03:52 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-26 03:47 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2014-08-26 03:46 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2014-08-26 03:42 . 2014-08-26 03:42 -------- d-----w- c:\programdata\Oracle 2014-08-26 03:41 . 2014-08-26 03:41 -------- d-----w- c:\program files\Common Files\Java 2014-08-26 03:40 . 2014-07-25 16:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-08-26 01:06 . 2014-08-26 01:06 -------- d-s---w- c:\windows\system32\CompatTel 2014-08-25 22:45 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll 2014-08-25 22:44 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-25 22:44 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys 2014-08-25 22:44 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-25 22:44 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll 2014-08-25 22:44 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll 2014-08-25 22:44 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll 2014-08-25 22:44 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll 2014-08-25 22:44 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe 2014-08-25 22:44 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe 2014-08-25 22:44 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe 2014-08-25 22:25 . 2014-08-25 22:25 -------- d-----w- c:\windows\Migration 2014-08-25 20:39 . 2014-08-25 20:39 640512 ----a-w- c:\windows\system32\advapi32.dll 2014-08-25 20:39 . 2014-08-25 20:39 619520 ----a-w- c:\windows\system32\tdh.dll 2014-08-25 20:39 . 2014-08-25 20:39 1289096 ----a-w- c:\windows\system32\ntdll.dll 2014-08-25 20:38 . 2014-08-25 20:38 231424 ----a-w- c:\windows\system32\mswsock.dll 2014-08-25 20:29 . 2014-08-25 21:19 -------- d-----w- c:\program files\Microsoft Security Client 2014-08-25 20:02 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll 2014-08-25 20:02 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll 2014-08-25 20:00 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll 2014-08-25 19:59 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll 2014-08-25 19:59 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll 2014-08-25 19:59 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2014-08-25 19:59 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll 2014-08-25 19:59 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2014-08-25 19:59 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll 2014-08-25 19:59 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys 2014-08-25 19:59 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2014-08-25 19:59 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2014-08-25 19:59 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll 2014-08-25 19:59 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-08-25 19:59 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll 2014-08-25 19:57 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2014-08-25 19:57 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys 2014-08-25 19:57 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2014-08-25 19:57 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys 2014-08-25 19:57 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2014-08-25 19:57 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2014-08-25 19:57 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys 2014-08-25 19:57 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll 2014-08-25 19:57 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-08-25 19:56 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2014-08-25 19:56 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe 2014-08-25 19:56 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe 2014-08-25 19:56 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2014-08-25 19:56 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2014-08-25 19:56 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll 2014-08-25 19:56 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll 2014-08-25 19:56 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll 2014-08-25 19:56 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll 2014-08-25 19:55 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2014-08-25 19:40 . 2014-06-05 14:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll 2014-08-25 19:40 . 2014-04-12 02:15 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2014-08-25 19:40 . 2013-07-04 12:16 369848 ----a-w- c:\windows\system32\drivers\cng.sys 2014-08-25 19:40 . 2014-04-12 02:15 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2014-08-25 19:40 . 2014-04-12 02:12 15872 ----a-w- c:\windows\system32\sspisrv.dll 2014-08-25 19:40 . 2014-04-12 02:12 100352 ----a-w- c:\windows\system32\sspicli.dll 2014-08-25 19:40 . 2014-04-12 02:12 22016 ----a-w- c:\windows\system32\secur32.dll 2014-08-25 19:40 . 2014-04-12 02:11 22528 ----a-w- c:\windows\system32\lsass.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-01 20:28 . 2014-09-01 20:28 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A7BBE1-6AA5-401F-B9C9-627166692FFE}\MpKslf49e77fe.sys 2014-08-29 17:23 . 2002-01-01 04:25 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2011-12-16 15:16 . 2011-12-16 15:16 1008141 ----a-w- c:\program files\rKill.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-15 39408] "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2014-05-09 6983168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "WallpaperStyle"= 2 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2014-03-11 14:13 951576 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920] R4 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584] R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032] S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984] S1 MpKsl69d2259d;MpKsl69d2259d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A7BBE1-6AA5-401F-B9C9-627166692FFE}\MpKsl69d2259d.sys [2014-09-01 39464] S1 MpKslf49e77fe;MpKslf49e77fe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2A7BBE1-6AA5-401F-B9C9-627166692FFE}\MpKslf49e77fe.sys [2014-09-01 39464] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-04-28 50688] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLF49E77FE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc . Contents of the 'Scheduled Tasks' folder . 