Jump to content

funkalicious

Honorary Members
  • Posts

    39
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for all the help, Kevin. I will read the info at the links you provided. Since no issues were found I think we can call this one a wrap.
  2. ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=40f7b66a81fe3d4ca20dc5f9aad0471c # end=init # utc_time=2015-09-14 05:04:07 # local_time=2015-09-14 10:04:07 (-0800, Pacific Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 25756 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=40f7b66a81fe3d4ca20dc5f9aad0471c # end=updated # utc_time=2015-09-14 05:08:54 # local_time=2015-09-14 10:08:54 (-0800, Pacific Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=40f7b66a81fe3d4ca20dc5f9aad0471c # engine=25756 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-09-14 11:08:09 # local_time=2015-09-14 04:08:09 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 30689516 193815539 0 0 # scanned=743212 # found=1 # cleaned=0 # scan_time=21554 sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Sherri\Downloads\cbsidlm-tr1_13-Soluto-SEO-75446583.exe"
  3. RogueKiller V10.10.4.0 [sep 4 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Craig [Administrator] Started from : C:\Users\Craig\Downloads\RogueKiller.exe Mode : Scan -- Date : 09/13/2015 14:21:09 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM641JI ATA Device +++++ --- User --- [MBR] 6d191677fc81652a2d50918f476cdc2a [bSP] 3d0b76d65724ecff6e264dd09e65f090 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 586969 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1202522112 | Size: 23207 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. )
  4. Here are the scans (Addition.txt attached). Computer seems a bit faster but still stalls/freezes and becomes unresponsive. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-09-2015 Ran by Craig (administrator) on CRAIG-PC (12-09-2015 08:26:01) Running from C:\Users\Craig\Downloads Loaded Profiles: Craig & (Available Profiles: Craig) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (Thomson Reuters) C:\Users\Craig\AppData\Local\Temp\connectbgdl.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-27] (AVAST Software) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-09] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CS Connect Background Services.lnk [2015-01-04] ShortcutTarget: CS Connect Background Services.lnk -> C:\WinCSI\Tools\connectbgdl.exe (Thomson Reuters) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2014-10-07] ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation) Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{772947BF-5390-4EE5-989C-1FB9E09A5012}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{D18B3B5B-FD3B-48BC-BE92-956EE68C6304}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-80377031-1086190703-3473258205-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-09] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-09] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-14] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\2u13o25t.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-14] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-80377031-1086190703-3473258205-1000: @adobe.com/Acrobat,version=5.1 -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll [2002-08-11] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-80377031-1086190703-3473258205-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Craig\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-14] (Citrix Online) FF Plugin HKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @adobe.com/Acrobat,version=5.1 -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll [2002-08-11] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Craig\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-14] (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2002-08-11] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-13] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL => No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll => No File CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File CHR Plugin: (Java Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Craig\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File CHR Profile: C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13] CHR Extension: (Google Drive) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13] CHR Extension: (YouTube) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13] CHR Extension: (Google Search) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13] CHR Extension: (Google Docs Offline) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13] CHR Extension: (Gmail) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-10] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-09] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-08-09] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation) R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-01-14] (National Instruments, Inc.) R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation) R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-12-10] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-12-10] (National Instruments Corporation) R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation) S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation) R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation) R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-12-10] (National Instruments Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-09] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-09] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-08-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-09] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-09] (AVAST Software) S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-04] (The OpenVPN Project) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-09] (AVAST Software) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-12 08:26 - 2015-09-12 08:27 - 00019192 _____ C:\Users\Craig\Downloads\FRST.txt 2015-09-12 08:24 - 2015-09-12 08:24 - 02190848 _____ (Farbar) C:\Users\Craig\Downloads\FRST64.exe 2015-09-11 15:29 - 2015-09-11 15:29 - 00000056 _____ C:\Windows\setupact.log 2015-09-11 15:29 - 2015-09-11 15:29 - 00000000 _____ C:\Windows\setuperr.log 2015-09-10 08:25 - 2015-09-10 08:25 - 00003012 _____ C:\Windows\System32\Tasks\SlimCleaner Run 2015-09-10 08:24 - 2015-09-10 08:24 - 00000000 ____D C:\Users\Craig\AppData\Local\SlimWare Utilities Inc 2015-09-09 16:44 - 2015-09-09 16:44 - 47346280 _____ (Microsoft Corporation) C:\Users\Craig\Downloads\Windows-KB890830-x64-V5.28.exe 2015-09-09 16:12 - 2015-09-09 16:16 - 00000000 ____D C:\AdwCleaner 2015-09-09 10:43 - 2015-09-12 08:26 - 00000000 ____D C:\FRST 2015-09-08 16:19 - 2015-09-08 16:19 - 00110568 _____ C:\Users\Craig\AppData\Local\GDIPFONTCACHEV1.DAT 2015-09-08 15:01 - 2015-08-05 10:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-08 15:01 - 2015-08-05 10:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-08 15:01 - 2015-08-05 10:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-09-08 15:01 - 2015-08-05 10:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-08 15:00 - 2015-08-17 18:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-08 15:00 - 2015-08-17 18:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-08 15:00 - 2015-08-14 23:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-08 15:00 - 2015-08-14 23:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-09-08 15:00 - 2015-08-14 23:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-08 15:00 - 2015-08-14 23:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-08 15:00 - 2015-08-14 23:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-09-08 15:00 - 2015-08-14 22:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-09-08 15:00 - 2015-08-14 22:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-08 15:00 - 2015-08-14 22:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-09-08 15:00 - 2015-08-14 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-09-08 15:00 - 2015-08-14 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-09-08 15:00 - 2015-08-14 22:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-08 15:00 - 2015-08-14 22:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-09-08 15:00 - 2015-08-14 22:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-08 15:00 - 2015-08-14 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-09-08 15:00 - 2015-08-14 22:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-09-08 15:00 - 2015-08-14 22:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-09-08 15:00 - 2015-08-14 22:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-08 15:00 - 2015-08-14 22:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-08 15:00 - 2015-08-14 21:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-08 15:00 - 2015-08-14 21:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-08 15:00 - 2015-08-14 21:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-08 15:00 - 2015-07-14 20:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-09-08 15:00 - 2015-07-14 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-09-08 15:00 - 2015-07-09 10:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-09-08 15:00 - 2015-07-09 10:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-09-08 15:00 - 2015-07-09 10:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-09-08 15:00 - 2015-07-09 10:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2015-09-08 14:59 - 2015-08-14 23:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-08 14:59 - 2015-08-14 23:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-09-08 14:59 - 2015-08-14 23:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-08 14:59 - 2015-08-14 23:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-08 14:59 - 2015-08-14 23:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-08 14:59 - 2015-08-14 23:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-08 14:59 - 2015-08-14 23:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-09-08 14:59 - 2015-08-14 23:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-08 14:59 - 2015-08-14 23:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-08 14:59 - 2015-08-14 23:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-08 14:59 - 2015-08-14 23:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-09-08 14:59 - 2015-08-14 23:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-08 14:59 - 2015-08-14 23:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-08 14:59 - 2015-08-14 22:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-09-08 14:59 - 2015-08-14 22:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-09-08 14:59 - 2015-08-14 22:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-08 14:59 - 2015-08-14 22:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-08 14:59 - 2015-08-14 22:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-08 14:59 - 2015-08-14 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-09-08 14:59 - 2015-08-14 22:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-08 14:59 - 2015-08-14 22:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-09-08 14:59 - 2015-08-14 22:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-09-08 14:59 - 2015-08-14 22:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-08 14:59 - 2015-08-14 22:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-09-08 14:59 - 2015-08-14 22:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-09-08 14:59 - 2015-08-14 22:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-08 14:59 - 2015-08-14 22:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-08 14:59 - 2015-08-14 22:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-09-08 14:59 - 2015-08-14 22:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-09-08 14:59 - 2015-08-14 22:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-08 14:59 - 2015-08-14 22:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-09-08 14:59 - 2015-08-14 22:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-08 14:59 - 2015-08-14 22:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-08 14:59 - 2015-08-14 22:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-08 14:59 - 2015-08-14 22:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-09-08 14:59 - 2015-08-14 21:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-08 14:59 - 2015-08-14 21:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-08 14:59 - 2015-07-22 17:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-09-08 14:59 - 2015-07-22 17:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-08 14:59 - 2015-07-22 17:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-08 14:59 - 2015-07-22 17:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-08 14:59 - 2015-07-22 17:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-09-08 14:59 - 2015-07-22 17:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-09-08 14:59 - 2015-07-22 17:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-09-08 14:59 - 2015-07-22 17:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-09-08 14:59 - 2015-07-22 17:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-09-08 14:59 - 2015-07-22 17:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-08 14:59 - 2015-07-22 17:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-09-08 14:59 - 2015-07-22 17:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-09-08 14:59 - 2015-07-22 17:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-08 14:59 - 2015-07-22 17:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-08 14:59 - 2015-07-22 16:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-08 14:59 - 2015-07-22 16:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 16:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-08 14:59 - 2015-07-22 10:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-09-08 14:59 - 2015-07-22 10:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-09-08 14:59 - 2015-07-22 10:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-09-08 14:59 - 2015-07-22 10:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-09-08 14:59 - 2015-07-22 10:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-09-08 14:59 - 2015-07-22 10:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-09-08 14:59 - 2015-07-22 10:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-09-08 14:59 - 2015-07-22 10:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-09-08 14:59 - 2015-07-22 10:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-09-08 14:59 - 2015-07-22 10:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-09-08 14:59 - 2015-07-22 10:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-09-08 14:59 - 2015-07-22 10:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-09-08 14:59 - 2015-07-22 10:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 09:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-09-08 14:59 - 2015-07-22 09:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-08 14:59 - 2015-07-22 09:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-08 14:59 - 2015-07-22 09:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-09-08 14:59 - 2015-07-22 09:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-09-08 14:59 - 2015-07-22 09:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-09-08 14:59 - 2015-07-22 09:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-09-08 14:59 - 2015-07-22 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-09-08 14:58 - 2015-08-27 11:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-08 14:58 - 2015-08-27 11:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-08 14:58 - 2015-08-27 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-08 14:58 - 2015-08-27 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-08 14:58 - 2015-08-27 10:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-08 14:58 - 2015-08-27 10:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-08 14:58 - 2015-08-27 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-09-08 14:58 - 2015-08-27 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-09-08 14:58 - 2015-06-25 03:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-08 