Jump to content

beachbaby1924

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Results of screen317's Security Check version 0.99.93 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Adobe Flash Player 15.0.0.246 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (34.0.5) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  2. I follow the steps posted above last night and so far (knock on wood!) it seems to have fixed the problem. I no longer have ads popping up on my page. My computer is still running a little slower than before but it might just be my internet connection. I will let you know if the ads start popping up again. Thank you for your help and patience! I don't think I could have fixed the problem without you! Wishing you a happy and healthy New Year!
  3. Sorry for the delay, I have been sick and unable to get back to this thread. I have reset Explorer and Firefox, I don't have Chrome. It seems Explorer is okay at this point but still having issues with Firefox. Would it do any good to delete Firefox and then re-install it? Thanks for your help!
  4. I have a laptop and a desktop running through a wireless router. My desktop is fine, only the laptop is having issues. The computer is running slower than normal. The "Ads by Notification" no longer show however I now have banners at the top and bottom of the page from "Dynamic-Pricer". I also have ads from "My Deals Club" scattered throughout the page, including a pop-up at the lower right hand corner of the page. When I load a page, in the lower left corner where it says waiting for... or transferring from..., it shows sites such as superfish and majuwe. I have tried Explorer and do not seem to have an issue, only on Firefox, which is the browser I prefer. Is it time to throw the laptop at a brick wall? HaHa Thank you for trying to help me resolve this issue. It is truely appreciated!
  5. I reset Explorer and Firefox, I don't have Chrome. Here are the latest logs: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/10/2014 Scan Time: 6:44:55 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.10.09 Rootkit Database: v2014.12.08.03 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: True Scan Type: Threat Scan Result: Completed Objects Scanned: 328887 Time Elapsed: 49 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2014 01 Ran by True (administrator) on HOMEPC on 10-12-2014 19:45:28 Running from C:\Users\True\Desktop Loaded Profile: True (Available profiles: True) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Dropbox, Inc.) C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Config.Msi\42e9d7.rbf (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-07-05] (Realtek Semiconductor) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated) HKLM\...\Run: [ColtsTray] => C:\Program Files (x86)\DeskSite Software\Colts DeskSite\ColtsTray.exe HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:50183;https=127.0.0.1:50183 HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT14/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\True\AppData\Roaming\Mozilla\Firefox\Profiles\epe445bo.default-1418253736050 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\b85afb9c3dde7f804c95414cfb510fb1 [2014-11-13] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-11] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed] R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-07-05] (Realtek Semiconductor) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-25 09:09 - 2014-11-28 19:15 - 00034696 _____ () C:\Users\True\Desktop\Addition.txt 2014-11-25 09:06 - 2014-12-10 19:46 - 00014705 _____ () C:\Users\True\Desktop\FRST.txt 2014-11-25 09:06 - 2014-12-10 19:45 - 02119680 _____ (Farbar) C:\Users\True\Desktop\FRST64.exe 2014-11-25 09:06 - 2014-12-10 19:45 - 00000000 ____D () C:\Users\True\Desktop\FRST-OlderVersion 2014-11-22 12:49 - 2014-11-30 11:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-22 12:42 - 2014-11-30 12:08 - 00000000 ____D () C:\Users\True\Desktop\MBAR 2014-11-20 06:15 - 2014-11-20 06:15 - 00000000 ____D () C:\Users\True\Downloads\FRST-OlderVersion 2014-11-19 19:09 - 2014-11-19 19:09 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-11-19 19:08 - 2014-11-19 19:09 - 02347384 _____ (ESET) C:\Users\True\Downloads\esetsmartinstaller_enu.exe 2014-11-19 17:56 - 2014-11-19 17:56 - 02140160 _____ () C:\Users\True\Desktop\AdwCleaner(1).exe 2014-11-19 17:50 - 2014-11-19 17:50 - 00000678 _____ () C:\Users\True\Desktop\JRT.txt 2014-11-19 17:44 - 2014-12-06 10:18 - 00000000 ____D () C:\Users\True\AppData\Local\CrashDumps 2014-11-19 17:43 - 2014-11-19 17:43 - 00000000 ____D () C:\Windows\ERUNT 2014-11-19 17:39 - 2014-11-19 17:39 - 01707532 _____ (Thisisu) C:\Users\True\Desktop\JRT.exe 2014-11-18 16:55 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-18 16:55 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-18 16:55 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-18 16:55 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL 2014-11-17 19:44 - 2014-11-17 19:44 - 00004637 _____ () C:\Users\True\Desktop\RKreport_SCN_11172014_194138.log 2014-11-17 19:21 - 2014-11-17 19:21 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-11-17 19:20 - 2014-11-17 19:20 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-11-17 19:16 - 2014-11-17 19:18 - 17535064 _____ () C:\Users\True\Desktop\RogueKillerX64.exe 2014-11-17 17:06 - 2014-11-17 17:06 - 00000000 ____D () C:\Users\True\Desktop\11-17-2014 2014-11-17 17:04 - 2014-11-17 17:04 - 00000947 _____ () C:\Users\True\Desktop\NTREGOPT.lnk 2014-11-17 17:04 - 2014-11-17 17:04 - 00000928 _____ () C:\Users\True\Desktop\ERUNT.lnk 2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-11-17 17:02 - 2014-11-17 17:02 - 00791393 _____ (Lars Hederer ) C:\Users\True\Downloads\erunt-setup.exe 2014-11-17 17:01 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill report.txt 2014-11-17 16:58 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill.txt 2014-11-17 16:56 - 2014-11-17 16:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\True\Desktop\rkill.exe 2014-11-14 19:05 - 2014-11-14 19:07 - 00037343 _____ () C:\Users\True\Downloads\Addition.txt 2014-11-14 19:03 - 2014-12-10 19:45 - 00000000 ____D () C:\FRST 2014-11-14 19:03 - 2014-11-20 06:17 - 00053536 _____ () C:\Users\True\Downloads\FRST.txt 2014-11-14 18:50 - 2014-11-20 06:15 - 02117120 _____ (Farbar) C:\Users\True\Downloads\FRST64.exe 2014-11-14 18:23 - 2014-11-19 18:21 - 00000000 ____D () C:\AdwCleaner 2014-11-14 18:20 - 2014-11-14 18:21 - 02140160 _____ () C:\Users\True\Downloads\AdwCleaner.exe 2014-11-14 16:26 - 2014-11-14 16:26 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieBrowserModeList 2014-11-11 19:43 - 2014-12-10 19:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 19:43 - 2014-11-11 19:43 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-11 19:43 - 2014-11-11 19:43 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-11 19:30 - 2014-11-11 19:30 - 00244088 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.1.exe 2014-11-11 15:14 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 15:13 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-11 15:10 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 15:09 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 15:09 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-11 15:09 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-11 15:08 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 15:08 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 15:08 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 15:08 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-11 15:08 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-11 15:08 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 15:08 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 15:08 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-11-11 15:08 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-11-11 15:08 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 15:08 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 15:08 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 15:08 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-11 15:08 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 15:08 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-11 15:08 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-11 15:08 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-11 15:08 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-11 15:08 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-11 15:08 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-11 15:08 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-11 15:08 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-11 15:08 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-11-11 15:08 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-11-11 15:08 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-11 15:08 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-11 15:08 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-11 15:08 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-11 15:08 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-11 15:07 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-11 15:07 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-11 15:07 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-11 15:07 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-11-11 15:07 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-11 15:07 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 15:07 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-11 15:07 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-11 15:07 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 15:07 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-11 15:07 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-11 15:07 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-11 15:07 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-11 15:07 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-11 15:07 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-11 15:07 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-11 15:07 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 15:07 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-11 15:07 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-11-11 15:07 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-11 15:07 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-11 15:07 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-11 15:07 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-11 15:07 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-11 15:07 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-11 15:07 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-11 15:07 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-11 15:07 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-11 15:07 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-11-11 15:07 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-11 15:07 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-11 15:07 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-11 15:07 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-11 15:07 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-11 15:07 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-11 15:07 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-11 15:07 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-11 15:07 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-11 15:07 