2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 21:30] . 2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-15 21:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = http=127.0.0.1:49163;https=127.0.0.1:49163 IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB FF - ProfilePath - c:\users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe AddRemove-X-Com UFO Defense - c:\users\Aaron's Mini\Desktop\X-Com UFO Defense\Uninstall.exe AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\RocketTab\Client.exe c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Completion time: 2014-09-01 16:34:52 - machine was rebooted ComboFix-quarantined-files.txt 2014-09-01 20:34 . Pre-Run: 108,894,343,168 bytes free Post-Run: 108,166,696,960 bytes free . - - End Of File - - 8BCB02A1A15A91B3458E46A8D645048A D645DD0274F8F5C9F4843DEC2A01384F

The GMER log file was too long by itself. I know you in your directions you stated to post contents only, but this won't seem to work in this circumstance. I've attached the log file. GMERlog.log

Naat, Finally done! The forum is requiring that I shorten the post, so I broke the the two log files into two separate posts. Zoek.exe v5.0.0.0 Updated 31-08-2014 Tool run by Aaron's Mini on Mon 09/01/2014 at 7:59:57.40. Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Aaron's Mini\Downloads\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-08-29-180035.log 48719 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-147099939-99406921-2600037334-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8B31050B-FBEC-48A3-A4A2-383DD49998BB} deleted successfully HKEY_USERS\S-1-5-21-147099939-99406921-2600037334-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_USERS\S-1-5-21-147099939-99406921-2600037334-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-147099939-99406921-2600037334-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files\GUT66ED.tmp deleted C:\Program Files\GUM66DD.tmp deleted C:\Program Files\Yahoo! deleted C:\Users\Aaron's Mini\AppData\Roaming\Yahoo! deleted C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo! deleted C:\PROGRA~2\Yahoo! deleted C:\Users\Aaron's Mini\AppData\LocalLow\Yahoo! deleted C:\Users\Aaron's Mini\AppData\LocalLow\Yahoo! Companion deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo! deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted C:\Windows\system32\config\systemprofile\Searches deleted "C:\ProgramData\ucHmRdzYofk2T1" deleted "C:\ProgramData\~ucHmRdzYofk2T1" deleted "C:\ProgramData\~ucHmRdzYofk2T1r" deleted ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033 14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U67 0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1 AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 546ED69C34E82F2326D17508D3768F4A - C:\Program Files\Download Manager\npfpdlm.dll - IGN Download Manager Plug-in 93A6E62490C778FE0F8F61D246218998 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{89022F4C-44A1-4FDE-A12D-C4835266CC16}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en" {89022F4C-44A1-4FDE-A12D-C4835266CC16} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=HPNTDF" ==== Empty IE Cache ====================== C:\Users\Aaron's Mini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Aaron's Mini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Aaron's Mini\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Aaron's Mini\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Zach Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Aaron's Mini\AppData\Local\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033\Cache emptied successfully C:\Users\Aaron's Mini\AppData\Local\Mozilla\Firefox\Profiles\6suhuphw.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=73 folders=2 8914694 bytes) ==== Empty Temp Folders ====================== C:\Users\Aaron's Mini\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Zach Admin\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\AARON'~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Mon 09/01/2014 at 8:34:35.91 ======================

My mistake...I didn't wait long enough. Here is the Zoek log file: Zoek.exe v5.0.0.0 Updated 28-08-2014 Tool run by Aaron's Mini on Fri 08/29/2014 at 13:41:08.00. Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Aaron's Mini\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 8/29/2014 1:48:57 PM Zoek.exe System Restore Point Created Succesfully. ==== Installed Programs ====================== Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.5 MUI Adobe Shockwave Player Adobe Shockwave Player 11.5 ArcSoft WebCam Companion 3 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Bejeweled 2 Deluxe Blackhawk Striker 2 Blasterball 2 Revolution Bob the Builder Can-Do-Zoo Broadcom 802.11 Wireless LAN Adapter Build-a-lot 3 Choice Guard Chuzzle Deluxe Compatibility Pack for the 2007 Office system Dora's Carnival Adventure Download Manager 2.3.10 Eighteen Wheels of Steel Haulin' Family Feud 3 Farm Frenzy - Pizza Party FATE Undiscovered Realms Google Toolbar for Internet Explorer Google Update Helper Hewlett-Packard ACLM.NET v1.1.1.0 Homepage Protection HP Customer Experience Enhancements HP Game Console HP Games HP Instant Web HP Setup HP Support Assistant HP Update HP User Guides 0166 HP Wireless Assistant IDT Audio Intel® Graphics Media Accelerator Driver Intelr Matrix Storage Manager Java 7 Update 67 Java Auto Updater Jewel Quest Solitaire 2 John Deere Drive Green Liong - The Lost Amulets Mah Jong Medley Malwarebytes Anti-Malware version 2.0.2.1012 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office Home and Student 60 day trial Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Security Client Microsoft Security Essentials Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works More Games from HP Games Mortimer Beckett and the Time Paradox Mozilla Firefox 31.0 (x86 en-US) MSVCRT Mystery P.I. - The New York Fortune Mystery P.I. - The Vegas Heist Peggle Penguins Polar Bowler Polar Golfer PowerRecover Realtek USB 2.0 Card Reader Scrabble Slingo Deluxe Synaptics Pointing Device Driver The Hidden Object Game Show Totem Tribe Trojan Killer 2.1 Unity Web Player Virtual Villagers - The Secret City Wheel of Fortune 2 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool World of Goo X-Com Apocalypse X-Com Terror From the Deep X-Com UFO Defense Zuma Deluxe ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe C:\SPLASH.SYS\config\DVMExportService.