14:58 - 2015-06-25 03:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-08 14:58 - 2015-06-25 03:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-09-08 14:58 - 2015-06-25 02:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-08 14:57 - 2015-09-01 20:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-08 14:57 - 2015-09-01 20:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-08 14:57 - 2015-09-01 20:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-08 14:57 - 2015-09-01 20:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-08 14:57 - 2015-09-01 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-09-08 14:57 - 2015-09-01 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-08 14:57 - 2015-09-01 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-09-08 14:57 - 2015-09-01 19:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-09-08 14:57 - 2015-09-01 18:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-08 14:57 - 2015-09-01 18:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-08 14:57 - 2015-09-01 18:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-08 14:57 - 2015-08-26 11:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-08 14:57 - 2015-08-26 11:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-08 14:57 - 2015-08-26 11:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-08 14:57 - 2015-08-26 11:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-08 14:57 - 2015-08-26 11:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-08 14:57 - 2015-08-26 11:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-08 14:57 - 2015-08-26 11:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-08 14:57 - 2015-08-26 11:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-08 14:57 - 2015-08-26 11:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-08 14:57 - 2015-08-26 11:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-08 14:57 - 2015-08-26 11:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-09-08 14:57 - 2015-08-26 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-08 14:57 - 2015-08-26 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-08 14:57 - 2015-08-26 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-08 14:57 - 2015-08-26 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-09-08 14:57 - 2015-08-26 10:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-08 14:57 - 2015-08-04 11:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-08 14:57 - 2015-08-04 11:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-08 14:57 - 2015-08-04 10:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-08 14:57 - 2015-08-04 10:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-08 14:57 - 2015-08-04 10:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-08 14:57 - 2015-08-04 10:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-08 14:57 - 2015-08-04 10:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-08 14:57 - 2015-08-04 10:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-08 14:57 - 2015-08-04 09:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-08-25 10:56 - 2015-08-25 10:56 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2015-08-25 10:56 - 2015-08-25 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-08-25 10:55 - 2015-08-25 10:56 - 00000000 ____D C:\Program Files (x86)\QuickTime 2015-08-17 13:36 - 2015-08-17 13:36 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-08-17 13:36 - 2015-08-17 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-08-17 13:35 - 2015-08-17 13:36 - 00000000 ____D C:\Program Files\iTunes 2015-08-17 13:35 - 2015-08-17 13:35 - 00000000 ____D C:\Program Files\iPod 2015-08-17 13:35 - 2015-08-17 13:35 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-08-16 14:39 - 2015-08-16 14:39 - 00076280 _____ C:\Users\Craig\Downloads\275-059--Dayton-Audio-ND25FA-4_data (1).zip 2015-08-15 11:44 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-15 11:44 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-14 08:46 - 2015-08-14 08:46 - 00076280 _____ C:\Users\Craig\Downloads\275-059--Dayton-Audio-ND25FA-4_data.zip 2015-08-14 07:09 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-14 07:09 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-14 07:09 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-14 07:09 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-14 07:09 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-14 07:09 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-14 07:09 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-14 07:09 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-14 07:09 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-14 07:09 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-08-14 07:09 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-08-14 07:09 - 2015-07-16 12:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-14 07:09 - 2015-07-16 12:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-08-14 07:09 - 2015-07-16 12:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-14 07:09 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-14 07:09 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-14 07:09 - 2015-07-11 06:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-08-14 07:08 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-14 07:08 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-14 07:07 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-14 07:07 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-14 07:07 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-14 07:06 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-14 07:06 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-14 07:06 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-14 07:06 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-08-14 07:06 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-14 07:06 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-14 07:06 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-08-14 07:06 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-14 07:06 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-14 07:06 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-14 07:06 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-12 08:25 - 2014-01-13 20:42 - 01286454 _____ C:\Windows\WindowsUpdate.log 2015-09-12 08:25 - 2009-07-13 21:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-12 08:25 - 2009-07-13 21:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-12 08:18 - 2014-01-13 21:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-12 08:13 - 2014-02-04 13:25 - 00000000 ____D C:\Program Files (x86)\SlimCleaner 2015-09-12 08:13 - 2014-01-22 18:29 - 00000000 ____D C:\Windows\Minidump 2015-09-12 08:11 - 2014-01-13 21:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-12 02:38 - 2014-08-14 17:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-11 15:33 - 2014-01-13 23:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-09-11 15:30 - 2014-01-13 21:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-11 15:30 - 2014-01-13 21:19 - 00000000 ____D C:\Users\Craig 2015-09-11 15:30 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-11 10:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2015-09-09 16:07 - 2015-05-01 12:20 - 00000000 ____D C:\Users\Craig\Desktop\Sher-Thai maintenace old 2015-09-09 16:07 - 2015-04-28 10:52 - 00000000 ____D C:\Users\Craig\Desktop\Sher-Thai maintenance 2015-09-09 11:51 - 2014-01-13 20:38 - 00000000 ____D C:\Windows\Panther 2015-09-09 11:46 - 2014-09-14 18:02 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForCraig.job 2015-09-09 11:45 - 2014-09-14 18:02 - 00003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCraig 2015-09-09 11:42 - 2015-07-10 06:39 - 00000000 ___HD C:\$Windows.~BT 2015-09-08 17:50 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-08 17:44 - 2009-07-13 21:45 - 00413568 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-08 17:41 - 2009-07-14 00:46 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-08 17:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-08 16:50 - 2014-01-20 12:48 - 00000000 ____D C:\Windows\system32\MRT 2015-09-06 10:51 - 2014-06-21 09:02 - 00000000 ____D C:\Users\Craig\AppData\Local\CrashDumps 2015-08-27 14:13 - 2014-01-13 21:34 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-27 14:13 - 2014-01-13 21:34 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-26 18:37 - 2014-01-20 12:48 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-24 12:04 - 2015-06-14 13:34 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-08-17 13:35 - 2014-01-13 22:45 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-08-15 12:07 - 2014-01-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-15 12:07 - 2014-01-13 22:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-08-15 12:04 - 2015-04-14 18:51 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-15 12:04 - 2014-05-07 06:34 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-15 11:44 - 2014-01-13 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-14 07:00 - 2014-01-13 23:01 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys ==================== Files in the root of some directories ======= 2014-09-20 18:10 - 2015-04-16 15:27 - 0007623 _____ () C:\Users\Craig\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Craig\AppData\Local\Temp\connectbgdl.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-11 10:04 ==================== End of FRST.txt ============================ Addition.txt
  5. When attempting to run FRST64.exe I get a pop-up window stating the following: AutoIt Error Line 9051 (File "C:\Users\Craig\Downloads\FRST64.exe"): Error: Subscript used on non-accessible variable What does this mean?
  6. Requested scans. Start CreateRestorePoint:CloseProcesses:HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-80377031-1086190703-3473258205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONS3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]C:\Users\Craig\AppData\Local\{B1282B60-16BE-4423-9AD7-42B002C4DD45}C:\Users\Craig\AppData\Local\Temp\connectbgdl.exeCustomCLSID: HKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No FileCustomCLSID: HKU\S-1-5-21-80377031-1086190703-3473258205-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No FileAlternateDataStreams: C:\Users\Sherri\Desktop\cross section.tiff:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Sherri\Desktop\cross section.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}Emptytemp:End Fix result of Farbar Recovery Scan Tool (x64) Version:07-09-2015Ran by Craig (2015-09-09 15:07:33) Run:1Running from C:\Users\Craig\DownloadsLoaded Profiles: Craig (Available Profiles: Craig)Boot Mode: Normal============================================== fixlist content:*****************StartCreateRestorePoint:CloseProcesses:HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-80377031-1086190703-3473258205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONS3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]C:\Users\Craig\AppData\Local\{B1282B60-16BE-4423-9AD7-42B002C4DD45}C:\Users\Craig\AppData\Local\Temp\connectbgdl.exeCustomCLSID: HKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No FileCustomCLSID: HKU\S-1-5-21-80377031-1086190703-3473258205-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No FileAlternateDataStreams: C:\Users\Sherri\Desktop\cross section.tiff:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Sherri\Desktop\cross section.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}Emptytemp:End***************** Restore point was successfully created.Processes closed successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully"HKU\S-1-5-21-80377031-1086190703-3473258205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfullyHKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. catchme => service removed successfullySynth3dVsc => service removed successfullytsusbhub => service removed successfullyVBoxAswDrv => service could not removeVGPU => service removed successfullyC:\Users\Craig\AppData\Local\{B1282B60-16BE-4423-9AD7-42B002C4DD45} => moved successfullyC:\Users\Craig\AppData\Local\Temp\connectbgdl.exe => moved successfullyHKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736} => key not found. "HKU\S-1-5-21-80377031-1086190703-3473258205-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfullyC:\Users\Sherri\Desktop\cross section.tiff => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.C:\Users\Sherri\Desktop\cross section.tiff => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.EmptyTemp: => 364.3 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 15:09:50 ==== Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 9/9/2015Scan Time: 3:20 PMLogfile: Malwarebytes scan.txtAdministrator: Yes Version: 2.1.8.1057Malware Database: v2015.09.09.07Rootkit Database: v2015.08.16.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Craig Scan Type: Threat ScanResult: CompletedObjects Scanned: 415280Time Elapsed: 22 min, 41 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) # AdwCleaner v5.007 - Logfile created 09/09/2015 at 16:16:38# Updated 08/09/2015 by Xplode# Database : 2015-09-08.2 [server]# Operating system : Windows 7 Ultimate Service Pack 1 (x64)# Username : Craig - CRAIG-PC# Running from : C:\Users\Craig\Downloads\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Craig\AppData\Local\slimware utilities inc ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\SlimWare Utilities Inc[!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc ***** [ Web browsers ] ***** ************************* :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [811 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.6.1 (09.08.2015:1)OS: Windows 7 Ultimate x64Ran by Craig on Wed 09/09/2015 at 16:25:16.87~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\Windows\system32\tasks\SlimCleaner Run ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Users\Craig\Documents\add-in expressSuccessfully deleted: [Folder] C:\users\Public\Documents\downloaded installers ~~~ FireFox Emptied folder: C:\Users\Craig\AppData\Roaming\mozilla\firefox\profiles\2u13o25t.default\minidumps [2 files] ~~~ Chrome [C:\Users\Craig\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Craig\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Craig\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Craig\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 09/09/2015 at 16:32:47.74End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)Started On Tue Sep 08 16:40:50 2015 Engine: 1.1.12002.0Signatures: 1.205.646.0 Results Summary:----------------No infection found.Failed to submit MAPS report: 0x83760002Failed to submit clean hearbeat MAPS report: 0x83760002Microsoft Windows Malicious Software Removal Tool Finished On Tue Sep 08 16:50:13 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)Started On Wed Sep 09 16:49:31 2015 Engine: 1.1.12002.0Signatures: 1.205.646.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 09 16:56:07 2015 Return code: 0 (0x0)