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-11 15:07 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-11 15:07 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-11 15:07 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-11-11 15:07 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-11 15:07 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-11 15:07 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-11 15:07 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-11 15:06 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-11 15:06 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-11 15:06 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-11 15:06 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-11 15:06 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-11 15:06 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-11 15:06 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-11 15:06 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-11 15:00 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-11 15:00 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-11 15:00 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-11 15:00 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-11 15:00 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-11 15:00 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-11 15:00 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-11 15:00 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-11 15:00 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-11 15:00 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-11 15:00 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-11 15:00 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-11 14:59 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-11 14:59 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-11 14:59 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-11 14:59 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-11 14:59 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-11 14:59 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-11 14:59 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-11 14:59 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-11 14:59 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-11 14:59 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-11 14:59 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-11 14:59 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-11 14:59 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-11 14:59 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-11 14:59 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-11 14:59 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-11 14:59 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-11 14:59 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-11 14:59 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-11 14:59 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-11 14:59 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-11 14:59 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-11 14:58 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-11 14:58 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-11 14:58 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-11 14:58 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-11 14:58 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-11 14:58 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-11 14:58 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-11 14:58 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-11 14:58 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-11 14:58 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-11 14:58 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-11 14:58 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-11 14:58 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-11 14:58 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-11 14:58 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-11 14:58 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-11 14:58 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-11 14:55 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-11 14:55 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-11 14:55 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-11 14:55 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-11 14:55 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-11 14:55 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-11 14:55 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-11 14:55 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 14:55 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-11 14:55 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-11 14:55 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-11 14:55 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-11 14:54 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-11 14:54 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-11 14:54 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-11 14:54 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-11 14:54 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-11 14:54 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-11 14:54 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-11 14:54 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-11 14:54 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-11 14:54 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-11 14:54 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-11 14:54 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-11 14:54 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-11 14:54 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-11 14:54 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-11 14:54 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-11 14:54 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-11 14:54 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-11 14:54 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-11 14:53 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-11 14:53 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-11 14:53 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-11 14:53 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-11 14:53 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-11 14:53 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-11 14:53 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-11-11 13:58 - 2014-12-10 18:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-11 13:57 - 2014-12-10 18:41 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-11 13:57 - 2014-12-10 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-11 13:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-11 13:56 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-11 13:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-11 13:55 - 2014-12-10 18:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-11 13:55 - 2014-11-11 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-11 13:51 - 2014-11-11 13:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\True\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-11 13:39 - 2014-11-17 17:04 - 00000000 ____D () C:\Users\True\Desktop\SOA 2014-11-10 19:10 - 2014-12-10 19:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-10 19:46 - 2014-06-09 08:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 19:45 - 2014-06-07 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-10 19:45 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-10 19:44 - 2014-06-06 20:19 - 01838974 _____ () C:\Windows\WindowsUpdate.log 2014-12-10 19:37 - 2014-06-06 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1734499517-1423219126-3406439121-1002 2014-12-10 19:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-10 19:29 - 2014-06-08 21:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-10 19:10 - 2014-07-22 13:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-10 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-10 18:53 - 2014-10-26 20:14 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC 2014-12-10 18:37 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-10 18:34 - 2014-06-06 20:27 - 00000000 ____D () C:\Users\True\Documents\Youcam 2014-12-10 18:31 - 2014-10-17 16:03 - 00000000 ___RD () C:\Users\True\Dropbox 2014-12-10 18:31 - 2014-10-17 15:57 - 00000000 ____D () C:\Users\True\AppData\Roaming\Dropbox 2014-12-10 18:31 - 2014-06-06 20:44 - 00000000 ___DO () C:\Users\True\SkyDrive 2014-12-10 18:30 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-10 18:29 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-12-10 18:26 - 2014-06-08 21:07 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 18:22 - 2014-11-05 22:36 - 00000000 ____D () C:\Users\True\Desktop\Old Firefox Data 2014-12-10 18:20 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True\AppData\Local\Packages 2014-12-10 18:13 - 2014-06-06 20:51 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E44FF485-5807-49FF-B743-482D2C37A352} 2014-12-06 20:42 - 2014-06-07 21:17 - 00000000 ____D () C:\Users\True\Desktop\True Woodcarving Books 2014-12-06 20:37 - 2014-07-27 16:21 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTrue 2014-12-06 20:37 - 2014-07-27 16:21 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTrue.job 2014-12-05 22:29 - 2014-06-09 09:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-26 21:12 - 2014-06-07 14:49 - 00000000 ____D () C:\Users\True\Desktop\Geneology 2014-11-21 18:25 - 2014-06-22 17:04 - 00695808 ___SH () C:\Users\True\Desktop\Thumbs.db 2014-11-21 18:22 - 2013-08-26 01:01 - 00124390 _____ () C:\Windows\PFRO.log 2014-11-20 15:51 - 2014-10-25 20:31 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-20 15:51 - 2014-10-25 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-18 17:16 - 2014-10-26 18:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-16 17:23 - 2014-06-09 09:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-14 20:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache 2014-11-14 18:47 - 2014-10-17 16:03 - 00001070 _____ () C:\Users\True\Desktop\Dropbox.lnk 2014-11-14 18:47 - 2014-10-17 16:02 - 00000000 ____D () C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-12 15:13 - 2014-06-07 15:50 - 00000000 ____D () C:\Users\True\Desktop\Randy 2014-11-11 18:18 - 2013-08-22 09:44 - 00484248 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-11 18:16 - 2014-03-25 14:47 - 00000000 ____D () C:\Windows\Options 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-11 15:22 - 2014-06-09 08:54 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-11 13:12 - 2014-10-31 13:58 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll 2014-11-11 09:23 - 2014-06-07 15:35 - 00000000 ____D () C:\Users\True\Desktop\Debbie Carvings Some content of TEMP: ==================== C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfmdpof.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 20:36 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-12-2014 01 Ran by True at 2014-12-10 19:48:55 Running from C:\Users\True\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{FA071D2C-FB23-9D66-88DB-8B3B1CEBEDDC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3618 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard) HP Photosmart 5510 series Product Improvement Study (HKLM\...\{CBB98874-7884-4CC1-A78C-CB53C62BC77B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation) Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.) Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\True\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 11-11-2014 17:05:34 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges 18-11-2014 22:31:09 Windows Update 27-11-2014 02:31:04 Windows Update 10-12-2014 23:25:30 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2014-11-06 09:28 - 00450713 ___RA C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0390F844-8BB8-4CF2-8B6A-333B34585420} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN191045FP05NR => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {1F999654-F0FA-4ED7-B6CC-BF747915E701} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink) Task: {2DCE66DC-4EC1-4969-A8A6-90B5FDBDA48C} - System32\Tasks\HPCeeScheduleForTrue => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {3FEE3CEB-BC79-45F5-B477-F98F63967A10} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation) Task: {43D63A9B-06E3-4205-8A6B-9D7927EF13F2} - \Jelbrus Secure Web Task No Task File <==== ATTENTION Task: {58129A26-74CB-4553-8BD5-9814AE98D6CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {632829CF-193A-42C0-A92B-FAC82F8EF5CA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated) Task: {65828A87-D349-48FA-8777-5D15D920D332} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {84F919F4-E2FA-48C7-A521-1FD7702876CF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.) Task: {87538E65-DB38-4BBE-AB07-472B10B4299D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {98EA16A6-70E5-4DFB-9193-EFA7CA8E6769} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {9AEAAAFB-7FF9-4217-83B0-4541E87B93BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated) Task: {9F4D2CFC-A8B0-49E9-863B-8FC373E54C0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {C14DD66F-61DA-48B4-8A39-1F2A71C36C88} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-17] (CyberLink Corp.) Task: {C605FB90-B3E9-4290-9111-7908D68CA9EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {C754D718-617D-4B41-9C40-36DC14E713DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {CA4671AD-3A46-4C05-B23C-B6843DAAAF40} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {D6EA4182-40FD-4CC1-8E5F-F7D148FCA410} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation) Task: {EB87482D-A23B-4E11-BEFE-22A3B8646C74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {F39B73B7-D933-4537-904C-C8749C2BE318} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {FA59E05D-50C3-4F1B-A01F-FB928C8D37E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForTrue.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe 2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2013-12-11 17:12 - 2013-12-11 17:12 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2013-12-11 17:11 - 2013-12-11 17:11 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-10-26 18:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-11-18 17:13 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2014-11-05 23:04 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-11-05 23:04 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-11-05 23:04 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-11-05 23:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-11-05 23:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-11-11 19:43 - 2014-11-06 19:09 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-12-10 18:31 - 2014-12-10 18:31 - 00043008 _____ () c:\users\true\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfmdpof.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\True\AppData\Roaming\Dropbox\bin\libcef.dll 2014-03-25 15:05 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-11-18 16:50 - 2014-11-18 16:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2014-11-18 17:12 - 2014-11-18 17:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\True\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1734499517-1423219126-3406439121-500 - Administrator - Disabled) Guest (S-1-5-21-1734499517-1423219126-3406439121-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1734499517-1423219126-3406439121-1004 - Limited - Enabled) True (S-1-5-21-1734499517-1423219126-3406439121-1002 - Administrator - Enabled) => C:\Users\True ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/10/2014 07:07:54 PM) (Source: MsiInstaller) (EventID: 1024) (User: HOMEPC) Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (12/09/2014 02:12:57 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b40 Start Time: 01d013e36cc4d591 Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: 6169917f-7fd7-11e4-827f-a02bb835ea16 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (12/06/2014 08:39:58 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (12/06/2014 10:40:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1734 Error: (12/06/2014 10:40:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1734 Error: (12/06/2014 10:40:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/06/2014 10:18:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FRST64.exe, version: 6.12.2014.0, time stamp: 0x5482e663 Faulting module name: FRST64.exe, version: 6.12.2014.0, time stamp: 0x5482e663 Exception code: 0xc0000005 Fault offset: 0x0000000000024a00 Faulting process id: 0x9bc Faulting application start time: 0xFRST64.exe0 Faulting application path: FRST64.exe1 Faulting module path: FRST64.exe2 Report Id: FRST64.exe3 Faulting package full name: FRST64.exe4 Faulting package-relative application ID: FRST64.exe5 Error: (12/05/2014 10:45:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3250 Error: (12/05/2014 10:45:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3250 Error: (12/05/2014 10:45:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (12/10/2014 06:28:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service. Error: (12/10/2014 06:28:56 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (12/10/2014 06:28:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Modules Installer service terminated with the following error: %%16405 Error: (12/09/2014 02:08:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105. Error: (12/05/2014 10:27:01 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: 1053VSSUnavailable{E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Error: (12/05/2014 10:26:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Volume Shadow Copy service failed to start due to the following error: %%1053 Error: (12/05/2014 10:24:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. Error: (11/26/2014 08:45:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (11/25/2014 09:20:42 AM) (Source: DCOM) (EventID: 10001) (User: HOMEPC) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15616Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable Error: (11/25/2014 09:20:42 AM) (Source: DCOM) (EventID: 10001) (User: HOMEPC) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15616Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-12-06 20:39:04.772 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-25 09:24:58.694 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-20 03:17:50.145 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-14 18:58:44.801 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-10 22:03:44.355 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-07 12:36:15.161 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-05 21:42:50.283 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-25 21:49:38.238 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-08-20 17:23:47.703 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E1-2100 APU with Radeon HD Graphics Percentage of memory in use: 51% Total physical RAM: 3537.01 MB Available physical RAM: 1713.66 MB Total Pagefile: 4305.01 MB Available Pagefile: 2077.38 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:446.21 GB) (Free:388.8 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:18.67 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 3F95D415) Partition: GPT Partition Type. ==================== End Of Log ============================
  6. Here's the fixlog. The tool did not require a restart. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2014 Ran by True at 2014-12-06 10:18:39 Run:5 Running from C:\Users\True\Desktop Loaded Profile: True (Available profiles: True) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] => [X] HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.amazon.co...s={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://www.amazon.co...s={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://www.amazon.co...s={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://www.amazon.co...s={searchTerms}=> Value not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://www.amazon.co...s={searchTerms}=> Value not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://www.amazon.co...s={searchTerms}=> Value not found. \\SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} => Value not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}" => Key deleted successfully. C:\Program Files (x86)\Jelbrus Secure Web => Moved successfully. "C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuh5wix.dll" => File/Directory not found. "C:\Users\True\AppData\Local\Temp\Extract.exe" => File/Directory not found. "C:\Users\True\AppData\Local\Temp\ose00000.exe" => File/Directory not found. "C:\Users\True\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. "C:\Users\True\AppData\Local\Temp\sqlite3.dll" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31ACA094-369F-4EC6-9699-FE5E91D6E428}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACF70E8D-BCAA-417B-A3DF-B4F0BFE09FC2}" => Key not found. C:\Windows\System32\Tasks\Jelbrus Secure Web Task => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task" => Key deleted successfully. C:\Users\True\SkyDrive => ":ms-properties" ADS removed successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. ==== End of Fixlog ====