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\HP\HPBTWD.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Users\Aaron's Mini\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k swprv ==== Services (whitelist) ====================== Powered by E Dev R2 - [AESTFilters] - Andrea ST Filters Service - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe R2 - [DvmMDES] - DeviceVM Meta Data Export Service - "C:\SPLASH.SYS\config\DVMExportService.exe" R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe" R2 - [HPDrvMntSvc.exe] - HP Quick Synchronization Service - "C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe" R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Client\MsMpEng.exe" R2 - [sTacSV] - Audio Service - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding R3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" R3 - [NisSrv] - Microsoft Network Inspection - "c:\Program Files\Microsoft Security Client\NisSrv.exe" R3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe R3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe" S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe S3 - [ACDaemon] - ArcSoft Connect Daemon - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe S3 - [GameConsoleService] - GameConsoleService - "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe" S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc S3 - [gusvc] - Google Software Updater - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe S3 - [sNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe" S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe ==== System Specs ====================== Windows: Windows 7 Starter Edition Service Pack 1 (Build 7601) Memory (RAM): 1016 MB CPU Info: Intel® Atom CPU N270 @ 1.60GHz CPU Speed: 1637.1 MHz Sound Card: Speakers and Headphones (IDT Hi | Display Adapters: Mobile Intel® 945 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1024 X 600 - 32 bit Network: Network Present Network Adapters: Broadcom 802.11b/g WLAN | Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20) CD / DVD Drives: No optical drives found. Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 137.5GB | D: 11.4GB Hard Disks - Free: C: 101.1GB | D: 1.9GB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 09/16/09 | HPQOEM - 20090916 Time Zone: Eastern Standard Time Motherboard *: Hewlett-Packard 308F Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Default Browser: Firefox 31.0 Internet Explorer Version: 11.0.9600.17207 Mozilla Firefox version: 31.0 (x86 en-US) Adobe Reader version: 9.5.5.316 Sun Java version: 1.7.0_67 (32-bit) Shockwave Player version: 11.5.9r620 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-08-25 20:30:11 2A66E81AE941E54A237490FC35D387C8 1945 ----a-w- C:\Windows\epplauncher.mif ====== C:\Users\AARON'~1\AppData\Local\Temp ==== 2014-08-26 04:29:44 C1DC07AC369B68511BA7160444A6CEFC 411136 ----a-w- C:\Users\Aaron's Mini\AppData\Local\Temp\bpuninstall.exe 2014-08-25 21:16:50 534FA1F6C59616DA42D34249770D4E90 72794112 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-a1700994.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-08-29 16:42:53 459E257F8915D44B23ACB46211FD45D0 45536 ----a-w- C:\Windows\System32\wups2.dll 2014-08-29 16:42:51 072678E0D68E9C3A7960328671134C7B 54240 ----a-w- C:\Windows\System32\wuauclt.exe 2014-08-29 16:42:48 EC6E2DB67695966DF22CF5EBEFC1D305 2425856 ----a-w- C:\Windows\System32\wucltux.dll 2014-08-29 16:42:46 D9B0134913E5EF007AF82A418C503322 1973728 ----a-w- C:\Windows\System32\wuaueng.dll 2014-08-29 16:41:31 372218B80DEF827063049EBEE76B7501 92672 ----a-w- C:\Windows\System32\wudriver.dll 2014-08-29 16:41:31 255F0417EC31C71585824269522EC8E9 36320 ----a-w- C:\Windows\System32\wups.dll 2014-08-29 16:41:30 867148EBF47E7E7E7B21C07B4A981929 581600 ----a-w- C:\Windows\System32\wuapi.dll 2014-08-29 16:40:40 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\System32\wuwebv.dll 2014-08-29 16:40:32 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\System32\wuapp.exe 2014-08-26 03:54:04 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\System32\infocardapi.dll 2014-08-26 03:53:47 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\System32\icardres.dll 2014-08-26 03:53:18 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\System32\icardagt.exe 2014-08-26 03:52:41 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2014-08-26 03:47:04 6C4B2E1A25841077084EB9F76FF6FFA7 11410432 ----a-w- C:\Windows\System32\wmp.dll 2014-08-26 03:47:00 02DF0628BE8B64B84D50FBE53549AA3B 12625408 ----a-w- C:\Windows\System32\wmploc.DLL 2014-08-26 03:41:00 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\System32\javaws.exe 2014-08-26 03:40:18 49E203776C2ACB289385168A9058EE9E 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-08-26 03:40:18 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-08-26 03:40:18 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\System32\java.exe 2014-08-25 22:45:06 F37167FCDB661FD4B54CAD4755ABDD61 32256 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll 2014-08-25 22:44:57 D60E27D4BD5A91FCD17D2CB27F86738E 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-25 22:44:50 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\System32\wksprtPS.dll 2014-08-25 22:44:50 A90F47CDCC0898733596B5070039FC15 14336 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-25 22:44:49 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\System32\tsgqec.dll 2014-08-25 22:44:49 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll 2014-08-25 22:44:48 AF40D823F3B03C7899AEF2293F84D0D7 76288 ----a-w- C:\Windows\System32\TSWbPrxy.exe 2014-08-25 22:44:48 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\System32\rdvidcrl.dll 2014-08-25 22:44:48 0FC6922517964E9D90DE84DC86F63E40 350208 ----a-w- C:\Windows\System32\wksprt.exe 2014-08-25 22:44:47 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\System32\mstsc.exe 2014-08-25 22:44:46 A5FE03D57097A45B8E7A4A09C9B78695 5698048 ----a-w- C:\Windows\System32\mstscax.dll 2014-08-25 20:41:32 FDA05E78813F543A6E9AC6B23EC696F2 1068032 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-08-25 20:41:32 F862CD08F1AD4EE39BD506853F3C6103 16284 ----a-w- C:\Windows\System32\ieuinit.inf 2014-08-25 20:41:32 EC7038154490E50ACD405A022F51B204 83456 ----a-w- C:\Windows\System32\inseng.dll 2014-08-25 20:41:32 E739AEDCA67F214F96C2520BA293B12B 526336 ----a-w- C:\Windows\System32\msfeeds.dll 2014-08-25 20:41:32 D9F12F54E3B5A092F1D5F191F5286E53 337408 ----a-w- C:\Windows\System32\html.iec 2014-08-25 20:41:32 CFCE4EFF1D6D909EE2EA3AFCB8F1E677 233472 ----a-w- C:\Windows\System32\url.dll 2014-08-25 20:41:32 CE94480E78CC3A1A17B53F2BB65639BD 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-08-25 20:41:32 CCC198257901BEEA2FBF8EB1E7678356 1791488 ----a-w- C:\Windows\System32\wininet.dll 2014-08-25 20:41:32 C611C6ED5ECFE4608BA79472DFE3D49C 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-08-25 20:41:32 C1A6E565B2782C09BC40AD749B46D9ED 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2014-08-25 20:41:32 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\Windows\System32\ieapfltr.dat 2014-08-25 20:41:32 BE0EA764820239F7785410CBE3880086 32256 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-08-25 20:41:32 AD27563BC16AB1EAACAE3033E99C2F78 194048 ----a-w- C:\Windows\System32\elshyph.dll 2014-08-25 20:41:32 AB3B2CA52AFB695AFCDD2620A21E5B21 24576 ----a-w- C:\Windows\System32\licmgr10.dll 2014-08-25 20:41:32 A9F8343A3234FC7A42DDA4569827B411 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-08-25 20:41:32 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-08-25 20:41:32 9E170B0AF156B478BD2B1FD6A2250C9E 62464 ----a-w- C:\Windows\System32\tdc.ocx 2014-08-25 20:41:32 9B8701A380CEE1B05D651B4ED4048C8F 645120 ----a-w- C:\Windows\System32\jsIntl.dll 2014-08-25 20:41:32 9A33FDDD687A836A1FD478B43C5A95FD 151552 ----a-w- C:\Windows\System32\iexpress.exe 2014-08-25 20:41:32 9385D7C5DF2566D01B1FB150F381D50B 367616 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-08-25 20:41:32 91CF46BBB827E461C498A1D7D1A71AD6 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-08-25 20:41:32 8046CF629D8AE766C22145F4A6AFFBE1 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-08-25 20:41:32 7C44C697BA6D0B698B91AC6516A731C3 1139200 ----a-w- C:\Windows\System32\urlmon.dll 2014-08-25 20:41:32 6A92CEC8532056791C6832B2725D170D 139264 ----a-w- C:\Windows\System32\wextract.exe 2014-08-25 20:41:32 67EA1BB7F6428A10C64D5A732976F871 69632 ----a-w- C:\Windows\System32\mshtmled.dll 2014-08-25 20:41:32 573E522A27210701EB8A6C476D36FFF6 239616 ----a-w- C:\Windows\System32\dxtrans.dll 2014-08-25 20:41:32 4F032F1FDEFEA5EC8EEA3562643B5EE8 69120 ----a-w- C:\Windows\System32\icardie.dll 2014-08-25 20:41:32 4B774E842F268D51DB942EF9637828B9 1964544 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-08-25 20:41:32 3B840119F286743FCFE953C5DEF40136 595968 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-08-25 20:41:32 298FDE634538B62CEEEC266D8773B21A 182272 ----a-w- C:\Windows\System32\msls31.dll 2014-08-25 20:41:32 175A663547805367C10746FC416D4605 704512 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-08-25 20:41:32 084FB28A790685F32A6D7D003777696D 2179072 ----a-w- C:\Windows\System32\iertutil.dll 2014-08-25 20:41:32 045A91095A605BB20FF2B37546FE62B0 455168 ----a-w- C:\Windows\System32\vbscript.dll 2014-08-25 20:41:32 03B3541AE6986602CF9CB5B3AD169C33 208384 ----a-w- C:\Windows\System32\webcheck.dll 2014-08-25 20:41:31 FC733FD7721200D5136F6F8112E97B00 11742208 ----a-w- C:\Windows\System32\ieframe.dll 2014-08-25 20:41:31 F7B6E341F4B1947BEC0E14EEBE3C627E 111616 ----a-w- C:\Windows\System32\IEAdvpack.dll 2014-08-25 20:41:31 F2A99A4293CAF7956FF7801D36D5A3B2 442368 ----a-w- C:\Windows\System32\ieui.dll 2014-08-25 20:41:31 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-08-25 20:41:31 DFA59840BB1220AFD261FDAE83543959 17276416 ----a-w- C:\Windows\System32\mshtml.dll 2014-08-25 20:41:31 AE6A2C5ECD3E96556E22F12816842F60 48640 ----a-w- C:\Windows\System32\mshtmler.dll 2014-08-25 20:41:31 ABDFC692D9FE43E2BA8FE6CB5A8CB95A 13312 ----a-w- C:\Windows\System32\mshta.exe 2014-08-25 20:41:31 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 ----a-w- C:\Windows\System32\jscript9.dll 2014-08-25 20:41:31 887055A3C8DD6C87D200D11EAFDBD45B 74240 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe 2014-08-25 20:41:31 83F49FD1BC0A999B006D564C540C7258 86016 ----a-w- C:\Windows\System32\iesysprep.dll 2014-08-25 20:41:31 82C8F94A8DFF5D451E1A81B88E9FB4BD 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-08-25 20:41:31 779E142FE2159935E78C0FA2E190FF1E 610304 ----a-w- C:\Windows\System32\jscript.dll 2014-08-25 20:41:31 6EB0B7301E00F717BD68A742D1391FAF 36352 ----a-w- C:\Windows\System32\imgutil.dll 2014-08-25 20:41:31 55969AADF0210A614700F89B48976F68 43008 ----a-w- C:\Windows\System32\msfeedsbs.dll 2014-08-25 20:41:31 557D60DF85D61C290A1D09E7115B294B 62464 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-08-25 20:41:31 53FC62C51CB18C9100A7DFAF2D2A6C47 12800 ----a-w- C:\Windows\System32\msfeedssync.exe 2014-08-25 20:41:31 4BCC7EB5F20840DA67943BD86AE95735 56832 ----a-w- C:\Windows\System32\pngfilt.dll 2014-08-25 20:41:31 448854C4FE94C0FA329CC38FF103DC74 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-08-25 20:41:31 42BF66A4DC35DAD3564065173372CCE9 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-08-25 20:41:31 2D396E0D33817173E7EB7EE1B0AFCA28 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-08-25 20:41:31 1AFBAA54BDF637F69B8E02A5578286B0 116736 ----a-w- C:\Windows\System32\iepeers.dll 2014-08-25 20:41:31 1200D9C7DB0ADC1B8143A0A9921BF7DA 