  7. Addition.txt is attached as a file because I was informed that the original post was too long. Thanks for helping as I've never experienced my computer running so incredibly slow and hope it's something easily fixed. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015Ran by Craig (administrator) on CRAIG-PC (09-09-2015 10:44:22)Running from C:\Users\Craig\DownloadsLoaded Profiles: Craig & (Available Profiles: Craig)Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe(AMD) C:\Windows\System32\atieclxx.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-27] (AVAST Software)HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-09] (AVAST Software)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CS Connect Background Services.lnk [2015-01-04]ShortcutTarget: CS Connect Background Services.lnk -> C:\WinCSI\Tools\connectbgdl.exe (Thomson Reuters)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2014-10-07]ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation)Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{772947BF-5390-4EE5-989C-1FB9E09A5012}: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{D18B3B5B-FD3B-48BC-BE92-956EE68C6304}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-80377031-1086190703-3473258205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-80377031-1086190703-3473258205-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchBHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-09] (AVAST Software)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-09] (AVAST Software)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-14] (Microsoft Corporation) FireFox:========FF ProfilePath: C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\2u13o25t.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-14] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-80377031-1086190703-3473258205-1000: @adobe.com/Acrobat,version=5.1 -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll [2002-08-11] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-80377031-1086190703-3473258205-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Craig\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-14] (Citrix Online)FF Plugin HKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @adobe.com/Acrobat,version=5.1 -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll [2002-08-11] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-80377031-1086190703-3473258205-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Craig\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-14] (Citrix Online)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2002-08-11] (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-13] Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No FileCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No FileCHR Plugin: (Java Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No FileCHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Craig\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No FileCHR Profile: C:\Users\Craig\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13]CHR Extension: (Google Drive) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13]CHR Extension: (YouTube) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13]CHR Extension: (Google Search) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13]CHR Extension: (Google Docs Offline) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]CHR Extension: (Chrome Web Store Payments) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]CHR Extension: (Gmail) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-10] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-09] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-08-09] (AVAST Software)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-01-14] (National Instruments, Inc.)R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation)R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-12-10] (National Instruments Corporation)S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-12-10] (National Instruments Corporation)R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation)R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-12-10] (National Instruments Corporation)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-09] (AVAST Software)R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-09] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-09] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-08-09] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-09] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-09] (AVAST Software)R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-09] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-09] (AVAST Software)S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-04] (The OpenVPN Project)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-09] (AVAST Software)S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-09] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-09 10:44 - 2015-09-09 10:46 - 00019661 _____ C:\Users\Craig\Downloads\FRST.txt2015-09-09 10:43 - 2015-09-09 10:44 - 00000000 ____D C:\FRST2015-09-09 10:43 - 2015-09-09 10:43 - 02190336 _____ (Farbar) C:\Users\Craig\Downloads\FRST64.exe2015-09-08 17:53 - 2015-09-08 17:58 - 00003220 _____ C:\Windows\System32\Tasks\NIUpdateServiceRetryCheckTask2015-09-08 16:19 - 2015-09-08 16:19 - 00110568 _____ C:\Users\Craig\AppData\Local\GDIPFONTCACHEV1.DAT2015-09-08 15:01 - 2015-08-05 10:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll2015-09-08 15:01 - 2015-08-05 10:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2015-09-08 15:01 - 2015-08-05 10:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll2015-09-08 15:01 - 2015-08-05 10:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll2015-09-08 15:00 - 2015-08-17 18:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-09-08 15:00 - 2015-08-17 18:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-09-08 15:00 - 2015-08-14 23:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-09-08 15:00 - 2015-08-14 23:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-09-08 15:00 - 2015-08-14 23:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-09-08 15:00 - 2015-08-14 23:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-09-08 15:00 - 2015-08-14 23:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-09-08 15:00 - 2015-08-14 22:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-09-08 15:00 - 2015-08-14 22:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-09-08 15:00 - 2015-08-14 22:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-09-08 15:00 - 2015-08-14 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-09-08 15:00 - 2015-08-14 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-09-08 15:00 - 2015-08-14 22:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-09-08 15:00 - 2015-08-14 22:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-09-08 15:00 - 2015-08-14 22:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-09-08 15:00 - 2015-08-14 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-09-08 15:00 - 2015-08-14 22:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-09-08 15:00 - 2015-08-14 22:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-09-08 15:00 - 2015-08-14 22:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-09-08 15:00 - 2015-08-14 22:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-09-08 15:00 - 2015-08-14 21:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-09-08 15:00 - 2015-08-14 21:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-09-08 15:00 - 2015-08-14 21:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-09-08 15:00 - 2015-07-14 20:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2015-09-08 15:00 - 2015-07-14 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2015-09-08 15:00 - 2015-07-09 10:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll2015-09-08 15:00 - 2015-07-09 10:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll2015-09-08 15:00 - 2015-07-09 10:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll2015-09-08 15:00 - 2015-07-09 10:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll2015-09-08 14:59 - 2015-08-14 23:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-09-08 14:59 - 2015-08-14 23:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-09-08 14:59 - 2015-08-14 23:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-09-08 14:59 - 2015-08-14 23:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-09-08 14:59 - 2015-08-14 23:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-09-08 14:59 - 2015-08-14 23:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-09-08 14:59 - 2015-08-14 23:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-09-08 14:59 - 2015-08-14 23:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-09-08 14:59 - 2015-08-14 23:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-09-08 14:59 - 2015-08-14 23:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-09-08 14:59 - 2015-08-14 23:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-09-08 14:59 - 2015-08-14 23:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-09-08 14:59 - 2015-08-14 23:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-09-08 14:59 - 2015-08-14 22:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-09-08 14:59 - 2015-08-14 22:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-09-08 14:59 - 2015-08-14 22:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-09-08 14:59 - 2015-08-14 22:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-09-08 14:59 - 2015-08-14 22:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-09-08 14:59 - 2015-08-14 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-09-08 14:59 - 2015-08-14 22:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-09-08 14:59 - 2015-08-14 22:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-09-08 14:59 - 2015-08-14 22:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-09-08 14:59 - 2015-08-14 22:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-09-08 14:59 - 2015-08-14 22:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-09-08 14:59 - 2015-08-14 22:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-09-08 14:59 - 2015-08-14 22:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-09-08 14:59 - 2015-08-14 22:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-09-08 14:59 - 2015-08-14 22:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-09-08 14:59 - 2015-08-14 22:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-09-08 14:59 - 2015-08-14 22:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-09-08 14:59 - 2015-08-14 22:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-09-08 14:59 - 2015-08-14 22:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-09-08 14:59 - 2015-08-14 22:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-09-08 14:59 - 2015-08-14 22:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-09-08 14:59 - 2015-08-14 22:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-09-08 14:59 - 2015-08-14 21:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-09-08 14:59 - 2015-08-14 21:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-09-08 14:59 - 2015-07-22 17:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-09-08 14:59 - 2015-07-22 17:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-09-08 14:59 - 2015-07-22 17:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-09-08 14:59 - 2015-07-22 17:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-09-08 14:59 - 2015-07-22 17:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2015-09-08 14:59 - 2015-07-22 17:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2015-09-08 14:59 - 2015-07-22 17:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2015-09-08 14:59 - 2015-07-22 17:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2015-09-08 14:59 - 2015-07-22 17:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-09-08 14:59 - 2015-07-22 17:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll2015-09-08 14:59 - 2015-07-22 17:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2015-09-08 14:59 - 2015-07-22 17:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-09-08 14:59 - 2015-07-22 17:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2015-09-08 14:59 - 2015-07-22 17:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2015-09-08 14:59 - 2015-07-22 17:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2015-09-08 14:59 - 2015-07-22 17:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2015-09-08 14:59 - 2015-07-22 17:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2015-09-08 14:59 - 2015-07-22 17:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2015-09-08 14:59 - 2015-07-22 16:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2015-09-08 14:59 - 2015-07-22 16:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 16:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-09-08 14:59 - 2015-07-22 10:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-09-08 14:59 - 2015-07-22 10:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-09-08 14:59 - 2015-07-22 10:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-09-08 14:59 - 2015-07-22 10:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-09-08 14:59 - 2015-07-22 10:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2015-09-08 14:59 - 2015-07-22 10:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2015-09-08 14:59 - 2015-07-22 10:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2015-09-08 14:59 - 2015-07-22 10:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-09-08 14:59 - 2015-07-22 10:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-09-08 14:59 - 2015-07-22 10:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-09-08 14:59 - 2015-07-22 10:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-09-08 14:59 - 2015-07-22 10:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-09-08 14:59 - 2015-07-22 10:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 10:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 09:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll2015-09-08 14:59 - 2015-07-22 09:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2015-09-08 14:59 - 2015-07-22 09:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2015-09-08 14:59 - 2015-07-22 09:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2015-09-08 14:59 - 2015-07-22 09:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-09-08 14:59 - 2015-07-22 09:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-09-08 14:59 - 2015-07-22 09:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-09-08 14:59 - 2015-07-22 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-09-08 14:58 - 2015-08-27 11:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll2015-09-08 14:58 - 2015-08-27 11:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2015-09-08 14:58 - 2015-08-27 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll2015-09-08 14:58 - 2015-08-27 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2015-09-08 14:58 - 2015-08-27 10:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2015-09-08 14:58 - 2015-08-27 10:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2015-09-08 14:58 - 2015-08-27 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll2015-09-08 14:58 - 2015-08-27 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2015-09-08 14:58 - 2015-06-25 03:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2015-09-08 14:58 - 2015-06-25 03:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2015-09-08 14:58 - 2015-06-25 03:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll2015-09-08 14:58 - 2015-06-25 02:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2015-09-08 14:57 - 2015-09-01 20:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll2015-09-08 14:57 - 2015-09-01 20:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-09-08 14:57 - 2015-09-01 20:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll2015-09-08 14:57 - 2015-09-01 20:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll2015-09-08 14:57 - 2015-09-01 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll2015-09-08 14:57 - 2015-09-01 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2015-09-08 14:57 - 2015-09-01 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll2015-09-08 14:57 - 2015-09-01 19:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll2015-09-08 14:57 - 2015-09-01 18:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-09-08 14:57 - 2015-09-01 18:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-09-08 14:57 - 2015-09-01 18:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2015-09-08 14:57 - 2015-08-26 11:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-09-08 14:57 - 2015-08-26 11:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-09-08 14:57 - 2015-08-26 11:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-09-08 14:57 - 2015-08-26 11:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-09-08 14:57 - 2015-08-26 11:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-09-08 14:57 - 2015-08-26 11:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-09-08 14:57 - 2015-08-26 11:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-09-08 14:57 - 2015-08-26 11:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-09-08 14:57 - 2015-08-26 11:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-09-08 14:57 - 2015-08-26 11:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-09-08 14:57 - 2015-08-26 11:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-09-08 14:57 - 2015-08-26 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-09-08 14:57 - 2015-08-26 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-09-08 14:57 - 2015-08-26 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-09-08 14:57 - 2015-08-26 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-09-08 14:57 - 2015-08-26 10:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-09-08 14:57 - 2015-08-04 11:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi2015-09-08 14:57 - 2015-08-04 11:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi2015-09-08 14:57 - 2015-08-04 10:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll2015-09-08 14:57 - 2015-08-04 10:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2015-09-08 14:57 - 2015-08-04 10:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2015-09-08 14:57 - 2015-08-04 10:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe2015-09-08 14:57 - 2015-08-04 10:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe2015-09-08 14:57 - 2015-08-04 10:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll2015-09-08 14:57 - 2015-08-04 09:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys2015-09-07 05:35 - 2015-09-07 05:36 - 00000000 ___HD C:\$Windows.