  7. Ran the scan and no clean-up was required. Here are the logs: Malwarebytes Anti-Rootkit BETA 1.08.2.1001 www.malwarebytes.org Database version: v2014.11.30.04 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17416 True :: HOMEPC [administrator] 11/30/2014 11:11:35 AM mbar-log-2014-11-30 (11-11-35).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 325979 Time elapsed: 40 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) ===================================================================================== Malwarebytes Anti-Rootkit BETA 1.08.2.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17416 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 0.998000 GHz Memory total: 3708825600, free: 2032435200 Downloaded database version: v2014.11.30.04 Downloaded database version: v2014.11.29.01 ======================================= ------------ Kernel report ------------ 11/30/2014 11:11:01 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\amdsata.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\amdxata.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\drivers\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\RtsP2Stor.sys \SystemRoot\system32\DRIVERS\athwbx.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\System32\drivers\usbohci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\sdbus.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\WirelessButtonDriver64.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\AmdAS4.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\system32\drivers\AtihdWB6.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\AMDACPKSL.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amdsata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\drivers\WSDPrint.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\drivers\MSPQM.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffe000f412a060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\0000002c\ Lower Device Object: 0xffffe000f403c060 Lower Device Driver Name: \Driver\amdsata\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe000f412a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe000f412ab20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000f412a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe000f3bef040, DeviceName: Unknown, DriverName: \Driver\amdxata\ DevicePointer: 0xffffe000f403c060, DeviceName: \Device\0000002c\, DriverName: \Driver\amdsata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1) Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 3F95D415 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 990474525 GPT Header CurrentLba = 1 BackupLba 976773167 GPT Header FirstUsableLba 34 LastUsableLba 976773134 GPT Header Guid 9b734414-5096-4db7-9dde-5f3b5cea714 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 990474525 Backup GPT header CurrentLba = 976773167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 976773134 Backup GPT header Guid 9b734414-5096-4db7-9dde-5f3b5cea714 Backup GPT header Contains 128 partition entries starting at LBA 976773135 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 8144acd0-46e0-4bea-b91e-dce2d08c57ab FirstLBA 2048 Last LBA 821247 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e7c680db-a729-4fcb-ada6-3aa9fe69f37 FirstLBA 821248 Last LBA 1353727 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 744c35ad-9716-489a-80f-203bd5892e1f FirstLBA 1353728 Last LBA 1845247 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 4f67597a-fda3-474b-aa93-d0e7d5698e5e FirstLBA 1845248 Last LBA 937613311 Attributes 0 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID ac90cc0c-a45f-4dc0-b4f7-a09a478b8b7d FirstLBA 937613312 Last LBA 976773119 Attributes 1 Partition Name Basic data partition Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished
  8. Here's the latest scan. Hope you had a great Thanksgiving! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01 Ran by True (administrator) on HOMEPC on 28-11-2014 19:11:06 Running from C:\Users\True\Desktop Loaded Profile: True (Available profiles: True) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Dropbox, Inc.) C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-07-05] (Realtek Semiconductor) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated) HKLM\...\Run: [ColtsTray] => C:\Program Files (x86)\DeskSite Software\Colts DeskSite\ColtsTray.exe HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:50183;https=127.0.0.1:50183 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\True\AppData\Roaming\Mozilla\Firefox\Profiles\ywkk0q2m.default-1416000456201 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\b85afb9c3dde7f804c95414cfb510fb1 [2014-11-13] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-11] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed] R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-07-05] (Realtek Semiconductor) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-26] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-25 09:09 - 2014-11-25 09:11 - 00032828 _____ () C:\Users\True\Desktop\Addition.txt 2014-11-25 09:06 - 2014-11-28 19:13 - 00014817 _____ () C:\Users\True\Desktop\FRST.txt 2014-11-25 09:06 - 2014-11-26 20:53 - 02117632 _____ (Farbar) C:\Users\True\Desktop\FRST64.exe 2014-11-25 09:06 - 2014-11-26 20:53 - 00000000 ____D () C:\Users\True\Desktop\FRST-OlderVersion 2014-11-22 12:49 - 2014-11-22 14:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-22 12:42 - 2014-11-25 08:56 - 00000000 ____D () C:\Users\True\Desktop\MBAR 2014-11-20 06:15 - 2014-11-20 06:15 - 00000000 ____D () C:\Users\True\Downloads\FRST-OlderVersion 2014-11-19 19:09 - 2014-11-19 19:09 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-11-19 19:08 - 2014-11-19 19:09 - 02347384 _____ (ESET) C:\Users\True\Downloads\esetsmartinstaller_enu.exe 2014-11-19 17:56 - 2014-11-19 17:56 - 02140160 _____ () C:\Users\True\Desktop\AdwCleaner(1).exe 2014-11-19 17:50 - 2014-11-19 17:50 - 00000678 _____ () C:\Users\True\Desktop\JRT.txt 2014-11-19 17:44 - 2014-11-26 20:54 - 00000000 ____D () C:\Users\True\AppData\Local\CrashDumps 2014-11-19 17:43 - 2014-11-19 17:43 - 00000000 ____D () C:\Windows\ERUNT 2014-11-19 17:39 - 2014-11-19 17:39 - 01707532 _____ (Thisisu) C:\Users\True\Desktop\JRT.exe 2014-11-18 16:55 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-18 16:55 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-18 16:55 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-18 16:55 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-17 19:44 - 2014-11-17 19:44 - 00004637 _____ () C:\Users\True\Desktop\RKreport_SCN_11172014_194138.log 2014-11-17 19:21 - 2014-11-17 19:21 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-11-17 19:20 - 2014-11-17 19:20 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-11-17 19:16 - 2014-11-17 19:18 - 17535064 _____ () C:\Users\True\Desktop\RogueKillerX64.exe 2014-11-17 17:06 - 2014-11-17 17:06 - 00000000 ____D () C:\Users\True\Desktop\11-17-2014 2014-11-17 17:04 - 2014-11-17 17:04 - 00000947 _____ () C:\Users\True\Desktop\NTREGOPT.lnk 2014-11-17 17:04 - 2014-11-17 17:04 - 00000928 _____ () C:\Users\True\Desktop\ERUNT.lnk 2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-11-17 17:02 - 2014-11-17 17:02 - 00791393 _____ (Lars Hederer ) C:\Users\True\Downloads\erunt-setup.exe 2014-11-17 17:01 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill report.txt 2014-11-17 16:58 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill.txt 2014-11-17 16:56 - 2014-11-17 16:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\True\Desktop\rkill.exe 2014-11-14 19:05 - 2014-11-14 19:07 - 00037343 _____ () C:\Users\True\Downloads\Addition.txt 2014-11-14 19:03 - 2014-11-28 19:11 - 00000000 ____D () C:\FRST 2014-11-14 19:03 - 2014-11-20 06:17 - 00053536 _____ () C:\Users\True\Downloads\FRST.txt 2014-11-14 18:50 - 2014-11-20 06:15 - 02117120 _____ (Farbar) C:\Users\True\Downloads\FRST64.exe 2014-11-14 18:23 - 2014-11-19 18:21 - 00000000 ____D () C:\AdwCleaner 2014-11-14 18:20 - 2014-11-14 18:21 - 02140160 _____ () C:\Users\True\Downloads\AdwCleaner.exe 2014-11-14 16:26 - 2014-11-14 16:26 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieBrowserModeList 2014-11-11 19:43 - 2014-11-11 19:43 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-11 19:43 - 2014-11-11 19:43 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-11 19:43 - 2014-11-11 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 19:30 - 2014-11-11 19:30 - 00244088 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.1.exe 2014-11-11 15:14 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 15:13 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-11 15:10 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 15:09 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 15:09 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-11 15:09 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-11 15:08 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 15:08 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 15:08 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 15:08 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-11 15:08 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-11 15:08 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 15:08 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 15:08 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-11-11 15:08 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-11-11 15:08 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 15:08 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 15:08 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 15:08 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-11 15:08 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 15:08 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-11 15:08 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-11 15:08 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-11 15:08 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-11 15:08 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-11 15:08 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-11 15:08 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-11 15:08 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-11 15:08 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-11-11 15:08 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-11-11 15:08 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-11 15:08 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-11 15:08 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-11 15:08 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-11 15:08 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-11 15:07 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-11 15:07 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-11 15:07 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-11 15:07 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-11-11 15:07 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-11 15:07 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 15:07 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-11 15:07 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-11 15:07 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 15:07 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-11 15:07 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-11 15:07 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-11 15:07 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-11 15:07 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-11 15:07 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-11 15:07 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-11 15:07 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 15:07 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-11 15:07 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-11-11 15:07 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-11 15:07 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-11 15:07 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-11 15:07 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-11 15:07 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-11 15:07 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-11 15:07 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-11 15:07 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-11 15:07 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-11 15:07 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-11-11 15:07 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-11 15:07 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-11 15:07 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-11 15:07 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-11 15:07 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-11 15:07 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-11 15:07 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-11 15:07 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-11 15:07 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-11 15:07 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-11 15:07 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-11 15:07 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-11 15:07 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-11-11 