127488 ----a-w- C:\Windows\System32\occache.dll 2014-08-25 20:41:31 09CBE4B1AEF497FC05493B09EA2C1757 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-08-25 20:39:28 E0B8C6B1EA1EF94747E966E9093FB968 1289096 ----a-w- C:\Windows\System32\ntdll.dll 2014-08-25 20:39:28 D67472125471784DE7147946EDA25FEB 640512 ----a-w- C:\Windows\System32\advapi32.dll 2014-08-25 20:39:28 401D25136E26B237D77DA1BF1198B3BD 619520 ----a-w- C:\Windows\System32\tdh.dll 2014-08-25 20:38:41 E94C583CDE2348950155F2AF2876F34D 231424 ----a-w- C:\Windows\System32\mswsock.dll 2014-08-25 20:02:40 E9504E484076585F6DA3C59F0E20E122 417792 ----a-w- C:\Windows\System32\WMPhoto.dll 2014-08-25 20:02:39 E7B9D5FF20FFDD4AAE2EF1D1B8C27A37 159232 ----a-w- C:\Windows\System32\imagehlp.dll 2014-08-25 20:01:51 4D59F470985D08139E42D15842816C47 3969984 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2014-08-25 20:01:51 31FA2485DFC773F1E718A4D19F443FA9 3914176 ----a-w- C:\Windows\System32\ntoskrnl.exe 2014-08-25 20:01:50 F74FFA7654702F81884BDB41EB80DAC2 868352 ----a-w- C:\Windows\System32\kernel32.dll 2014-08-25 20:01:49 FD25B74DC1A18C56BF1A879BF086555A 293376 ----a-w- C:\Windows\System32\KernelBase.dll 2014-08-25 20:01:49 995B39A08421C7725D1DF8DACEBBFC89 538112 ----a-w- C:\Windows\System32\objsel.dll 2014-08-25 20:01:49 51BB04243DF6196C06E125898127E397 169984 ----a-w- C:\Windows\System32\winsrv.dll 2014-08-25 20:01:49 2DE16A63F71D10B42ACE01E759078600 271360 ----a-w- C:\Windows\System32\conhost.exe 2014-08-25 20:01:48 FBC78B5D12A4F5A62D9C91E0E0E46D46 49664 ----a-w- C:\Windows\System32\adprovider.dll 2014-08-25 20:01:48 834A859BB331B0B2CCAE25BB1986F80D 47616 ----a-w- C:\Windows\System32\dpapiprovider.dll 2014-08-25 20:01:48 62C0798CC68EBF42F29C92E6CD6DC3D6 36864 ----a-w- C:\Windows\System32\dimsroam.dll 2014-08-25 20:01:48 5E11C55CC4D9330E55CCB22B1F20BB33 35328 ----a-w- C:\Windows\System32\wincredprovider.dll 2014-08-25 20:01:48 38A30B8E4216BE24D30F766EF3BAC2C7 48128 ----a-w- C:\Windows\System32\capiprovider.dll 2014-08-25 20:01:48 335FA669FC952BC4888CEDBDB42607E2 51200 ----a-w- C:\Windows\System32\cngprovider.dll 2014-08-25 20:01:21 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\System32\shdocvw.dll 2014-08-25 20:01:13 D14DF403FF550F6B1F4702CD2F288ABD 412160 ----a-w- C:\Windows\System32\aepdu.dll 2014-08-25 20:01:12 D96106CF60505734B14F6AE80AAA4B07 1987584 ----a-w- C:\Windows\System32\d3d10warp.dll 2014-08-25 20:01:12 C4675C2734716F56FCA370CF1183457F 302592 ----a-w- C:\Windows\System32\aeinv.dll 2014-08-25 20:01:11 14800BD31701A5047AC3145BB1E698AE 3419136 ----a-w- C:\Windows\System32\d2d1.dll 2014-08-25 20:00:59 E2ED66FAF894F545EB083AC5F5763854 434688 ----a-w- C:\Windows\System32\scavengeui.dll 2014-08-25 20:00:48 2A58DBC1BADEA2F496099F8CB068E698 2350080 ----a-w- C:\Windows\System32\win32k.sys 2014-08-25 20:00:47 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\System32\osk.exe 2014-08-25 20:00:43 AAB5D8C5ABE71873DC19ED004EF25009 792576 ----a-w- C:\Windows\System32\TSWorkspace.dll 2014-08-25 20:00:32 F95E1E9D97D25C11F29CA34C843A6F4D 247808 ----a-w- C:\Windows\System32\schannel.dll 2014-08-25 20:00:32 8BA721F76C97A219599E88722AA48875 259584 ----a-w- C:\Windows\System32\msv1_0.dll 2014-08-25 20:00:32 1A0BE0092646F564FAF204E678AF8E03 550912 ----a-w- C:\Windows\System32\kerberos.dll 2014-08-25 20:00:31 E3ECF5FFE3DEDF61DC6877B6A99ACBBF 17408 ----a-w- C:\Windows\System32\credssp.dll 2014-08-25 20:00:31 C71CC796F0E2E9BD542C87532706FCFE 172032 ----a-w- C:\Windows\System32\wdigest.dll 2014-08-25 20:00:31 C61DDFE40204F3BE3DF111981D91560E 220160 ----a-w- C:\Windows\System32\ncrypt.dll 2014-08-25 20:00:31 6CB2616152ADCDF39F05B08E4858F476 65536 ----a-w- C:\Windows\System32\TSpkg.dll 2014-08-25 20:00:24 EA093130471090037BB70A4AF86FAD1B 420008 ----a-w- C:\Windows\System32\locale.nls 2014-08-25 20:00:22 EAF4712B706936C0B10D3B5319B37E81 81920 ----a-w- C:\Windows\System32\davclnt.dll 2014-08-25 20:00:22 75E8EBD7040CE238684333F97014762A 205824 ----a-w- C:\Windows\System32\WebClnt.dll 2014-08-25 20:00:20 F632602316001D517F4EF3B53B9A6C33 26112 ----a-w- C:\Windows\System32\lpk.dll 2014-08-25 20:00:20 8CC4638FA7B5B921B9080CF962582C0B 70656 ----a-w- C:\Windows\System32\fontsub.dll 2014-08-25 20:00:20 7D27E63B54DB093BB0D9E95F81094D75 34304 ----a-w- C:\Windows\System32\atmlib.dll 2014-08-25 20:00:20 5C6B44F9CAAC475B7B9EBBC29CB7F065 295424 ----a-w- C:\Windows\System32\atmfd.dll 2014-08-25 20:00:20 2342EC9254F4C60CA98441BD65C89E12 10240 ----a-w- C:\Windows\System32\dciman32.dll 2014-08-25 20:00:17 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 ----a-w- C:\Windows\System32\shell32.dll 2014-08-25 20:00:15 AFA53BD631FB0509A91A99391209BB70 301568 ----a-w- C:\Windows\System32\msieftp.dll 2014-08-25 20:00:12 0805487A6036A9F9C4E7AF7FEF835529 1620992 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2014-08-25 20:00:05 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\System32\credui.dll 2014-08-25 20:00:05 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll 2014-08-25 19:59:49 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\System32\crypt32.dll 2014-08-25 19:59:33 7CA1BECEA5DE2643ADDAD32670E7A4C9 140288 ----a-w- C:\Windows\System32\cryptsvc.dll 2014-08-25 19:59:33 7B851A8018B1EA00A69707A390004884 103936 ----a-w- C:\Windows\System32\cryptnet.dll 2014-08-25 19:59:33 68EAAEDF0365168B804E8728368FA946 175104 ----a-w- C:\Windows\System32\wintrust.dll 2014-08-25 19:59:20 D08819FEE0CDB8A8A58E2B34D05E7A11 2048 ----a-w- C:\Windows\System32\tzres.dll 2014-08-25 19:59:03 2A01B40C8334A8124001CFAC256FCA83 102608 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2014-08-25 19:59:00 C212A43AA83A717AD38505F23ACDCB33 2363392 ----a-w- C:\Windows\System32\msi.dll 2014-08-25 19:58:59 CADC4CFE957C24984FFA718AB7E4EF3C 101824 ----a-w- C:\Windows\System32\consent.exe 2014-08-25 19:58:59 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 ----a-w- C:\Windows\System32\msihnd.dll 2014-08-25 19:58:59 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 ----a-w- C:\Windows\System32\authui.dll 2014-08-25 19:58:49 A3B1D1312602280839A4A2AFBDFD066E 163840 ----a-w- C:\Windows\System32\scrrun.dll 