~BT2015-09-06 11:35 - 2015-09-08 17:44 - 00001088 _____ C:\Windows\setupact.log2015-09-06 11:35 - 2015-09-06 11:35 - 00003070 _____ C:\Windows\PFRO.log2015-09-06 11:35 - 2015-09-06 11:35 - 00000000 _____ C:\Windows\setuperr.log2015-08-25 10:56 - 2015-08-25 10:56 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2015-08-25 10:56 - 2015-08-25 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2015-08-25 10:55 - 2015-08-25 10:56 - 00000000 ____D C:\Program Files (x86)\QuickTime2015-08-17 13:36 - 2015-08-17 13:36 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk2015-08-17 13:36 - 2015-08-17 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-08-17 13:35 - 2015-08-17 13:36 - 00000000 ____D C:\Program Files\iTunes2015-08-17 13:35 - 2015-08-17 13:35 - 00000000 ____D C:\Program Files\iPod2015-08-17 13:35 - 2015-08-17 13:35 - 00000000 ____D C:\Program Files (x86)\iTunes2015-08-16 14:39 - 2015-08-16 14:39 - 00076280 _____ C:\Users\Craig\Downloads\275-059--Dayton-Audio-ND25FA-4_data (1).zip2015-08-15 11:44 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-08-15 11:44 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-08-14 08:46 - 2015-08-14 08:46 - 00076280 _____ C:\Users\Craig\Downloads\275-059--Dayton-Audio-ND25FA-4_data.zip2015-08-14 07:09 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2015-08-14 07:09 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-08-14 07:09 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-08-14 07:09 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-08-14 07:09 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-08-14 07:09 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-08-14 07:09 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-08-14 07:09 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-08-14 07:09 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2015-08-14 07:09 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll2015-08-14 07:09 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2015-08-14 07:09 - 2015-07-16 12:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2015-08-14 07:09 - 2015-07-16 12:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll2015-08-14 07:09 - 2015-07-16 12:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll2015-08-14 07:09 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys2015-08-14 07:09 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll2015-08-14 07:09 - 2015-07-11 06:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe2015-08-14 07:08 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll2015-08-14 07:08 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll2015-08-14 07:07 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe2015-08-14 07:07 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe2015-08-14 07:07 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe2015-08-14 07:06 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2015-08-14 07:06 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-08-14 07:06 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-08-14 07:06 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2015-08-14 07:06 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-08-14 07:06 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2015-08-14 07:06 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2015-08-14 07:06 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll2015-08-14 07:06 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll2015-08-14 07:06 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll2015-08-14 07:06 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-09 10:44 - 2014-01-13 20:42 - 02092282 _____ C:\Windows\WindowsUpdate.log2015-09-09 10:43 - 2009-07-13 21:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-09-09 10:43 - 2009-07-13 21:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-09-09 10:38 - 2014-01-13 21:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-09-09 10:37 - 2014-01-13 23:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update2015-09-09 10:34 - 2014-08-14 17:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-09-09 10:34 - 2014-01-13 21:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-09-08 19:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF2015-09-08 17:53 - 2014-01-13 21:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-09-08 17:50 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI2015-09-08 17:44 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-09-08 17:44 - 2009-07-13 21:45 - 00413568 _____ C:\Windows\system32\FNTCACHE.DAT2015-09-08 17:41 - 2009-07-14 00:46 - 00000000 ____D C:\Program Files\Windows Journal2015-09-08 17:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions2015-09-08 16:50 - 2014-01-20 12:48 - 00000000 ____D C:\Windows\system32\MRT2015-09-08 14:57 - 2014-01-13 20:38 - 00000000 ____D C:\Windows\Panther2015-09-06 11:36 - 2014-01-13 21:19 - 00000000 ____D C:\Users\Craig2015-09-06 10:51 - 2014-06-21 09:02 - 00000000 ____D C:\Users\Craig\AppData\Local\CrashDumps2015-09-05 11:45 - 2014-09-14 18:02 - 00003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCraig2015-09-05 11:45 - 2014-09-14 18:02 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForCraig.job2015-09-03 11:24 - 2015-05-01 12:20 - 00000000 ____D C:\Users\Craig\Desktop\Sher-Thai maintenace old2015-09-03 11:24 - 2015-04-28 10:52 - 00000000 ____D C:\Users\Craig\Desktop\Sher-Thai maintenance2015-08-27 14:13 - 2014-01-13 21:34 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-08-27 14:13 - 2014-01-13 21:34 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-08-26 18:37 - 2014-01-20 12:48 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-08-24 12:04 - 2015-06-14 13:34 - 00000000 ____D C:\Program Files\Microsoft Office 152015-08-17 13:35 - 2014-01-13 22:45 - 00000000 ____D C:\Program Files\Common Files\Apple2015-08-15 12:07 - 2014-01-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-08-15 12:07 - 2014-01-13 22:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-08-15 12:04 - 2015-04-14 18:51 - 00000000 ____D C:\Windows\system32\appraiser2015-08-15 12:04 - 2014-05-07 06:34 - 00000000 ___SD C:\Windows\system32\CompatTel2015-08-15 11:44 - 2014-01-13 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-08-14 07:00 - 2014-01-13 23:01 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2015-08-12 10:26 - 2014-01-13 21:33 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-08-12 10:26 - 2014-01-13 21:33 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-12 10:26 - 2014-01-13 21:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-08-10 14:08 - 2014-02-04 13:25 - 00000000 ____D C:\Program Files (x86)\SlimCleaner ==================== Files in the root of some directories ======= 2014-09-20 18:10 - 2015-04-16 15:27 - 0007623 _____ () C:\Users\Craig\AppData\Local\Resmon.ResmonCfg2014-10-24 10:44 - 2014-10-24 10:44 - 0000000 _____ () C:\Users\Craig\AppData\Local\{B1282B60-16BE-4423-9AD7-42B002C4DD45} Some files in TEMP:====================C:\Users\Craig\AppData\Local\Temp\connectbgdl.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-06 15:43 ==================== End of FRST.txt ============================ Addition.txt
  8. The hard drive has definitely calmed down. I may have just been being hyper vigilant but I've learned not to ignore unusual activities. Thanks so much for the help!
  9. Files attached......... Malwarebytes Scan.txt ComboFix.txt
  10. New FRST.txt and Addition.txt attached as requested. Addition.txt FRST.txt
  11. My hard drive seems to be working much harder than it should and I'm concerned it may be infected. FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015 Ran by Craig (administrator) on CRAIG-PC on 21-04-2015 09:44:24Running from C:\Users\Craig\DownloadsLoaded Profiles: Craig (Available profiles: Craig)Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(AMD) C:\Windows\System32\atieclxx.exe(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe(Thomson Reuters) C:\Users\Craig\AppData\Local\Temp\ConnectBGDL.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-05] (Avast Software s.r.o.)HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\97e5c1a7-76f3-4e5d-8f28-5ac7db44b2f7.exe [183232 2015-04-21] (AVAST Software)HKU\S-1-5-21-80377031-1086190703-3473258205-1000\...\Policies\Explorer: [NoInternetOpenWith] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CS Connect Background Services.lnk [2015-01-04]ShortcutTarget: CS Connect Background Services.lnk -> C:\WinCSI\Tools\connectbgdl.exe (Thomson Reuters)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2014-10-07]ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-05] (Avast Software s.r.o.)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-80377031-1086190703-3473258205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-80377031-1086190703-3473258205-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-05] (Avast Software s.r.o.)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-05] (Avast Software s.r.o.)Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF ProfilePath: C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\2u13o25t.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-80377031-1086190703-3473258205-1000: @adobe.com/Acrobat,version=5.1 -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll [2002-08-11] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-80377031-1086190703-3473258205-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Craig\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-14] (Citrix Online)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2002-08-11] (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-13]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No FileCHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No FileCHR Plugin: (Java Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No FileCHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Craig\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No FileCHR Profile: C:\Users\Craig\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13]CHR Extension: (Google Drive) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13]CHR Extension: (YouTube) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13]CHR Extension: (Google Search) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]CHR Extension: (Google Wallet) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]CHR Extension: (Gmail) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-05] (Avast Software s.r.o.)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-05] (Avast Software s.r.o.)R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-01-14] (National Instruments, Inc.)R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation)R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-12-10] (National Instruments Corporation)S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-12-10] (National Instruments Corporation)R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation)R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-12-10] (National Instruments Corporation)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-05] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-05] (Avast Software s.r.o.)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-05] (Avast Software s.r.o.)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-05] (Avast Software s.r.o.)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-05] (Avast Software s.r.o.)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-05] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-05] (Avast Software s.r.o.)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-05] (Avast Software s.r.o.)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-05] (Avast Software s.r.o.)S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-04] (The OpenVPN Project)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-05] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-21] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-21 09:44 - 2015-04-21 09:45 - 00017732 _____ () C:\Users\Craig\Downloads\FRST.txt2015-04-21 09:44 - 2015-04-21 09:44 - 00000000 ____D () C:\FRST2015-04-21 09:43 - 2015-04-21 09:43 - 02099712 _____ (Farbar) C:\Users\Craig\Downloads\FRST64.exe2015-04-14 18:51 - 2015-04-14 18:51 - 00000000 ____D () C:\Windows\system32\appraiser2015-04-14 12:35 - 2015-03-24 20:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-04-14 12:35 - 2015-03-24 20:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-04-14 12:35 - 2015-03-24 20:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-04-14 12:35 - 2015-03-24 20:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-04-14 12:35 - 2015-03-24 20:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-04-14 12:35 - 2015-03-24 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-04-14 12:35 - 2015-03-24 20:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-04-14 12:35 - 2015-03-24 20:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-04-14 12:35 - 2015-03-24 20:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-04-14 12:35 - 2015-03-24 20:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-04-14 12:35 - 2015-03-24 20:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-04-14 12:35 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-04-14 12:35 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-04-14 12:35 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-04-14 12:35 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-04-14 12:35 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-04-14 12:35 - 2015-03-22 20:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-04-14 12:35 - 2015-03-22 20:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-04-14 12:35 - 2015-03-22 20:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-04-14 12:35 - 2015-03-22 20:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-04-14 12:35 - 2015-03-22 20:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-04-14 12:35 - 2015-03-22 20:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2015-04-14 12:35 - 2015-03-22 20:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-04-14 12:35 - 2015-03-22 20:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-04-14 12:35 - 2015-03-16 22:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-04-14 12:35 - 2015-03-16 22:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-04-14 12:35 - 2015-03-16 22:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-04-14 12:35 - 2015-03-16 22:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-04-14 12:35 - 2015-03-16 22:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2015-04-14 12:35 - 2015-03-16 22:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2015-04-14 12:35 - 2015-03-16 22:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2015-04-14 12:35 - 2015-03-16 22:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-04-14 12:35 - 2015-03-16 22:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-04-14 12:35 - 2015-03-16 22:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2015-04-14 12:35 - 2015-03-16 22:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2015-04-14 12:35 - 2015-03-16 22:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2015-04-14 12:35 - 2015-03-16 22:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2015-04-14 12:35 - 2015-03-16 22:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2015-04-14 12:35 - 2015-03-16 22:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2015-04-14 12:35 - 2015-03-16 22:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-04-14 12:35 - 2015-03-16 22:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-04-14 12:35 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-04-14 12:35 - 2015-03-16 21:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-04-14 12:35 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-04-14 12:35 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-04-14 12:35 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-04-14 12:35 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-04-14 12:35 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-04-14 12:35 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-04-14 12:35 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-04-14 12:35 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-04-14 12:35 - 2015-03-16 21:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-04-14 12:35 - 2015-03-16 21:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2015-04-14 12:35 - 2015-03-16 21:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2015-04-14 12:35 - 2015-03-16 21:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-04-14 12:35 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-04-14 12:35 - 2015-03-16 21:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-04-14 12:35 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-04-14 12:35 - 2015-03-16 21:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-04-14 12:35 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-04-14 12:35 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-04-14 12:35 - 2015-03-16 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-04-14 12:35 - 2015-03-16 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-04-14 12:35 - 2015-03-16 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-04-14 12:35 - 2015-03-09 20:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2015-04-14 12:35 - 2015-03-09 20:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2015-04-14 12:35 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2015-04-14 12:35 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2015-04-14 12:35 - 2015-03-04 22:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2015-04-14 12:35 - 2015-03-04 21:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2015-04-14 12:35 - 2015-01-27 16:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe2015-04-14 12:34 - 2015-04-01 17:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-04-14 12:34 - 2015-04-01 16:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-04-14 12:34 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-04-14 12:34 - 2015-03-12 21:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-04-14 12:34 - 2015-03-12 21:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-04-14 12:34 - 2015-03-12 21:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-04-14 12:34 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-04-14 12:34 - 2015-03-12 21:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-04-14 12:34 - 2015-03-12 21:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-04-14 12:34 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-04-14 12:34 - 2015-03-12 21:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-04-14 12:34 - 2015-03-12 21:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-04-14 12:34 - 2015-03-12 20:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-04-14 12:34 - 2015-03-12 20:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-04-14 12:34 - 2015-03-12 20:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-04-14 12:34 - 2015-03-12 20:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-04-14 12:34 - 2015-03-12 20:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-04-14 12:34 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-04-14 12:34 - 2015-03-12 20:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-04-14 12:34 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-04-14 12:34 - 2015-03-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-04-14 12:34 - 2015-03-12 20:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-04-14 12:34 - 2015-03-12 20:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-04-14 12:34 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-04-14 12:34 - 2015-03-12 20:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-04-14 12:34 - 2015-03-12 20:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-04-14 12:34 - 2015-03-12 20:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-04-14 12:34 - 2015-03-12 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-04-14 12:34 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-04-14 12:34 - 2015-03-12 20:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-04-14 12:34 - 2015-03-12 20:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-04-14 12:34 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-04-14 12:34 - 2015-03-12 20:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-04-14 12:34 - 2015-03-12 20:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-04-14 12:34 - 2015-03-12 20:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-04-14 12:34 - 2015-03-12 20:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-04-14 12:34 - 2015-03-12 20:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-04-14 12:34 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-04-14 12:34 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-04-14 12:34 - 2015-03-12 20:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-04-14 12:34 - 2015-03-12 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-04-14 12:34 - 2015-03-12 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-04-14 12:34 - 2015-03-12 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-04-14 12:34 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-04-14 12:34 - 2015-03-12 19:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-04-14 12:34 - 2015-03-12 19:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-04-14 12:34 - 2015-03-12 19:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-04-14 12:34 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-04-14 12:34 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-04-14 12:34 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-04-14 12:34 - 2015-03-12 19:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-04-14 12:34 - 2015-03-12 19:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-04-14 12:34 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-04-14 12:34 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-04-14 12:34 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-04-14 12:34 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-04-14 12:34 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-04-14 12:34 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-04-14 12:34 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys2015-04-14 12:33 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys2015-04-14 12:33 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll2015-04-14 12:33 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll2015-04-14 10:50 - 2015-04-14 10:50 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk2015-04-14 10:50 - 2015-04-14 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-04-14 10:48 - 2015-04-14 10:50 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72015-04-14 10:48 - 2015-04-14 10:50 - 00000000 ____D () C:\Program Files\iTunes2015-04-14 10:48 - 2015-04-14 10:48 - 00000000 ____D () C:\Program Files\iPod2015-04-14 10:48 - 2015-04-14 10:48 - 00000000 ____D () C:\Program Files (x86)\iTunes2015-04-05 11:39 - 2015-04-05 11:39 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys2015-04-05 11:39 - 2015-04-05 11:39 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe2015-04-05 11:39 - 2015-04-05 11:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr2015-04-05 10:37 - 2015-04-05 10:38 - 00000000 ___SD () C:\Windows\system32\GWX2015-04-05 10:37 - 2015-04-05 10:37 - 00000000 ___SD () C:\Windows\SysWOW64\GWX2015-04-01 14:43 - 2015-04-01 14:43 - 00000050 _____ () C:\Users\Craig\Downloads\text_0 (1).txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-21 09:07 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-04-21 09:07 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-04-21 09:03 - 2014-08-14 17:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-04-21 09:03 - 2014-01-13 21:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-04-21 09:02 - 2014-01-13 20:42 - 01990337 _____ () C:\Windows\WindowsUpdate.log2015-04-21 08:59 - 2014-01-13 21:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-04-21 08:58 - 2014-09-15 10:20 - 00007814 _____ () C:\Windows\setupact.log2015-04-21 08:58 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-04-21 08:56 - 2014-01-13 21:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-04-20 02:45 - 2014-01-13 23:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2015-04-19 10:21 - 2014-09-14 18:02 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCraig2015-04-19 10:21 - 2014-09-14 18:02 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCraig.job2015-04-16 15:27 - 2014-09-20 18:10 - 00007623 _____ () C:\Users\Craig\AppData\Local\Resmon.ResmonCfg2015-04-15 10:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat2015-04-14 18:51 - 2014-05-07 06:34 - 00000000 ___SD () C:\Windows\system32\CompatTel2015-04-14 15:16 - 2014-01-14 00:04 - 00775084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-04-14 15:16 - 2009-07-13 22:13 - 00775084 _____ () C:\Windows\system32\PerfStringBackup.INI2015-04-14 15:12 - 2014-01-20 12:48 - 00000000 ____D () C:\Windows\system32\MRT2015-04-14 15:04 - 2014-01-20 12:48 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-04-14 13:56 - 2014-01-13 21:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-04-14 13:56 - 2014-01-13 21:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-04-14 13:56 - 2014-01-13 21:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-04-14 10:48 - 2014-01-13 22:45 - 00000000 ____D () C:\Program Files\Common Files\Apple2015-04-05 11:50 - 2014-01-13 22:14 - 00355644 _____ () C:\Windows\PFRO.log2015-04-05 11:39 - 2014-12-19 11:33 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys2015-04-05 11:39 - 2014-04-21 09:02 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys2015-04-05 11:39 - 2014-01-13 23:02 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys2015-04-05 11:39 - 2014-01-13 23:01 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys2015-04-05 11:39 - 2014-01-13 23:01 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys2015-04-05 11:39 - 2014-01-13 23:01 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys2015-04-05 11:39 - 2014-01-13 23:01 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys2015-04-05 11:39 - 2014-01-13 23:01 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys2015-04-05 11:39 - 2014-01-13 23:01 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2015-04-03 17:31 - 2015-03-19 15:09 - 00000000 ____D () C:\Users\Craig\Desktop\Audio2015-03-23 09:09 - 2014-10-18 16:30 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-03-23 09:09 - 2014-08-14 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-03-23 09:09 - 2014-08-14 17:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware ==================== Files in the root of some directories ======= 2014-09-20 18:10 - 2015-04-16 15:27 - 0007623 _____ () C:\Users\Craig\AppData\Local\Resmon.ResmonCfg2014-10-24 10:44 - 2014-10-24 10:44 - 0000000 _____ () C:\Users\Craig\AppData\Local\{B1282B60-16BE-4423-9AD7-42B002C4DD45} Some content of TEMP:====================C:\Users\Craig\AppData\Local\Temp\8w7qikz5.dllC:\Users\Craig\AppData\Local\Temp\ConnectBGDL.exeC:\Users\Craig\AppData\Local\Temp\ejjymxe1.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 10:16 ==================== End Of Log ============================ Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015Ran by Craig at 2015-04-21 09:45:46Running from C:\Users\Craig\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.1 - Adobe Systems, Inc.)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)DAO 3.5 (HKLM-x32\...\DAO 3.5) (Version: - )Fixed Assets CS (HKLM-x32\...\Fixed Assets CS) (Version: 13.1.0 - Thomson Reuters)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenHewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)Infragisticsv112Install 2013 (HKLM-x32\...\{E20658ED-E86A-4681-9649-2AB8151B4ADF}) (Version: 13.1.0 - Thomson Reuters)iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)K-Lite Codec Pack 10.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)Math Kernel Libraries (64-bit) (Version: 1.0.33.0 - National Instruments) HiddenMath Kernel Libraries (64-bit) (Version: 13.0.13 - National Instruments) HiddenMath Kernel Libraries (64-bit) (Version: 14.0.6 - National Instruments) HiddenMath Kernel Libraries (x32 Version: 1.0.33.0 - National Instruments) HiddenMath Kernel Libraries (x32 Version: 13.0.13 - National Instruments) HiddenMath Kernel Libraries (x32 Version: 14.0.6 - National Instruments) HiddenMicrosoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)MiniDSP-2way (HKLM-x32\...\MiniDSP-2way.93B26324F3B23983B479A8A5CBA0BA67786239FC.1) (Version: v1.02 - UNKNOWN)MiniDSP-2way (x32 Version: 1.02 - UNKNOWN) HiddenMultiSIM BLUE (HKLM-x32\...