15:07 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-11 15:07 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-11 15:07 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-11 15:07 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-11 15:06 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-11 15:06 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-11 15:06 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-11 15:06 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-11 15:06 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-11 15:06 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-11 15:06 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-11 15:06 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-11 15:00 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-11 15:00 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-11 15:00 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-11 15:00 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-11 15:00 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-11 15:00 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-11 15:00 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-11 15:00 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-11 15:00 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-11 15:00 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-11 15:00 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-11 15:00 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-11 14:59 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-11 14:59 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-11 14:59 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-11 14:59 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-11 14:59 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-11 14:59 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-11 14:59 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-11 14:59 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-11 14:59 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-11 14:59 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-11 14:59 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-11 14:59 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-11 14:59 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-11 14:59 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-11 14:59 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-11 14:59 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-11 14:59 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-11 14:59 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-11 14:59 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-11 14:59 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-11 14:59 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-11 14:59 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-11 14:58 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-11 14:58 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-11 14:58 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-11 14:58 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-11 14:58 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-11 14:58 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-11 14:58 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-11 14:58 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-11 14:58 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-11 14:58 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-11 14:58 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-11 14:58 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-11 14:58 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-11 14:58 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-11 14:58 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-11 14:58 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-11 14:58 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-11 14:55 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-11 14:55 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-11 14:55 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-11 14:55 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-11 14:55 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-11 14:55 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-11 14:55 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-11 14:55 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 14:55 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-11 14:55 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-11 14:55 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-11 14:55 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-11 14:54 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-11 14:54 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-11 14:54 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-11 14:54 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-11 14:54 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-11 14:54 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-11 14:54 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-11 14:54 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-11 14:54 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-11 14:54 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-11 14:54 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-11 14:54 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-11 14:54 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-11 14:54 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-11 14:54 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-11 14:54 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-11 14:54 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-11 14:54 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-11 14:54 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-11 14:53 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-11 14:53 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-11 14:53 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-11 14:53 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-11 14:53 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-11 14:53 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-11 14:53 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-11-11 13:58 - 2014-11-26 20:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-11 13:57 - 2014-11-11 13:57 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-11 13:57 - 2014-11-11 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-11 13:56 - 2014-11-22 12:48 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-11 13:56 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-11 13:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-11 13:55 - 2014-11-11 13:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-11 13:55 - 2014-11-11 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-11 13:51 - 2014-11-11 13:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\True\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-11 13:39 - 2014-11-17 17:04 - 00000000 ____D () C:\Users\True\Desktop\SOA 2014-11-10 19:10 - 2014-11-13 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-07 12:44 - 2014-11-07 12:44 - 00244152 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.3.exe 2014-11-07 12:16 - 2014-11-07 12:18 - 15047896 _____ (DeskSite) C:\Users\True\Downloads\install_colts_desksite.exe 2014-11-06 13:40 - 2014-11-06 13:40 - 00244032 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.2.exe 2014-11-06 09:28 - 2013-08-22 08:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141106-092815.backup 2014-11-05 23:05 - 2014-11-05 23:05 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-11-05 23:05 - 2014-11-05 23:05 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-11-05 23:04 - 2014-11-06 09:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-11-05 23:04 - 2014-11-05 23:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-11-05 23:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-11-05 22:52 - 2014-11-05 23:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\True\Downloads\spybot-2.4.exe 2014-11-05 22:36 - 2014-11-14 16:27 - 00000000 ____D () C:\Users\True\Desktop\Old Firefox Data 2014-11-04 22:11 - 2014-11-04 22:11 - 00002259 _____ () C:\Windows\epplauncher.mif 2014-11-04 22:07 - 2014-11-04 22:09 - 14087848 _____ (Microsoft Corporation) C:\Users\True\Downloads\mseinstall.exe 2014-10-31 14:01 - 2014-11-28 19:06 - 00003272 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task 2014-10-31 14:01 - 2014-10-31 14:01 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web 2014-10-31 13:58 - 2014-11-11 13:12 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll 2014-10-30 12:26 - 2014-10-30 12:26 - 00000000 ____D () C:\Users\True\.swt 2014-10-30 12:24 - 2014-10-30 19:24 - 00000000 ____D () C:\Users\True\AppData\Roaming\Azureus 2014-10-30 12:17 - 2014-10-30 12:17 - 00072008 _____ (Azureus Software, Inc.) C:\Users\True\Downloads\VuzeBittorrentClientInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-28 19:10 - 2014-10-26 20:14 - 00004962 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC 2014-11-28 19:09 - 2014-10-17 16:03 - 00000000 ___RD () C:\Users\True\Dropbox 2014-11-28 19:09 - 2014-10-17 15:57 - 00000000 ____D () C:\Users\True\AppData\Roaming\Dropbox 2014-11-28 19:09 - 2014-06-06 20:44 - 00000000 __RDO () C:\Users\True\SkyDrive 2014-11-28 19:07 - 2014-06-06 20:19 - 02071198 _____ () C:\Windows\WindowsUpdate.log 2014-11-28 19:07 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-28 19:07 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-11-28 19:03 - 2014-06-08 21:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-28 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru 2014-11-28 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-11-26 21:32 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-11-26 21:30 - 2014-06-06 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1734499517-1423219126-3406439121-1002 2014-11-26 21:26 - 2014-06-08 21:07 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-26 21:12 - 2014-06-07 14:49 - 00000000 ____D () C:\Users\True\Desktop\Geneology 2014-11-26 21:11 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-26 21:07 - 2014-06-06 20:27 - 00000000 ____D () C:\Users\True\Documents\Youcam 2014-11-26 20:45 - 2014-06-06 20:51 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E44FF485-5807-49FF-B743-482D2C37A352} 2014-11-21 18:25 - 2014-06-22 17:04 - 00695808 ___SH () C:\Users\True\Desktop\Thumbs.db 2014-11-21 18:22 - 2013-08-26 01:01 - 00124390 _____ () C:\Windows\PFRO.log 2014-11-21 13:40 - 2014-06-07 21:17 - 00000000 ____D () C:\Users\True\Desktop\True Woodcarving Books 2014-11-20 20:37 - 2014-07-27 16:21 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTrue 2014-11-20 20:37 - 2014-07-27 16:21 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTrue.job 2014-11-20 15:51 - 2014-10-25 20:31 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-20 15:51 - 2014-10-25 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-18 17:16 - 2014-10-26 18:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-16 17:23 - 2014-06-09 09:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-16 17:23 - 2014-06-09 09:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-14 20:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache 2014-11-14 18:47 - 2014-10-17 16:03 - 00001070 _____ () C:\Users\True\Desktop\Dropbox.lnk 2014-11-14 18:47 - 2014-10-17 16:02 - 00000000 ____D () C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-12 15:13 - 2014-06-07 15:50 - 00000000 ____D () C:\Users\True\Desktop\Randy 2014-11-11 18:18 - 2013-08-22 09:44 - 00484248 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-11 18:16 - 2014-03-25 14:47 - 00000000 ____D () C:\Windows\Options 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-11 15:31 - 2014-06-07 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-11 15:22 - 2014-06-09 08:54 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-11 15:16 - 2014-06-09 08:54 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 13:08 - 2014-07-22 13:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-11-11 09:23 - 2014-06-07 15:35 - 00000000 ____D () C:\Users\True\Desktop\Debbie Carvings 2014-11-07 15:47 - 2014-09-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Legacy8 2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\ProgramData\McAfee 2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-11-04 22:53 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-11-04 22:51 - 2014-01-18 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection 2014-11-04 22:45 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True\AppData\Local\Packages 2014-11-03 20:50 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-30 12:26 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True 2014-10-30 06:25 - 2014-08-20 14:01 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmumy75.