2014-08-25 19:58:49 A3A35EE79C64A640152B3113E6E254E2 126976 ----a-w- C:\Windows\System32\cscript.exe 2014-08-25 19:58:49 979D74799EA6C8B8167869A68DF5204A 141824 ----a-w- C:\Windows\System32\wscript.exe 2014-08-25 19:58:49 09F65975C1C9793B923BB52A7FA83453 121856 ----a-w- C:\Windows\System32\wshom.ocx 2014-08-25 19:58:47 E227B810296AA27E6C69307A7B6456E5 1389056 ----a-w- C:\Windows\System32\msxml6.dll 2014-08-25 19:58:47 8B8D1CEF498678CAB9DF17145D34BC64 1237504 ----a-w- C:\Windows\System32\msxml3.dll 2014-08-25 19:58:47 2E673E776136354ECFB57BFD62E7EC3D 2048 ----a-w- C:\Windows\System32\msxml6r.dll 2014-08-25 19:58:47 0789F82BAE171323F74B8F175D406AB8 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-08-25 19:58:45 A5F833506BF6A1B5D693E1499DEE2444 626688 ----a-w- C:\Windows\System32\usp10.dll 2014-08-25 19:58:44 7CC38741B8F68F1E0D5D79DA6123666A 185344 ----a-w- C:\Windows\System32\wwansvc.dll 2014-08-25 19:58:43 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\System32\qedit.dll 2014-08-25 19:58:42 C9059EF0C94C55C0DA9CACEE160A5F66 654336 ----a-w- C:\Windows\System32\rpcrt4.dll 2014-08-25 19:58:38 B9C54120F46392100478F58F374E5709 679424 ----a-w- C:\Windows\System32\IKEEXT.DLL 2014-08-25 19:58:37 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2014-08-25 19:58:37 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\System32\nshwfp.dll 2014-08-25 19:58:36 75F5E1FE8D55CF8E577E0EC5F2290D3F 530432 ----a-w- C:\Windows\System32\comctl32.dll 2014-08-25 19:58:35 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-08-25 19:58:32 5860EE5C807CB3866551B845123493C6 107520 ----a-w- C:\Windows\System32\cdd.dll 2014-08-25 19:58:28 5A775CAE7CCCAC581C05B8D2C92C0DF1 305152 ----a-w- C:\Windows\System32\gdi32.dll 2014-08-25 19:58:24 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\System32\wer.dll 2014-08-25 19:57:44 F70CE04DD355A61DB6FE1B19540CF2F5 13824 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll 2014-08-25 19:57:44 82759B6A07AD0A9A467E4136DCC5DA2D 2742784 ----a-w- C:\Windows\System32\rdpcorets.dll 2014-08-25 19:56:25 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 ----a-w- C:\Windows\System32\RMActivate_isv.exe 2014-08-25 19:56:25 6142C5540C8D2764D59CBC11AF4A5900 572416 ----a-w- C:\Windows\System32\RMActivate.exe 2014-08-25 19:56:25 0F5FEF37588AF457E02125674F171A4F 508928 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe 2014-08-25 19:56:25 08D323750350A8A29611D1004C0CF319 510976 ----a-w- C:\Windows\System32\RMActivate_ssp.exe 2014-08-25 19:56:24 BBCE3E9E74C7CEA47FA4115B360AC2C6 423936 ----a-w- C:\Windows\System32\secproc_isv.dll 2014-08-25 19:56:24 9158DBE2F8483434FC72F320690C9DB8 87040 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll 2014-08-25 19:56:24 7FA485555BF802FE3DB5598004DBDFAC 390144 ----a-w- C:\Windows\System32\msdrm.dll 2014-08-25 19:56:24 58712A48D31B40EBCB35B47205F87771 87040 ----a-w- C:\Windows\System32\secproc_ssp.dll 2014-08-25 19:56:24 12A9F24DC9F465DA79AC2272D829A81E 428032 ----a-w- C:\Windows\System32\secproc.dll 2014-08-25 19:40:25 EA4B76A3E19C7335A61B111E09205098 1059840 ----a-w- C:\Windows\System32\lsasrv.dll 2014-08-25 19:40:23 DD17E1573651293D4ED31053795B3471 22528 ----a-w- C:\Windows\System32\lsass.exe 2014-08-25 19:40:23 CAA3039FFA0CDF8C2A9845C1609CDE00 100352 ----a-w- C:\Windows\System32\sspicli.dll 2014-08-25 19:40:23 C94CE65AE7701E9FDBA889045543E27C 22016 ----a-w- C:\Windows\System32\secur32.dll 2014-08-25 19:40:23 61BC8ACDEC57469B22EC519B22FB3642 15872 ----a-w- C:\Windows\System32\sspisrv.dll ====== C:\Windows\system32\drivers ===== 2014-08-25 22:44:53 C6A5FBD4977305E1FA23E02C042DB463 49152 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2014-08-25 20:01:15 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys 2014-08-25 20:00:52 F1B27299F547D452EDAEF01FC187CB91 25728 ----a-w- C:\Windows\System32\drivers\hidparse.sys 2014-08-25 20:00:52 50ABE682EBE752EAF62B18790D6D491C 55808 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2014-08-25 20:00:22 21F4B24ACFC79A483515BD986DD9043F 115712 ----a-w- C:\Windows\System32\drivers\mrxdav.sys 2014-08-25 20:00:14 DEE7EDA5AAA96C4C68A1F098F5145799 187840 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2014-08-25 20:00:14 5DBD4F73E2A52FEED61DBAB3752E329C 240576 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-08-25 20:00:14 5579DD18546999F5D0EC39D018726C6B 1294272 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-08-25 20:00:11 C8DFF8D07755A66C7A4A738930F0FEAC 1212352 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2014-08-25 19:59:23 25944D2CC49E0A6C581D02A74B7D6645 527064 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2014-08-25 19:59:13 F1A449D762657230629D8BFC107ABC14 149440 ----a-w- C:\Windows\System32\drivers\storport.sys 2014-08-25 19:59:13 EB34CE31FABD4DC4343FD2AD16D2CAF9 234432 ----a-w- C:\Windows\System32\drivers\msiscsi.sys 2014-08-25 19:59:13 5FB4F271032B6435F3B2252F577A4815 27072 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2014-08-25 19:58:41 DE014425522610BEDCA3821BB8C0F1D5 146816 ----a-w- C:\Windows\System32\drivers\usbvideo.sys 2014-08-25 19:58:41 2352AB5F9F8F097BF9D41D5A4718A041 86016 ----a-w- C:\Windows\System32\drivers\usbcir.sys 2014-08-25 19:58:39 D0B388DA1D111A34366E04EB4A5DD156 338944 ----a-w- C:\Windows\System32\drivers\afd.sys 2014-08-25 19:58:32 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-08-25 19:58:32 0EC652D17AB4607745FB4E6958E8FAB6 219072 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2014-08-25 19:58:25 EB6137D696A9B4E9718AC6F8641CB4C9 177152 ----a-w- C:\Windows\System32\drivers\portcls.sys 2014-08-25 19:58:25 9842041E2F5ACE1E2F5FB4EF02053DC8 81408 ----a-w- C:\Windows\System32\drivers\drmk.sys 2014-08-25 19:57:53 EDF2DF71C4F1E13A6AC75F5224DE655A 258560 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2014-08-25 19:57:53 EC2C5AF37B76D7B58C642CB74423DB7A 284672 ----a-w- C:\Windows\System32\drivers\usbport.sys 2014-08-25 19:57:53 D40855F89B69305140BBD7E9A3BA2DA6 43520 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2014-08-25 19:57:53 9828C8D14CC2676421778F0DE638CF97 20480 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2014-08-25 