\{1EF30C5F-D263-48D3-8CFB-A9B4150F7CD6}) (Version: 1.0.0 - Mouser Electronics)National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) HiddenNI .NET Framework 4.0 (x32 Version: 4.01.49152 - National Instruments) HiddenNI ActiveX Container (64-bit) (Version: 14.0.5 - National Instruments) HiddenNI ActiveX Container (x32 Version: 14.0.5 - National Instruments) HiddenNI Authentication 13.5.0 (64-bit) (Version: 13.5.70 - National Instruments) HiddenNI Authentication 13.5.0 (x32 Version: 13.5.70 - National Instruments) HiddenNI Curl 14.0.0 (64-bit) (Version: 14.0.294 - National Instruments) HiddenNI Curl 2014 (x32 Version: 14.0.295 - National Instruments) HiddenNI Error Reporting 2013 SP1 (x32 Version: 13.1.98 - National Instruments) HiddenNI Error Reporting Interface 14.0 (x32 Version: 14.0.241 - National Instruments) HiddenNI Error Reporting Interface 14.0 for Windows (64-bit) (Version: 14.0.241 - National Instruments) HiddenNI EulaDepot (x32 Version: 3.30.274 - National Instruments) HiddenNI GMP Windows 32-bit Installer 13.5.0 (x32 Version: 13.50.15 - National Instruments) HiddenNI GMP Windows 64-bit Installer 13.5.0 (Version: 13.50.15 - National Instruments) HiddenNI Help Assistant 2.0 (64bit) (Version: 2.0.3 - National Instruments) HiddenNI Help Assistant 2.0 (x32 Version: 2.0.3 - National Instruments) HiddenNI LabVIEW 2012 Real-Time NBFifo (x32 Version: 12.0.219.0 - National Instruments) HiddenNI LabVIEW 2012 Real-Time NBFifo (x32 Version: 13.0.336 - National Instruments) HiddenNI LabVIEW 2012 Run-Time Engine Web Server (x32 Version: 12.5.198.0 - National Instruments) HiddenNI LabVIEW 2012 SP1 Run-Time Engine Non-English Support. (x32 Version: 12.1.52.0 - National Instruments) HiddenNI LabVIEW 2013 Deployment Framework (x32 Version: 13.0.428 - National Instruments) HiddenNI LabVIEW 2013 Run-Time Engine Web Server (x32 Version: 13.5.27 - National Instruments) HiddenNI LabVIEW 2013 SP1 Run-Time Engine Non-English Support. (x32 Version: 13.1.99 - National Instruments) HiddenNI LabVIEW Run-Time Engine 2012 SP1 f9 (x32 Version: 12.1.72.0 - National Instruments) HiddenNI LabVIEW Run-Time Engine 2013 SP1 f5 (x32 Version: 13.1.120 - National Instruments) HiddenNI LabVIEW Run-Time Engine Interop 2012 SP1 (x32 Version: 12.1.72.0 - National Instruments) HiddenNI LabVIEW Run-Time Engine Interop 2013 (x32 Version: 13.1.120 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 .NET Library (64-bit) (Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 .NET Library (x32 Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 Analysis Library (64-bit) (Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 Analysis Library (x32 Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 Low-Level Driver (Original) (x32 Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 Low-Level Driver (Updated) (x32 Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 Network Streams Library (64-bit) (Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 Network Streams Library (x32 Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 Network Variable Library (64-bit) (Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 Network Variable Library (x32 Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 TDMS Library (64-bit) (Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI 2013 SP2 TDMS Library (x32 Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI Run-Time Engine 2013 SP2 (Updated) (x32 Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI Shared Run-Time Engine 2013 SP2 (64-bit) (Version: 13.0.2278 - National Instruments) HiddenNI LabWindows/CVI Shared Run-Time Engine 2013 SP2 (x32 Version: 13.0.2278 - National Instruments) HiddenNI Launcher (x32 Version: 3.30.276 - National Instruments) HiddenNI License Manager (x32 Version: 3.7.73 - National Instruments) HiddenNI Logos 5.6 (64-bit) (Version: 5.6.254 - National Instruments) HiddenNI Logos 5.6 (x32 Version: 5.6.254 - National Instruments) HiddenNI Logos XT Support (x32 Version: 5.6.253 - National Instruments) HiddenNI Logos64 XT Support (Version: 5.6.253 - National Instruments) HiddenNI Math Kernel Libraries (x32 Version: 1.0.861.0 - National Instruments) HiddenNI MAX Remote Configuration 64-bit Installer 14.0 (Version: 14.00.49152 - National Instruments) HiddenNI MAX Remote Configuration Installer 14.0 (x32 Version: 14.00.49152 - National Instruments) HiddenNI MDF Support (x32 Version: 3.30.274 - National Instruments) HiddenNI mDNS Responder 2.2 for Windows 64-bit (Version: 2.20.49152 - National Instruments) HiddenNI mDNS Responder 2.2.0 (x32 Version: 2.20.49152 - National Instruments) HiddenNI Measurement Studio ComponentWorks 3D Graph (x32 Version: 8.6.10603 - National Instruments) HiddenNI MetaSuite Installer (x32 Version: 3.30.276 - National Instruments) HiddenNI Multisim Component Evaluator 13.0.1 Core (x32 Version: 13.0.1168 - National Instruments) HiddenNI Multisim Component Evaluator 13.0.1 Ultiboard Core (x32 Version: 13.0.1168 - National Instruments) HiddenNI Multisim Component Evaluator Mouser Electronics Edition 13.0.1 (x32 Version: 13.0.1168 - National Instruments) HiddenNI Multisim Component Evaluator Mouser Electronics Edition Licenses (x32 Version: 13.0.1168 - National Instruments) HiddenNI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) HiddenNI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) HiddenNI Service Locator 13.5 (x32 Version: 13.5.70 - National Instruments) HiddenNI SSL LabVIEW RTE 2012 SP1 Support (x32 Version: 12.5.8.0 - National Instruments) HiddenNI SSL LabVIEW RTE 2013 SP1 Support (x32 Version: 13.5.27 - National Instruments) HiddenNI SSL Support (64-bit) (Version: 14.0.303 - National Instruments) HiddenNI SSL Support (x32 Version: 14.0.303 - National Instruments) HiddenNI System API Windows 32-bit 14.0.0 (x32 Version: 14.0.302 - National Instruments) HiddenNI System API Windows 64-bit 14.0.0 (Version: 14.0.302 - National Instruments) HiddenNI System State Publisher (64-bit) (Version: 13.1.97 - National Instruments) HiddenNI System State Publisher (x32 Version: 13.1.97 - National Instruments) HiddenNI System Web Server 13.5 (x32 Version: 13.5.69 - National Instruments) HiddenNI System Web Server Base 13.5.0 (64-bit) (Version: 13.5.69 - National Instruments) HiddenNI System Web Server Base 13.5.0 (x32 Version: 13.5.69 - National Instruments) HiddenNI TDM Streaming 14.0 (64-bit) (Version: 14.0.43 - National Instruments) HiddenNI TDM Streaming 14.0 (x32 Version: 14.0.43 - National Instruments) HiddenNI Trace Engine (64-bit) (Version: 13.5.69 - National Instruments) HiddenNI Trace Engine (x32 Version: 13.5.69 - National Instruments) HiddenNI Uninstaller (x32 Version: 3.30.274 - National Instruments) HiddenNI Update Service 2014 (64-bit) (Version: 14.0.34 - National Instruments) HiddenNI Update Service 2014 (x32 Version: 14.0.34 - National Instruments) HiddenNI USI 14.0.0 (x32 Version: 14.0.05640 - National Instruments) HiddenNI USI 14.0.0 64-bit (Version: 14.0.05640 - National Instruments) HiddenNI VC2005MSMs x64 (Version: 8.05.0 - National Instruments) HiddenNI VC2005MSMs x86 (x32 Version: 8.05.0 - National Instruments) HiddenNI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) HiddenNI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) HiddenNI VC2010SP1MSMs x64 (Version: 10.0.100 - National Instruments) HiddenNI VC2010SP1MSMs x86 (x32 Version: 10.0.100 - National Instruments) HiddenNI Visual C++ 2008 Redistributable Package (x32 Version: 9.00.49152 - National Instruments) HiddenNI Visual C++ 2010 Redistributable Package (x32 Version: 10.10.16385 - National Instruments) HiddenNI Web Application Server 13.5 (64-bit) (Version: 13.5.70 - National Instruments) HiddenNI Web Application Server 13.5 (x32 Version: 13.5.70 - National Instruments) HiddenNI-Mesa (Version: 13.0.3 - National Instruments) HiddenNI-Mesa (x32 Version: 13.0.3 - National Instruments) HiddenNI-RPC 14.0.0f0 (x32 Version: 14.00.49152 - National Instruments) HiddenNI-RPC 14.0.0f0 for 64 Bit Windows (Version: 14.00.49152 - National Instruments) HiddenPlanner CS (HKLM-x32\...\Planner CS) (Version: 13.1.0 - Thomson Reuters)QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version: - John Mulcahy)SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)UltraTax CS 2013 (HKLM-x32\...\UltraTax CS 2013) (Version: 13.1.0 - Thomson Reuters)UltraTax Font Installer (HKLM-x32\...\{7177CDFD-3274-4F8C-977F-7C82C73CA34C}) (Version: 12.00.0000 - Thomson Reuters)Validity Sensors DDK (HKLM\...\{426FAE9F-7373-496E-A215-9DB7EF4398CF}) (Version: 4.1.139.0 - Validity Sensors, Inc.)VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-80377031-1086190703-3473258205-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File ==================== Restore Points ========================= 13-11-2014 04:00:31 Windows Update14-11-2014 08:38:12 avast! antivirus system restore point14-11-2014 08:45:12 Device Driver Package Install: Avast Network Service18-11-2014 18:55:34 Windows Update30-11-2014 12:45:22 avast! antivirus system restore point30-11-2014 13:04:53 avast! antivirus system restore point11-12-2014 09:45:58 Windows Update14-12-2014 20:11:43 Windows Update18-12-2014 17:05:53 Windows Update19-12-2014 11:31:32 avast! antivirus system restore point04-01-2015 12:47:18 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.5110604-01-2015 12:50:04 Installed Infragisticsv112Install 201304-01-2015 12:50:49 Installed UltraTax Font Installer.06-01-2015 11:03:12 Windows Update14-01-2015 13:03:46 Windows Update12-02-2015 11:35:16 Windows Update13-02-2015 05:48:30 Windows Update18-02-2015 18:22:00 Windows Update25-02-2015 20:10:30 Windows Update10-03-2015 10:32:19 avast! antivirus system restore point10-03-2015 10:37:29 Device Driver Package Install: Avast Network Service10-03-2015 12:38:13 Windows Update12-03-2015 12:45:45 Device Driver Package Install: TAP-Windows Provider V9 Network adapters05-04-2015 10:33:28 Windows Update05-04-2015 11:37:37 avast! antivirus system restore point05-04-2015 11:41:23 Device Driver Package Install: Avast Network Service14-04-2015 14:57:48 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2014-06-17 14:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {17AEB007-7BAB-469E-83F2-55B0898114D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {21267B32-BACB-420D-BDDF-FED0FF88DE06} - System32\Tasks\{3DAD27ED-8672-4863-9E34-61DC00D68FC4} => C:\Program Files (x86)\iTunes\iTunes.exeTask: {236CB38E-6869-4B28-8B31-5FC9EC616C64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {249FE7D8-FDB3-49FF-8A3E-0EF5FBFF391D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {283C782C-AC95-4495-9301-06442B0835D1} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {3D6BFF78-3DFC-487F-A7EA-EA3E0FE13B7A} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)Task: {4455B59C-90BA-41E9-8A29-F72E3BA0F1F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exeTask: {48F8EACA-E8C7-4AD0-9A74-8E94E1831E46} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {61758F8C-3039-4F35-9335-6EAABE2C920C} - System32\Tasks\{14F984D1-CFE8-4906-9E7B-5A8ADE4A1E5F} => C:\Program Files (x86)\iTunes\iTunes.exeTask: {66280C96-CABD-4595-B849-CE5D1AB8D820} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)Task: {7C259DB1-9C98-497F-9C39-E78CFB9BA601} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2014-06-10] (National Instruments)Task: {7DB86700-C774-492A-AA68-9DC85E173EE0} - System32\Tasks\{762B434D-2ACD-4ED2-B956-5680C1EA15C2} => C:\Program Files (x86)\iTunes\iTunes.exeTask: {88F5AE5F-1116-4E13-9787-8C3974DFEE30} - System32\Tasks\{6C28064C-E636-4025-9079-3CDC153F7041} => C:\Program Files (x86)\iTunes\iTunes.exeTask: {A1B90572-8FA8-43E7-AA8A-E4BF77E06113} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-05] (Avast Software s.r.o.)Task: {A4C13790-EBC3-4561-BE52-9ED6EC95F19C} - System32\Tasks\HPCeeScheduleForCraig => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {C13AC6E9-F963-4A0D-AE38-11BD701A501B} - System32\Tasks\{F4819045-85CB-4584-ABA2-45E75491AFC0} => C:\Program Files (x86)\iTunes\iTunes.exeTask: {C2DCA8AE-0181-4EE4-A4DF-FBB876A1067A} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2014-06-10] (National Instruments)Task: {C5A78C7D-2FF4-427F-BE77-0AFF35C2A324} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)Task: {E590F4D3-85AB-4DC8-96D9-54E48C73925A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)Task: {E78661F8-BA6F-4983-8A34-6E1958F9F63F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {F726EB6F-C170-4F88-BF21-DB45D5840FE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForCraig.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2013-04-30 00:25 - 2013-04-30 00:25 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2015-04-05 11:39 - 2015-04-05 11:39 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll2015-04-05 11:39 - 2015-04-05 11:39 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll2015-04-21 08:57 - 2015-04-21 08:57 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042101\algo.dll2015-03-10 10:35 - 2015-03-10 10:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2013-06-07 09:59 - 2013-06-07 09:59 - 01958560 _____ () C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll2012-01-26 10:36 - 2012-01-26 10:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll2015-04-17 14:01 - 2015-04-13 14:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll2015-04-17 14:01 - 2015-04-13 14:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll2015-04-17 14:02 - 2015-04-13 14:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Sherri\Desktop\cross section.tiff:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Sherri\Desktop\cross section.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-80377031-1086190703-3473258205-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 75.75.75.75 - 75.75.76.76 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-80377031-1086190703-3473258205-500 - Administrator - Disabled)Craig (S-1-5-21-80377031-1086190703-3473258205-1000 - Administrator - Enabled) => C:\Users\CraigGuest (S-1-5-21-80377031-1086190703-3473258205-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-80377031-1086190703-3473258205-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: avast! SecureLine TAP Adapter v3Description: avast! SecureLine TAP Adapter v3Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: TAP-Windows Provider V9Service: aswTapProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (04/21/2015 02:10:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9844 Error: (04/21/2015 02:10:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9844 Error: (04/21/2015 02:10:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/21/2015 02:10:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 21619741 Error: (04/21/2015 02:10:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 21619741 Error: (04/21/2015 02:10:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/20/2015 08:10:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8486 Error: (04/20/2015 08:10:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8486 Error: (04/20/2015 08:10:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/20/2015 00:50:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 5.B.8.F.9.8.7.3.2.9.9.0.5.0.1.2.8.4.0.4.1.0.5.A.C.0.0.0.1.0.6.2.ip6.arpa. PTR Craig-PC-2.local. System errors:=============Error: (04/21/2015 09:00:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/21/2015 08:58:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The VBoxAsw Support Driver service failed to start due to the following error: %%2 Error: (04/21/2015 08:55:52 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (04/20/2015 00:51:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/20/2015 00:50:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The VBoxAsw Support Driver service failed to start due to the following error: %%2 Error: (04/20/2015 02:46:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (04/18/2015 03:56:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (04/18/2015 03:56:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (04/17/2015 01:53:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/17/2015 01:51:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The VBoxAsw Support Driver service failed to start due to the following error: %%2 Microsoft Office Sessions:=========================Error: (04/21/2015 02:10:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9844 Error: (04/21/2015 02:10:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9844 Error: (04/21/2015 02:10:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/21/2015 02:10:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 21619741 Error: (04/21/2015 02:10:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 21619741 Error: (04/21/2015 02:10:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/20/2015 08:10:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8486 Error: (04/20/2015 08:10:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 8486 Error: (04/20/2015 08:10:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/20/2015 00:50:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 18 5.B.8.F.9.8.7.3.2.9.9.0.5.0.1.2.8.4.0.4.1.0.5.A.C.0.0.0.1.0.6.2.ip6.arpa. PTR Craig-PC-2.local. ==================== Memory info =========================== Processor: AMD Phenom II N850 Triple-Core ProcessorPercentage of memory in use: 50%Total physical RAM: 3834.9 MBAvailable physical RAM: 1914.04 MBTotal Pagefile: 7668 MBAvailable Pagefile: 5029.16 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:573.21 GB) (Free:227.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:22.66 GB) (Free:0.26 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32Drive g: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 0A83D376)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=573.2 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=22.7 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================
  12. Still slow but that just may be a RAM issue. No BSOD so that makes me happy. What did the errors in the JavaRa scan mean? Results of screen317's Security Check version 0.99.88 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SlimCleaner Adobe Flash Player 15.0.0.152 Adobe Reader XI Google Chrome 37.0.2062.120 Google Chrome 37.0.2062.124 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  13. JavaRa scan: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Oct 02 20:57:58 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics ------------------------------------ Finished reporting.