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-21 11:33 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01 Ran by True at 2014-11-28 19:13:57 Running from C:\Users\True\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{FA071D2C-FB23-9D66-88DB-8B3B1CEBEDDC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3618 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard) HP Photosmart 5510 series Product Improvement Study (HKLM\...\{CBB98874-7884-4CC1-A78C-CB53C62BC77B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation) Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.) Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\True\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 11-11-2014 17:05:34 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges 18-11-2014 22:31:09 Windows Update 27-11-2014 02:31:04 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2014-11-06 09:28 - 00450713 ___RA C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0390F844-8BB8-4CF2-8B6A-333B34585420} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN191045FP05NR => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {1F999654-F0FA-4ED7-B6CC-BF747915E701} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink) Task: {2DCE66DC-4EC1-4969-A8A6-90B5FDBDA48C} - System32\Tasks\HPCeeScheduleForTrue => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {3A01E48A-8DC2-4267-92AE-C82215F7CEF1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-11] (Microsoft Corporation) Task: {3FEE3CEB-BC79-45F5-B477-F98F63967A10} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation) Task: {58129A26-74CB-4553-8BD5-9814AE98D6CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {632829CF-193A-42C0-A92B-FAC82F8EF5CA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated) Task: {65828A87-D349-48FA-8777-5D15D920D332} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {84F919F4-E2FA-48C7-A521-1FD7702876CF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.) Task: {87538E65-DB38-4BBE-AB07-472B10B4299D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {98EA16A6-70E5-4DFB-9193-EFA7CA8E6769} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {9AEAAAFB-7FF9-4217-83B0-4541E87B93BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated) Task: {9F4D2CFC-A8B0-49E9-863B-8FC373E54C0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {B25607C2-D153-4846-901E-EC7F57B7CCF4} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-31] (Jelbrus) Task: {C14DD66F-61DA-48B4-8A39-1F2A71C36C88} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-17] (CyberLink Corp.) Task: {C605FB90-B3E9-4290-9111-7908D68CA9EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {C754D718-617D-4B41-9C40-36DC14E713DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {CA4671AD-3A46-4C05-B23C-B6843DAAAF40} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {EB87482D-A23B-4E11-BEFE-22A3B8646C74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {F39B73B7-D933-4537-904C-C8749C2BE318} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {FA59E05D-50C3-4F1B-A01F-FB928C8D37E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForTrue.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe 2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2013-12-11 17:12 - 2013-12-11 17:12 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2013-12-11 17:11 - 2013-12-11 17:11 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-10-26 18:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-11-18 17:13 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2014-11-05 23:04 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-11-05 23:04 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-11-05 23:04 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-11-05 23:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-11-05 23:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-03-25 15:05 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-11-28 19:09 - 2014-11-28 19:09 - 00043008 _____ () c:\users\true\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmumy75.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\True\AppData\Roaming\Dropbox\bin\libcef.dll 2014-11-18 16:50 - 2014-11-18 16:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2014-11-11 19:43 - 2014-11-06 19:09 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-11-18 17:12 - 2014-11-18 17:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2014-11-18 16:50 - 2014-11-18 16:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2014-03-25 15:00 - 2011-08-23 21:39 - 00081920 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_ctypes.pyd 2014-03-25 15:00 - 2011-08-23 21:39 - 00053248 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_socket.pyd 2014-03-25 15:00 - 2011-08-23 21:39 - 00655360 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_ssl.pyd ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\True\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1734499517-1423219126-3406439121-500 - Administrator - Disabled) Guest (S-1-5-21-1734499517-1423219126-3406439121-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1734499517-1423219126-3406439121-1004 - Limited - Enabled) True (S-1-5-21-1734499517-1423219126-3406439121-1002 - Administrator - Enabled) => C:\Users\True ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/28/2014 07:00:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 163247203 Error: (11/28/2014 07:00:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 163247203 Error: (11/28/2014 07:00:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/26/2014 09:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1563 Error: (11/26/2014 09:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1563 Error: (11/26/2014 09:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/26/2014 08:58:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59 Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0xd38 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (11/26/2014 08:54:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59 Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x188 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (11/26/2014 08:54:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FRST64.exe, version: 26.11.2014.1, time stamp: 0x547609fc Faulting module name: FRST64.exe, version: 26.11.2014.1, time stamp: 0x547609fc Exception code: 0xc0000005 Fault offset: 0x0000000000024a00 Faulting process id: 0x978 Faulting application start time: 0xFRST64.exe0 Faulting application path: FRST64.exe1 Faulting module path: FRST64.exe2 Report Id: FRST64.exe3 Faulting package full name: FRST64.exe4 Faulting package-relative application ID: FRST64.exe5 Error: (11/25/2014 09:30:51 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors: ============= Error: (11/26/2014 08:45:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (11/25/2014 09:20:42 AM) (Source: DCOM) (EventID: 10001) (User: HOMEPC) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15616Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable Error: (11/25/2014 09:20:42 AM) (Source: DCOM) (EventID: 10001) (User: HOMEPC) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15616Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable Error: (11/25/2014 09:20:42 AM) (Source: DCOM) (EventID: 10001) (User: HOMEPC) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15616Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable Error: (11/25/2014 09:20:42 AM) (Source: DCOM) (EventID: 10010) (User: HOMEPC) Description: Microsoft.WindowsLive.Mail.AppXchpnq3xrg3grbgjnhp88jn3v9r1xskxr.mca Error: (11/25/2014 09:20:35 AM) (Source: DCOM) (EventID: 10010) (User: HOMEPC) Description: Microsoft.WindowsLive.Mail.AppXchpnq3xrg3grbgjnhp88jn3v9r1xskxr.mca Error: (11/25/2014 09:00:03 AM) (Source: DCOM) (EventID: 10010) (User: HOMEPC) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (11/21/2014 11:33:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error: %%1053 Error: (11/21/2014 11:33:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the AppX Deployment Service (AppXSVC) service to connect. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-11-25 09:24:58.694 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-20 03:17:50.145 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-14 18:58:44.801 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-10 22:03:44.355 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-07 12:36:15.161 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-05 21:42:50.283 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-25 21:49:38.238 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-08-20 17:23:47.703 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E1-2100 APU with Radeon HD Graphics Percentage of memory in use: 43% Total physical RAM: 3537.01 MB Available physical RAM: 1994.57 MB Total Pagefile: 4305.01 MB Available Pagefile: 2630.08 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:446.21 GB) (Free:390.61 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:18.67 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 3F95D415) Partition: GPT Partition Type. ==================== End Of Log ============================
  9. Here's the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01 Ran by True at 2014-11-26 20:58:28 Run:3 Running from C:\Users\True\Desktop Loaded Profile: True (Available profiles: True) Boot Mode: Normal ============================================== Content of fixlist: ***************** ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:50183;https=127.0.0.1:50183 HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjxmrur.dll Task: {31ACA094-369F-4EC6-9699-FE5E91D6E428} - \GPUP No Task File <==== ATTENTION AlternateDataStreams: C:\Users\True\SkyDrive:ms-properties ***************** HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found. HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjxmrur.dll" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31ACA094-369F-4EC6-9699-FE5E91D6E428}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31ACA094-369F-4EC6-9699-FE5E91D6E428}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully. C:\Users\True\SkyDrive => ":ms-properties" ADS removed successfully.