19:57:53 800AABFD625EEFF899F7E5496BDE37AB 24064 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2014-08-25 19:57:53 74F805AB12EB0E3E49E469F19FF02640 6016 ----a-w- C:\Windows\System32\drivers\usbd.sys 2014-08-25 19:57:53 0803FBA9FE829D61AE26EC0BCC910C46 76288 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2014-08-25 19:55:40 B37B08F2E5EEB1A37E448E09BACE1101 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2014-08-25 19:40:24 D3964885F0A11ACF51DA3AAA776973B2 136640 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2014-08-25 19:40:24 85449EEBE8F8EBD6481EFBF0F352B4EB 369848 ----a-w- C:\Windows\System32\drivers\cng.sys 2014-08-25 19:40:23 4120DA10AA42A9996F4575DB9E3E6E6E 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-26 03:41:12 -------- d-----w- C:\Program Files\Common Files\Java ======= C: ===== ====== C:\Users\Aaron's Mini\AppData\Roaming ====== 2014-08-29 17:14:43 -------- d-sh--w- C:\Users\Aaron's Mini\AppData\Locallow\EmieUserList 2014-08-29 17:14:24 -------- d-sh--w- C:\Users\Aaron's Mini\AppData\Local\EmieUserList 2014-08-29 17:14:23 -------- d-sh--w- C:\Users\Aaron's Mini\AppData\Local\EmieSiteList 2014-08-26 04:37:09 -------- d-sh--w- C:\Users\Aaron's Mini\AppData\Locallow\EmieSiteList 2014-08-26 04:11:51 -------- d-s---w- C:\Users\Zach Admin\AppData\Locallow\Microsoft 2014-08-26 04:11:49 ACC2ED54C98AC70F793EA0724D1ADDA3 77024 ----a-w- C:\Users\Zach Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-26 04:11:14 -------- d-----r- C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-08-26 04:11:14 -------- d-----r- C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-08-26 04:10:53 -------- d-----w- C:\Users\Zach Admin\AppData\Roaming\Identities 2014-08-26 04:10:13 -------- d-----w- C:\Users\Zach Admin\AppData\Roaming\Adobe 2014-08-26 04:09:59 -------- d-----w- C:\Users\Zach Admin\AppData\Local\VirtualStore 2014-08-26 04:09:46 -------- d-s---w- C:\Users\Zach Admin\AppData\Roaming\Microsoft 2014-08-26 04:09:46 -------- d-----w- C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager 2014-08-26 04:09:46 -------- d-----w- C:\Users\Zach Admin\AppData\Local\Temp 2014-08-26 04:09:46 -------- d-----w- C:\Users\Zach Admin\AppData\Local\Microsoft 2014-08-26 04:09:46 -------- d-----r- C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-08-26 04:09:46 -------- d-----r- C:\Users\Zach Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories ====== C:\Users\Aaron's Mini ====== 2014-08-26 04:12:19 -------- d-----w- C:\Users\Zach Admin\.migoDesktop 2014-08-26 04:11:13 -------- d-----r- C:\Users\Zach Admin\Searches 2014-08-26 04:10:44 -------- d-----r- C:\Users\Zach Admin\Contacts 2014-08-26 04:09:49 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\Zach Admin\ntuser.ini 2014-08-26 04:09:46 -------- d--h--w- C:\Users\Zach Admin\AppData 2014-08-26 04:09:46 -------- d-----r- C:\Users\Zach Admin\Videos 2014-08-26 04:09:46 -------- d-----r- C:\Users\Zach Admin\Saved Games 2014-08-26 04:09:46 -------- d-----r- C:\Users\Zach Admin\Pictures 2014-08-26 04:09:46 -------- d-----r- C:\Users\Zach Admin\Music 2014-08-26 04:09:46 -------- d-----r- C:\Users\Zach Admin\Links 2014-08-26 04:09:46 -------- d-----r- C:\Users\Zach Admin\Favorites 2014-08-26 04:09:46 -------- d-----r- C:\Users\Zach Admin\Downloads 2014-08-26 04:09:46 -------- d-----r- C:\Users\Zach Admin\Documents 2014-08-26 04:09:46 -------- d-----r- C:\Users\Zach Admin\Desktop 2014-08-26 03:42:45 -------- d-----w- C:\ProgramData\Oracle 2014-08-26 03:40:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ====== C: exe-files == 2014-08-26 04:29:44 C1DC07AC369B68511BA7160444A6CEFC 411136 ----a-w- C:\Users\Aaron's Mini\AppData\Local\Temp\bpuninstall.exe 2014-08-26 03:46:58 9AED8E824CF5FAAB67957EDBC5512060 164864 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2014-08-26 03:34:28 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Aaron's Mini\AppData\LocalLow\Sun\Java\jre1.7.0_67\lzma.exe 2014-08-25 22:36:06 719499050C93D2DA0228C9CDC704DD05 150552 ----a-w- C:\SwSetup\sp44959\Graphics\igfxpers.exe 2014-08-25 22:36:05 E61C56D20D4521A1CB73FE59CBA79F7A 173080 ----a-w- C:\SwSetup\sp44959\Graphics\igfxext.exe 2014-08-25 22:36:03 A9B85BA21CC37880FB6D0D400A10DC6C 672792 ----a-w- C:\SwSetup\sp44959\Graphics\igfxcfg.exe 2014-08-25 22:35:53 BC799101629DF7FDDD4AA03A6448EAB2 173592 ----a-w- C:\SwSetup\sp44959\Graphics\hkcmd.exe 2014-08-25 22:35:15 A448AE06744E0BDCA8AE64E2940C918B 1002008 ----a-w- C:\SwSetup\sp44959\Setup.exe 2014-08-25 20:41:32 CD900EFB4F8946A2BB1950D9F45915C2 812216 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-08-25 20:41:32 61FF1A9683EDD471797FE0F56057FD09 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-08-25 20:41:32 2AFAE62B727EE7190450D4A14C287422 359632 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe 2014-08-25 20:41:32 2168067C03FADB690B77633104A2E64B 470016 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-08-25 20:41:31 7F7F391491C315A4A72EFCAC0D34FA93 25600 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe === C: other files == 2014-08-25 22:44:53 C6A5FBD4977305E1FA23E02C042DB463 49152 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2014-08-25 22:35:56 1F50623259DF354776DF04C56504A2D7 4786688 ----a-w- C:\SwSetup\sp44959\Graphics\igdkmd32.sys 2014-08-25 20:01:15 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\ataport.sys 2014-08-25 20:01:15 DDCE686D76C2B4DB435A3AF5BD0E691D 133056 ----a-w- C:\Windows\System32\drivers\ataport.sys 2014-08-25 20:00:52 F1B27299F547D452EDAEF01FC187CB91 25728 ----a-w- C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_1436b88c77b8881d\hidparse.sys 2014-08-25 20:00:52 F1B27299F547D452EDAEF01FC187CB91 25728 ----a-w- C:\Windows\System32\drivers\hidparse.sys 2014-08-25 20:00:52 50ABE682EBE752EAF62B18790D6D491C 55808 ----a-w- C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_1436b88c77b8881d\hidclass.sys 2014-08-25 20:00:52 50ABE682EBE752EAF62B18790D6D491C 55808 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2014-08-25 20:00:48 2A58DBC1BADEA2F496099F8CB068E698 2350080 ----a-w- C:\Windows\System32\win32k.sys 2014-08-25 