  14. Requested scans. Sorry for the delay in response and not closing this thread. I have "Follow" checked but for some reason nothing came through. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.2.5 (10.01.2014:2) OS: Windows 7 Ultimate x64 Ran by Craig on Wed 10/01/2014 at 13:20:08.38 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 10/01/2014 at 13:25:47.70 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.311 - Report created 01/10/2014 at 13:36:00 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : Craig - CRAIG-PC # Running from : C:\Users\Craig\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v [ File : C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\2u13o25t.default\prefs.js ] -\\ Google Chrome v37.0.2062.124 [ File : C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [919 octets] - [01/10/2014 13:33:17] AdwCleaner[s0].txt - [987 octets] - [01/10/2014 13:36:00] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1046 octets] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/1/2014 Scan Time: 1:40:14 PM Logfile: Malwarebytes scan.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.01.09 Rootkit Database: v2014.09.19.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Craig Scan Type: Threat Scan Result: Completed Objects Scanned: 319621 Time Elapsed: 14 min, 35 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014 01 Ran by Craig (administrator) on CRAIG-PC on 01-10-2014 15:42:07 Running from C:\Users\Craig\Downloads Loaded Profile: Craig (Available profiles: Craig) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKU\S-1-5-21-80377031-1086190703-3473258205-1000\...\Policies\Explorer: [NoInternetOpenWith] 1 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDBBEDA8CE110CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\2u13o25t.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @adobe.com/Acrobat,version=5.1 -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Craig\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-13] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File CHR Plugin: (Java Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Craig\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File CHR Profile: C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13] CHR Extension: (Google Drive) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26] CHR Extension: (YouTube) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13] CHR Extension: (Google Search) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13] CHR Extension: (Google Wallet) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13] CHR Extension: (Gmail) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-04] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-04] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-01] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 15:41 - 2014-10-01 15:41 - 02108928 _____ (Farbar) C:\Users\Craig\Downloads\FRST64.exe 2014-10-01 13:58 - 2014-10-01 13:58 - 02347384 _____ (ESET) C:\Users\Craig\Downloads\esetsmartinstaller_enu.exe 2014-10-01 13:58 - 2014-10-01 13:58 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-10-01 13:56 - 2014-10-01 13:56 - 00001070 _____ () C:\Users\Craig\Desktop\Malwarebytes scan.txt 2014-10-01 13:38 - 2014-10-01 13:38 - 00001126 _____ () C:\Users\Craig\Desktop\AdwCleaner[s0].txt 2014-10-01 13:32 - 2014-10-01 13:36 - 00000000 ____D () C:\AdwCleaner 2014-10-01 13:32 - 2014-10-01 13:32 - 01375089 _____ () C:\Users\Craig\Downloads\AdwCleaner.exe 2014-10-01 13:25 - 2014-10-01 13:25 - 00000629 _____ () C:\Users\Craig\Desktop\JRT.txt 2014-10-01 13:20 - 2014-10-01 13:20 - 00000000 ____D () C:\Windows\ERUNT 2014-10-01 13:19 - 2014-10-01 13:19 - 01701878 _____ (Thisisu) C:\Users\Craig\Downloads\JRT.exe 2014-09-30 16:42 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 16:42 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-29 14:21 - 2014-09-29 14:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-29 14:17 - 2014-09-29 14:19 - 112794960 _____ (Apple Inc.) C:\Users\Craig\Downloads\iTunes64Setup (1).exe 2014-09-24 10:50 - 2014-09-27 21:53 - 00000000 ____D () C:\Users\Craig\Desktop\Virus removal 2014-09-24 10:12 - 2014-09-24 10:27 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-09-24 10:11 - 2014-09-24 10:11 - 05472344 _____ () C:\Users\Craig\Downloads\RogueKillerX64.exe 2014-09-24 09:37 - 2014-09-24 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-09-24 09:37 - 2014-09-24 09:37 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-09-24 09:34 - 2014-09-24 09:34 - 00791393 _____ (Lars Hederer ) C:\Users\Craig\Downloads\erunt-setup.exe 2014-09-24 09:19 - 2014-09-24 09:19 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Craig\Downloads\rkill.exe 2014-09-23 11:15 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-23 11:15 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-22 19:58 - 2014-09-22 19:58 - 00095232 _____ () C:\Users\Craig\Downloads\P-DIYAB-2V20-diyAB-amp-bom.xls 2014-09-22 17:34 - 2014-09-22 17:36 - 00030674 _____ () C:\Users\Craig\Downloads\Addition.txt 2014-09-22 17:33 - 2014-10-01 15:42 - 00013502 _____ () C:\Users\Craig\Downloads\FRST.txt 2014-09-22 17:33 - 2014-10-01 15:42 - 00000000 ____D () C:\FRST 2014-09-20 20:40 - 2014-09-20 20:40 - 00793181 _____ () C:\Users\Craig\Downloads\CISC310Chapter3ProjectGroup1Powerpoint.pptx 2014-09-20 18:10 - 2014-09-20 19:45 - 00007623 _____ () C:\Users\Craig\AppData\Local\Resmon.ResmonCfg 2014-09-15 10:56 - 2014-09-15 10:56 - 01385984 _____ () C:\Users\Craig\Downloads\7z925-x64.msi 2014-09-15 10:20 - 2014-10-01 13:37 - 00000896 _____ () C:\Windows\setupact.log 2014-09-15 10:20 - 2014-09-15 10:20 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-14 20:00 - 2014-09-15 08:18 - 00000000 ____D () C:\WIPEMFT 2014-09-14 18:02 - 2014-09-26 22:31 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCraig 2014-09-14 18:02 - 2014-09-26 22:31 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCraig.job 2014-09-14 14:34 - 2014-09-14 14:34 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-09-14 14:33 - 2014-09-14 14:33 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-09-13 13:33 - 2014-09-13 13:33 - 00000000 ____D () C:\ProgramData\HP SimplePass 2011 2014-09-13 13:33 - 2014-09-13 13:33 - 00000000 ____D () C:\ProgramData\Downloaded Installations 2014-09-13 13:31 - 2014-09-13 13:31 - 69669936 _____ (Hewlett-Packard ) C:\Users\Craig\Downloads\sp63224.exe 2014-09-13 13:05 - 2014-09-13 13:05 - 00231760 _____ () C:\Users\Craig\Downloads\CrucialScan.exe 2014-09-13 12:58 - 2014-09-14 18:02 - 00000000 ____D () C:\Users\Craig\AppData\Local\Hewlett-Packard 2014-09-13 12:41 - 2014-09-13 12:41 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard 2014-09-13 12:39 - 2014-09-17 18:01 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-09-13 12:32 - 2014-09-13 12:33 - 37553464 _____ (Hewlett-Packard ) C:\Users\Craig\Downloads\sp68058.exe 2014-09-13 10:20 - 2014-09-17 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-12 12:23 - 2014-09-29 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-12 12:22 - 2014-09-29 14:21 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-12 12:22 - 2014-09-12 12:23 - 00000000 ____D () C:\Program Files\iTunes 2014-09-12 12:22 - 2014-09-12 12:22 - 00000000 ____D () C:\Program Files\iPod 2014-09-11 08:25 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 08:25 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 08:25 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 08:25 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 08:25 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 08:25 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 08:25 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 08:25 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 08:25 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 08:25 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 08:25 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 08:25 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 08:25 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 08:25 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 08:25 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 08:25 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 08:25 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 08:25 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 08:25 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 08:25 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 08:25 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 08:25 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 08:25 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 08:25 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 08:25 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 08:25 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 08:25 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 08:25 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 08:25 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 08:25 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 08:25 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 08:25 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 08:25 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 08:25 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 08:25 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 08:25 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 08:25 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 08:25 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 08:25 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 08:25 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 08:25 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 08:25 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 08:25 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 08:25 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 08:25 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 08:25 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 08:25 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 08:25 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 08:25 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-11 08:24 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 08:24 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 08:24 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 08:24 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 08:24 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 08:24 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 08:24 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 08:11 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 08:11 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-10 09:11 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 09:11 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 09:11 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 09:11 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-10 09:10 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 09:10 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 09:10 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 09:10 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 09:10 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-05 14:50 - 2014-09-18 07:51 - 00000000 ____D () C:\Program Files (x86)\Multisim 7 Textbook 2014-09-05 14:46 - 2014-09-05 14:46 - 00000000 ____D () C:\Program Files (x86)\Your Company 2014-09-05 14:46 - 1998-07-30 07:24 - 00192784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Tabctl32.ocx 2014-09-05 14:46 - 1998-07-30 07:23 - 01347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvbvm50.dll 2014-09-05 14:46 - 1998-07-30 07:23 - 00129808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx 2014-09-05 14:46 - 1998-06-18 11:33 - 00089360 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Vb5db.dll 2014-09-05 14:46 - 1998-04-24 20:09 - 00368912 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Vbar332.dll 2014-09-05 14:46 - 1998-04-24 19:40 - 01045776 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Msjet35.dll 2014-09-05 14:46 - 1998-04-24 19:40 - 00407312 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Msrepl35.dll 2014-09-05 14:46 - 1998-04-24 19:40 - 00252176 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Msrd2x35.dll 2014-09-05 14:46 - 1998-04-24 19:40 - 00123664 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Msjint35.dll 2014-09-05 14:46 - 1998-04-24 19:40 - 00024848 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Msjter35.dll 2014-09-05 14:45 - 2014-09-05 14:45 - 00000000 ____D () C:\TEMP 2014-09-05 14:40 - 2014-09-05 14:40 - 00001263 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.1.lnk 2014-09-05 14:40 - 2014-09-05 14:40 - 00001251 _____ () C:\Acrobat Reader 5.1.lnk 2014-09-05 14:40 - 2014-09-05 14:40 - 00000000 ____D () C:\Users\Craig\Documents\My eBooks 2014-09-05 14:40 - 2014-09-05 14:40 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\InterTrust 2014-09-05 14:33 - 1998-10-29 17:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2014-09-03 20:05 - 2014-09-03 20:06 - 81648075 _____ () C:\Users\Craig\Downloads\Fa14 CISC310 Hogarty - 9-3-2014 - 8-04 PM.zip 2014-09-03 19:54 - 2014-09-03 19:54 - 00011168 _____ () C:\Users\Craig\Downloads\Group Registration Sheet.xlsx 2014-09-02 16:58 - 2014-09-02 16:58 - 00000000 ____D () C:\Users\Craig\AppData\Local\Macromedia ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 15:20 - 2014-01-13 20:42 - 01632224 _____ () C:\Windows\WindowsUpdate.log 2014-10-01 15:03 - 2014-08-14 17:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-01 15:01 - 2014-01-13 21:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-01 14:56 - 2014-01-13 21:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-01 14:41 - 2014-01-13 21:19 - 00000000 ____D () C:\Users\Craig 2014-10-01 13:45 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-01 13:45 - 2009-07-13 21:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-01 13:37 - 2014-01-13 22:14 - 00290992 _____ () C:\Windows\PFRO.log 2014-10-01 13:37 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-30 16:34 - 2014-01-13 23:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-09-28 15:02 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-24 09:39 - 2014-06-17 14:20 - 00000000 ____D () C:\Windows\erdnt 2014-09-24 09:05 - 2014-03-06 21:26 - 00000677 _____ () C:\Windows\BRCALIB.INI 2014-09-24 08:45 - 2014-01-13 21:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 08:45 - 2014-01-13 21:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-24 08:45 - 2014-01-13 21:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-20 16:49 - 2014-02-04 13:25 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner 2014-09-20 16:36 - 2014-01-22 18:29 - 00000000 ____D () C:\Windows\Minidump 2014-09-19 07:21 - 2014-01-13 22:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-17 18:01 - 2014-01-13 22:27 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-09-17 15:38 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-09-15 10:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help 2014-09-15 09:06 - 2014-01-13 21:45 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-13 12:57 - 2014-06-27 16:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-13 12:56 - 2014-01-13 22:27 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\Hewlett-Packard 2014-09-13 12:38 - 2014-01-13 22:27 - 00000000 ____D () C:\Users\Craig\AppData\Roaming\hpqLog 2014-09-13 12:37 - 2009-09-06 17:40 - 00000000 ____D () C:\SwSetup 2014-09-11 08:24 - 2014-01-13 23:24 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-11 08:21 - 2014-01-14 00:04 - 00775084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-11 08:19 - 2014-01-20 12:48 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-11 08:12 - 2014-01-20 12:48 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-05 14:40 - 2014-01-13 22:44 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-09-05 14:07 - 2014-06-21 09:02 - 00000000 ____D () C:\Users\Craig\AppData\Local\CrashDumps Some content of TEMP: ==================== C:\Users\Craig\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 09:25 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01 Ran by Craig at 2014-09-22 17:34:43 Running from C:\Users\Craig\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.1 - Adobe Systems, Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 12.5.100.30429 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.80430.0002 - Advanced Micro Devices, Inc.) Hidden AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0429.2312.39747 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden DAO 3.5 (HKLM-x32\...\DAO 3.5) (Version: - ) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) K-Lite Codec Pack 10.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - ) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MiniDSP-2way (HKLM-x32\...\MiniDSP-2way.93B26324F3B23983B479A8A5CBA0BA67786239FC.1) (Version: v1.02 - UNKNOWN) MiniDSP-2way (x32 Version: 1.02 - UNKNOWN) Hidden NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version: - John Mulcahy) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) Validity Sensors DDK (HKLM\...\{426FAE9F-7373-496E-A215-9DB7EF4398CF}) (Version: 4.1.139.0 - Validity Sensors, Inc.) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-80377031-1086190703-3473258205-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File ==================== Restore Points ========================= 12-09-2014 19:19:25 Installed iTunes 13-09-2014 19:37:51 Installed HP Support Assistant 13-09-2014 20:34:18 Installed HP SimplePass. 15-09-2014 17:24:27 Windows Modules Installer 15-09-2014 17:26:04 Windows Modules Installer 15-09-2014 17:57:55 Installed 7-Zip 9.25 (x64 edition) 15-09-2014 18:04:13 Installed 7-Zip 9.25 (x64 edition) 16-09-2014 23:51:04 Windows Update 17-09-2014 22:43:53 Removed HP SimplePass. 18-09-2014 00:57:40 Removed HP Support Assistant. 18-09-2014 14:48:24 Removed 7-Zip 9.25 (x64 edition) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2014-06-17 14:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {21267B32-BACB-420D-BDDF-FED0FF88DE06} - System32\Tasks\{3DAD27ED-8672-4863-9E34-61DC00D68FC4} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.) Task: {3D6BFF78-3DFC-487F-A7EA-EA3E0FE13B7A} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.) Task: {4173B0A9-E1C4-4200-BF5F-09880C6EC60F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software) Task: {4455B59C-90BA-41E9-8A29-F72E3BA0F1F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {48F8EACA-E8C7-4AD0-9A74-8E94E1831E46} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {61758F8C-3039-4F35-9335-6EAABE2C920C} - System32\Tasks\{14F984D1-CFE8-4906-9E7B-5A8ADE4A1E5F} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.) Task: {7DB86700-C774-492A-AA68-9DC85E173EE0} - System32\Tasks\{762B434D-2ACD-4ED2-B956-5680C1EA15C2} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.) Task: {88F5AE5F-1116-4E13-9787-8C3974DFEE30} - System32\Tasks\{6C28064C-E636-4025-9079-3CDC153F7041} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.) Task: {A4C13790-EBC3-4561-BE52-9ED6EC95F19C} - System32\Tasks\HPCeeScheduleForCraig => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {C13AC6E9-F963-4A0D-AE38-11BD701A501B} - System32\Tasks\{F4819045-85CB-4584-ABA2-45E75491AFC0} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-09-01] (Apple Inc.) Task: {C5A78C7D-2FF4-427F-BE77-0AFF35C2A324} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated) Task: {E590F4D3-85AB-4DC8-96D9-54E48C73925A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.) Task: {F726EB6F-C170-4F88-BF21-DB45D5840FE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForCraig.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-30 00:25 - 2013-04-30 00:25 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-07-04 12:04 - 2014-07-04 12:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-20 01:29 - 2014-09-20 01:29 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092000\algo.dll 2014-09-22 10:29 - 2014-09-22 10:29 - 02865152 _____ () C:\Program Files\AVAST Software\Avast\defs\14092201\algo.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-07-04 12:04 - 2014-07-04 12:05 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-09-10 14:08 - 2014-09-03 20:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll 2014-09-10 14:08 - 2014-09-03 20:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll 2014-09-10 14:08 - 2014-09-03 20:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll 2014-09-10 14:08 - 2014-09-03 20:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll 2014-09-10 14:08 - 2014-09-03 20:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll 2014-09-10 14:08 - 2014-09-03 20:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/22/2014 03:44:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15972318 Error: (09/22/2014 03:44:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15972318 Error: (09/22/2014 03:44:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/22/2014 11:18:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9095 Error: (09/22/2014 11:18:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9095 Error: (09/22/2014 11:18:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/22/2014 11:18:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8081 Error: (09/22/2014 11:18:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8081 Error: (09/22/2014 11:18:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/22/2014 11:18:41 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7082 System errors: ============= Error: (09/18/2014 07:39:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service. Error: (09/18/2014 07:38:20 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000003b (0x00000000c0000005, 0xfffff80002c77ac5, 0xfffff8800959ed60, 0x0000000000000000)C:\Windows\Minidump\091814-21481-01.dmp091814-21481-01 Error: (09/18/2014 07:38:20 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 7:37:21 AM on ‎9/‎18/‎2014 was unexpected. Error: (09/17/2014 03:40:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service. Error: (09/17/2014 03:39:47 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000116 (0xfffffa8006e424e0, 0xfffff88004179f6c, 0x0000000000000000, 0x0000000000000002)C:\Windows\Minidump\091714-59451-01.dmp091714-59451-01 Error: (09/17/2014 03:39:46 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:37:44 PM on ‎9/‎17/‎2014 was unexpected. Error: (09/15/2014 10:24:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (09/15/2014 10:24:17 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (09/15/2014 10:20:19 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x000000f3 (0x00000000000c71ab, 0x00000000000c71ab, 0x0000000000000001, 0xffffffffc0000054)C:\Windows\Minidump\091514-37128-01.dmp091514-37128-01 Error: (09/15/2014 09:37:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service. Microsoft Office Sessions: ========================= Error: (09/22/2014 03:44:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15972318 Error: (09/22/2014 03:44:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15972318 Error: (09/22/2014 03:44:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/22/2014 11:18:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9095 Error: (09/22/2014 11:18:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9095 Error: (09/22/2014 11:18:43 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/22/2014 11:18:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8081 Error: (09/22/2014 11:18:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8081 Error: (09/22/2014 11:18:42 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/22/2014 11:18:41 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7082 ==================== Memory info =========================== Processor: AMD Phenom II N850 Triple-Core Processor Percentage of memory in use: 58% Total physical RAM: 3834.9 MB Available physical RAM: 1595.8 MB Total Pagefile: 7667.98 MB Available Pagefile: 4263.31 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:573.21 GB) (Free:368.08 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:22.66 GB) (Free:3.31 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 Drive g: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 0A83D376) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=573.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=22.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================
  15. Requested scans: Rkill 2.6.8 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/24/2014 09:30:14 AM in x64 mode. Windows Version: Windows 7 Ultimate Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 09/24/2014 09:30:31 AM Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s) Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/24/2014 Scan Time: 9:43:02 AM Logfile: Malwarebytes scan.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.24.09 Rootkit Database: v2014.09.19.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Craig Scan Type: Threat Scan Result: Completed Objects Scanned: 322116 Time Elapsed: 11 min, 44 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) RogueKiller V9.2.12.0 (x64) [sep 23 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Craig [Admin rights] Mode : Scan -- Date : 09/24/2014 10:34:40 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤ [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\drivers\volmgrx.sys) [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\Disk @ \Device\Harddisk0\DR0 (\SystemRoot\system32\DRIVERS\hpdskflt.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 6d191677fc81652a2d50918f476cdc2a [bSP] 3d0b76d65724ecff6e264dd09e65f090 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 586969 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1202522112 | Size: 23207 MB 3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_06062014_113052.log - RKreport_SCN_06062014_114844.log - RKreport_SCN_09242014_102113.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.