  10. Here are the latest logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01 Ran by True (administrator) on HOMEPC on 25-11-2014 09:06:34 Running from C:\Users\True\Desktop Loaded Profile: True (Available profiles: True) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dropbox, Inc.) C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-07-05] (Realtek Semiconductor) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated) HKLM\...\Run: [ColtsTray] => C:\Program Files (x86)\DeskSite Software\Colts DeskSite\ColtsTray.exe HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:50183;https=127.0.0.1:50183 HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\True\AppData\Roaming\Mozilla\Firefox\Profiles\ywkk0q2m.default-1416000456201 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\b85afb9c3dde7f804c95414cfb510fb1 [2014-11-13] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-11] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed] R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-07-05] (Realtek Semiconductor) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-25 09:06 - 2014-11-25 09:08 - 00015942 _____ () C:\Users\True\Desktop\FRST.txt 2014-11-25 09:06 - 2014-11-25 09:06 - 02118144 _____ (Farbar) C:\Users\True\Desktop\FRST64.exe 2014-11-25 09:06 - 2014-11-25 09:06 - 00000000 ____D () C:\Users\True\Desktop\FRST-OlderVersion 2014-11-22 12:49 - 2014-11-22 14:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-22 12:42 - 2014-11-25 08:56 - 00000000 ____D () C:\Users\True\Desktop\MBAR 2014-11-20 06:15 - 2014-11-20 06:15 - 00000000 ____D () C:\Users\True\Downloads\FRST-OlderVersion 2014-11-19 19:09 - 2014-11-19 19:09 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-11-19 19:08 - 2014-11-19 19:09 - 02347384 _____ (ESET) C:\Users\True\Downloads\esetsmartinstaller_enu.exe 2014-11-19 17:56 - 2014-11-19 17:56 - 02140160 _____ () C:\Users\True\Desktop\AdwCleaner(1).exe 2014-11-19 17:50 - 2014-11-19 17:50 - 00000678 _____ () C:\Users\True\Desktop\JRT.txt 2014-11-19 17:44 - 2014-11-21 18:17 - 00000000 ____D () C:\Users\True\AppData\Local\CrashDumps 2014-11-19 17:43 - 2014-11-19 17:43 - 00000000 ____D () C:\Windows\ERUNT 2014-11-19 17:39 - 2014-11-19 17:39 - 01707532 _____ (Thisisu) C:\Users\True\Desktop\JRT.exe 2014-11-18 16:55 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-18 16:55 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-18 16:55 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-18 16:55 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-17 19:44 - 2014-11-17 19:44 - 00004637 _____ () C:\Users\True\Desktop\RKreport_SCN_11172014_194138.log 2014-11-17 19:21 - 2014-11-17 19:21 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-11-17 19:20 - 2014-11-17 19:20 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-11-17 19:16 - 2014-11-17 19:18 - 17535064 _____ () C:\Users\True\Desktop\RogueKillerX64.exe 2014-11-17 17:06 - 2014-11-17 17:06 - 00000000 ____D () C:\Users\True\Desktop\11-17-2014 2014-11-17 17:04 - 2014-11-17 17:04 - 00000947 _____ () C:\Users\True\Desktop\NTREGOPT.lnk 2014-11-17 17:04 - 2014-11-17 17:04 - 00000928 _____ () C:\Users\True\Desktop\ERUNT.lnk 2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-11-17 17:02 - 2014-11-17 17:02 - 00791393 _____ (Lars Hederer ) C:\Users\True\Downloads\erunt-setup.exe 2014-11-17 17:01 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill report.txt 2014-11-17 16:58 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill.txt 2014-11-17 16:56 - 2014-11-17 16:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\True\Desktop\rkill.exe 2014-11-14 19:05 - 2014-11-14 19:07 - 00037343 _____ () C:\Users\True\Downloads\Addition.txt 2014-11-14 19:03 - 2014-11-25 09:06 - 00000000 ____D () C:\FRST 2014-11-14 19:03 - 2014-11-20 06:17 - 00053536 _____ () C:\Users\True\Downloads\FRST.txt 2014-11-14 18:50 - 2014-11-20 06:15 - 02117120 _____ (Farbar) C:\Users\True\Downloads\FRST64.exe 2014-11-14 18:23 - 2014-11-19 18:21 - 00000000 ____D () C:\AdwCleaner 2014-11-14 18:20 - 2014-11-14 18:21 - 02140160 _____ () C:\Users\True\Downloads\AdwCleaner.exe 2014-11-14 16:26 - 2014-11-14 16:26 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieBrowserModeList 2014-11-11 19:43 - 2014-11-11 19:43 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-11 19:43 - 2014-11-11 19:43 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-11 19:43 - 2014-11-11 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 19:30 - 2014-11-11 19:30 - 00244088 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.1.exe 2014-11-11 15:14 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 15:13 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-11 15:10 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 15:09 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 15:09 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-11 15:09 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-11 15:08 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 15:08 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 15:08 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 15:08 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-11 15:08 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-11 15:08 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 15:08 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 15:08 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-11-11 15:08 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-11-11 15:08 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 15:08 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 15:08 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 15:08 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-11 15:08 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 15:08 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-11 15:08 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-11 15:08 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-11 15:08 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-11 15:08 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-11 15:08 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-11 15:08 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-11 15:08 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-11 15:08 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-11-11 15:08 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-11-11 15:08 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-11 15:08 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-11 15:08 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-11 15:08 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-11 15:08 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-11 15:07 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-11 15:07 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-11 15:07 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-11 15:07 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-11-11 15:07 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-11 15:07 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 15:07 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-11 15:07 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-11 15:07 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 15:07 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-11 15:07 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-11 15:07 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-11 15:07 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-11 15:07 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-11 15:07 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-11 15:07 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-11 15:07 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 15:07 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-11 15:07 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-11-11 15:07 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-11 15:07 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-11 15:07 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-11 15:07 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-11 15:07 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-11 15:07 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-11 15:07 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-11 15:07 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-11 15:07 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-11 15:07 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-11-11 15:07 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-11 15:07 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-11 15:07 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-11 15:07 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-11 15:07 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-11 15:07 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-11 15:07 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-11 15:07 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-11 15:07 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-11 15:07 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-11 15:07 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-11 15:07 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-11 15:07 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-11-11 15:07 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-11 15:07 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-11 15:07 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-11 15:07 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-11 15:06 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-11 15:06 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-11 15:06 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-11 15:06 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-11 15:06 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-11 15:06 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-11 15:06 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-11 15:06 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-11 15:00 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-11 15:00 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-11 15:00 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-11 15:00 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-11 15:00 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-11 15:00 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-11 15:00 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-11 15:00 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-11 15:00 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-11 15:00 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-11 15:00 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-11 15:00 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-11 14:59 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-11 14:59 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-11 14:59 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-11 14:59 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-11 14:59 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-11 14:59 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-11 14:59 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-11 14:59 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-11 14:59 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-11 14:59 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-11 14:59 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-11 14:59 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-11 14:59 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-11 14:59 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-11 14:59 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-11 14:59 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-11 14:59 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-11 14:59 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-11 14:59 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-11 14:59 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-11 14:59 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-11 14:59 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-11 14:58 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-11 14:58 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-11 14:58 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-11 14:58 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-11 14:58 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-11 14:58 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-11 14:58 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-11 14:58 