20:00:22 21F4B24ACFC79A483515BD986DD9043F 115712 ----a-w- C:\Windows\System32\drivers\mrxdav.sys 2014-08-25 20:00:14 DEE7EDA5AAA96C4C68A1F098F5145799 187840 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2014-08-25 20:00:14 5DBD4F73E2A52FEED61DBAB3752E329C 240576 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-08-25 20:00:14 5579DD18546999F5D0EC39D018726C6B 1294272 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-08-25 20:00:11 C8DFF8D07755A66C7A4A738930F0FEAC 1212352 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2014-08-25 19:59:23 25944D2CC49E0A6C581D02A74B7D6645 527064 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2014-08-25 19:59:13 F1A449D762657230629D8BFC107ABC14 149440 ----a-w- C:\Windows\System32\drivers\storport.sys 2014-08-25 19:59:13 EB34CE31FABD4DC4343FD2AD16D2CAF9 234432 ----a-w- C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_x86_neutral_128be931e3e98b62\msiscsi.sys 2014-08-25 19:59:13 EB34CE31FABD4DC4343FD2AD16D2CAF9 234432 ----a-w- C:\Windows\System32\drivers\msiscsi.sys 2014-08-25 19:59:13 5FB4F271032B6435F3B2252F577A4815 27072 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2014-08-25 19:58:41 DE014425522610BEDCA3821BB8C0F1D5 146816 ----a-w- C:\Windows\System32\drivers\usbvideo.sys 2014-08-25 19:58:41 2352AB5F9F8F097BF9D41D5A4718A041 86016 ----a-w- C:\Windows\System32\drivers\usbcir.sys 2014-08-25 19:58:39 D0B388DA1D111A34366E04EB4A5DD156 338944 ----a-w- C:\Windows\System32\drivers\afd.sys 2014-08-25 19:58:32 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-08-25 19:58:32 0EC652D17AB4607745FB4E6958E8FAB6 219072 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2014-08-25 19:58:27 007C0C8D5B01D82ACEB70431D15083F6 28160 ----a-w- C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_x86_neutral_1965855805a8e768\usbser.sys 2014-08-25 19:58:25 EB6137D696A9B4E9718AC6F8641CB4C9 177152 ----a-w- C:\Windows\System32\drivers\portcls.sys 2014-08-25 19:58:25 9842041E2F5ACE1E2F5FB4EF02053DC8 81408 ----a-w- C:\Windows\System32\drivers\drmk.sys 2014-08-25 19:57:53 EDF2DF71C4F1E13A6AC75F5224DE655A 258560 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2014-08-25 19:57:53 EC2C5AF37B76D7B58C642CB74423DB7A 284672 ----a-w- C:\Windows\System32\drivers\usbport.sys 2014-08-25 19:57:53 D40855F89B69305140BBD7E9A3BA2DA6 43520 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2014-08-25 19:57:53 9828C8D14CC2676421778F0DE638CF97 20480 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2014-08-25 19:57:53 800AABFD625EEFF899F7E5496BDE37AB 24064 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2014-08-25 19:57:53 74F805AB12EB0E3E49E469F19FF02640 6016 ----a-w- C:\Windows\System32\drivers\usbd.sys 2014-08-25 19:57:53 0803FBA9FE829D61AE26EC0BCC910C46 76288 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2014-08-25 19:55:40 B37B08F2E5EEB1A37E448E09BACE1101 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2014-08-25 19:40:24 D3964885F0A11ACF51DA3AAA776973B2 136640 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2014-08-25 19:40:24 85449EEBE8F8EBD6481EFBF0F352B4EB 369848 ----a-w- C:\Windows\System32\drivers\cng.sys 2014-08-25 19:40:23 4120DA10AA42A9996F4575DB9E3E6E6E 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-147099939-99406921-2600037334-1000\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP BTW Detect Program"="C:\Program Files\HP\HPBTWD.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "WirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03/15/2011 05:30 PM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03/15/2011 05:30 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\RecoveryCDWin7" ["C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe"] "C:\Windows\system32\tasks\Registration" ["C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe"] "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe] "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" [C:\Program Files\Hewlett-Packard\HP Support Framework\HPTuneUp.exe] "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn" [] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Aaron's Mini\AppData\Roaming\Mozilla\Firefox\Profiles\4mkf45fa.default-1408998855033 14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U67 0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1 AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 546ED69C34E82F2326D17508D3768F4A - C:\Program Files\Download Manager\npfpdlm.dll - IGN Download Manager Plug-in 93A6E62490C778FE0F8F61D246218998 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{89022F4C-44A1-4FDE-A12D-C4835266CC16}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en" {89022F4C-44A1-4FDE-A12D-C4835266CC16} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=HPNTDF" {8B31050B-FBEC-48A3-A4A2-383DD49998BB} Ask.com Url="http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on Fri 08/29/2014 at 14:00:35.72 ======================

Naat, I can't post the Malwarebytes log. This is because the log 'export' function is outside my viewing window. This computer has a small monitor. I try moving the log file 'up' to see the export function at the bottom, but my computer won't allow me to move the window any further up than the edge of the screen. The scan deemed my computer clean though, if that matters. ___________________________ No text file opened, but the following text what appeared within the Zoek text box after a while: Zoek.exe v5.0.0.0 Updated 28-08-2014 Tool run by Aaron's Mini on Fri 08/29/2014 at 13:41:08.00. Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Aaron's Mini\Downloads\zoek.exe [scan all users] [script inserted] ===== Runcheck 13:47:31.93 ===== --- Create Environment Variables 13:47:37.57 --- Create System Restore Point 13:48:10.85 --- Checking Input 13:49:00.83 --- Installed Programs 13:49:34.62 --- Processes 13:49:43.79 --- System Specs 13:50:39.50 --- Recently Created 13:51:16.16

Naat, I figured that was the case. Thank you for responding. Yes, I'd still like assistance if it readily available.

I downloaded and ran the FRST and attached the Addition.txt file to this post. FRST.txt Addition.txt