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-11 14:58 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-11 14:58 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-11 14:58 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-11 14:58 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-11 14:58 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-11 14:58 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-11 14:58 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-11 14:58 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-11 14:58 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-11 14:55 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-11 14:55 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-11 14:55 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-11 14:55 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-11 14:55 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-11 14:55 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-11 14:55 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-11 14:55 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 14:55 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-11 14:55 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-11 14:55 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-11 14:55 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-11 14:54 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-11 14:54 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-11 14:54 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-11 14:54 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-11 14:54 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-11 14:54 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-11 14:54 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-11 14:54 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-11 14:54 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-11 14:54 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-11 14:54 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-11 14:54 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-11 14:54 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-11 14:54 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-11 14:54 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-11 14:54 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-11 14:54 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-11 14:54 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-11 14:54 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-11 14:53 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-11 14:53 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-11 14:53 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-11 14:53 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-11 14:53 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-11 14:53 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-11 14:53 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-11-11 13:58 - 2014-11-25 09:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-11 13:57 - 2014-11-11 13:57 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-11 13:57 - 2014-11-11 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-11 13:56 - 2014-11-22 12:48 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-11 13:56 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-11 13:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-11 13:55 - 2014-11-11 13:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-11 13:55 - 2014-11-11 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-11 13:51 - 2014-11-11 13:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\True\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-11 13:39 - 2014-11-17 17:04 - 00000000 ____D () C:\Users\True\Desktop\SOA 2014-11-10 19:10 - 2014-11-13 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-07 12:44 - 2014-11-07 12:44 - 00244152 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.3.exe 2014-11-07 12:16 - 2014-11-07 12:18 - 15047896 _____ (DeskSite) C:\Users\True\Downloads\install_colts_desksite.exe 2014-11-06 13:40 - 2014-11-06 13:40 - 00244032 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.2.exe 2014-11-06 09:28 - 2013-08-22 08:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141106-092815.backup 2014-11-05 23:05 - 2014-11-05 23:05 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-11-05 23:05 - 2014-11-05 23:05 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-11-05 23:04 - 2014-11-06 09:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-11-05 23:04 - 2014-11-05 23:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-11-05 23:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-11-05 22:52 - 2014-11-05 23:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\True\Downloads\spybot-2.4.exe 2014-11-05 22:36 - 2014-11-14 16:27 - 00000000 ____D () C:\Users\True\Desktop\Old Firefox Data 2014-11-04 22:11 - 2014-11-04 22:11 - 00002259 _____ () C:\Windows\epplauncher.mif 2014-11-04 22:07 - 2014-11-04 22:09 - 14087848 _____ (Microsoft Corporation) C:\Users\True\Downloads\mseinstall.exe 2014-10-31 14:01 - 2014-11-25 08:58 - 00003272 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task 2014-10-31 14:01 - 2014-10-31 14:01 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web 2014-10-31 13:58 - 2014-11-11 13:12 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll 2014-10-30 12:26 - 2014-10-30 12:26 - 00000000 ____D () C:\Users\True\.swt 2014-10-30 12:24 - 2014-10-30 19:24 - 00000000 ____D () C:\Users\True\AppData\Roaming\Azureus 2014-10-30 12:17 - 2014-10-30 12:17 - 00072008 _____ (Azureus Software, Inc.) C:\Users\True\Downloads\VuzeBittorrentClientInstaller.exe 2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieUserList 2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieSiteList 2014-10-26 20:14 - 2014-11-25 09:04 - 00004962 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC 2014-10-26 20:14 - 2014-10-26 20:14 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002 2014-10-26 20:14 - 2014-10-26 20:14 - 00000000 ___RD () C:\Users\True\OneDrive 2014-10-26 20:13 - 2014-10-26 20:13 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-10-26 18:39 - 2014-10-26 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-10-26 18:21 - 2014-11-18 17:16 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-26 18:20 - 2014-10-26 18:20 - 01055920 _____ (Microsoft Corporation) C:\Users\True\Downloads\setuponenotefreeretail.x86.en-us_.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-25 09:06 - 2014-06-06 20:19 - 01771095 _____ () C:\Windows\WindowsUpdate.log 2014-11-25 09:05 - 2014-06-06 20:27 - 00000000 ____D () C:\Users\True\Documents\Youcam 2014-11-25 09:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-11-25 09:03 - 2014-10-17 16:03 - 00000000 ___RD () C:\Users\True\Dropbox 2014-11-25 09:03 - 2014-10-17 15:57 - 00000000 ____D () C:\Users\True\AppData\Roaming\Dropbox 2014-11-25 09:03 - 2014-06-06 20:44 - 00000000 __RDO () C:\Users\True\SkyDrive 2014-11-25 09:01 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-25 09:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru 2014-11-25 09:00 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-11-25 08:59 - 2014-06-06 20:51 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E44FF485-5807-49FF-B743-482D2C37A352} 2014-11-22 17:23 - 2014-06-08 21:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-22 11:41 - 2014-06-06 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1734499517-1423219126-3406439121-1002 2014-11-21 18:30 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-21 18:25 - 2014-06-22 17:04 - 00695808 ___SH () C:\Users\True\Desktop\Thumbs.db 2014-11-21 18:22 - 2013-08-26 01:01 - 00124390 _____ () C:\Windows\PFRO.log 2014-11-21 13:40 - 2014-06-07 21:17 - 00000000 ____D () C:\Users\True\Desktop\True Woodcarving Books 2014-11-20 20:37 - 2014-07-27 16:21 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTrue 2014-11-20 20:37 - 2014-07-27 16:21 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTrue.job 2014-11-18 17:33 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-11-16 17:23 - 2014-06-09 09:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-16 17:23 - 2014-06-09 09:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-14 20:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache 2014-11-14 18:47 - 2014-10-17 16:03 - 00001070 _____ () C:\Users\True\Desktop\Dropbox.lnk 2014-11-14 18:47 - 2014-10-17 16:02 - 00000000 ____D () C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-12 15:13 - 2014-06-07 15:50 - 00000000 ____D () C:\Users\True\Desktop\Randy 2014-11-11 18:18 - 2013-08-22 09:44 - 00484248 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-11 18:16 - 2014-03-25 14:47 - 00000000 ____D () C:\Windows\Options 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-11 15:31 - 2014-06-07 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-11 15:25 - 2014-06-08 21:07 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 15:22 - 2014-06-09 08:54 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-11 15:16 - 2014-06-09 08:54 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 13:08 - 2014-07-22 13:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-11-11 09:23 - 2014-06-07 15:35 - 00000000 ____D () C:\Users\True\Desktop\Debbie Carvings 2014-11-07 15:47 - 2014-09-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Legacy8 2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\ProgramData\McAfee 2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-11-04 22:53 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-11-04 22:51 - 2014-01-18 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection 2014-11-04 22:45 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True\AppData\Local\Packages 2014-11-03 20:50 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-30 12:26 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True 2014-10-30 06:25 - 2014-08-20 14:01 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-29 19:55 - 2014-10-25 20:31 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-29 19:55 - 2014-10-25 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-27 13:49 - 2014-10-25 21:22 - 00000000 ____D () C:\Users\True\Documents\OneNote Notebooks Some content of TEMP: ==================== C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjxmrur.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-21 11:33 ==================== End Of Log ============================ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01 Ran by True at 2014-11-25 09:09:46 Running from C:\Users\True\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{FA071D2C-FB23-9D66-88DB-8B3B1CEBEDDC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3618 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard) HP Photosmart 5510 series Product Improvement Study (HKLM\...\{CBB98874-7884-4CC1-A78C-CB53C62BC77B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation) Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.) Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\True\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 30-10-2014 23:10:15 Scheduled Checkpoint 07-11-2014 17:21:52 Installed Colts DeskSite. 11-11-2014 17:05:34 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges 18-11-2014 22:31:09 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2014-11-06 09:28 - 00450713 ___RA C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0390F844-8BB8-4CF2-8B6A-333B34585420} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN191045FP05NR => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {1F999654-F0FA-4ED7-B6CC-BF747915E701} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink) Task: {2DCE66DC-4EC1-4969-A8A6-90B5FDBDA48C} - System32\Tasks\HPCeeScheduleForTrue => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {31ACA094-369F-4EC6-9699-FE5E91D6E428} - \GPUP No Task File <==== ATTENTION Task: {3FEE3CEB-BC79-45F5-B477-F98F63967A10} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation) Task: {58129A26-74CB-4553-8BD5-9814AE98D6CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {632829CF-193A-42C0-A92B-FAC82F8EF5CA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated) Task: {65828A87-D349-48FA-8777-5D15D920D332} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {84F919F4-E2FA-48C7-A521-1FD7702876CF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.) Task: {87538E65-DB38-4BBE-AB07-472B10B4299D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {98EA16A6-70E5-4DFB-9193-EFA7CA8E6769} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {9AEAAAFB-7FF9-4217-83B0-4541E87B93BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated) Task: {9F4D2CFC-A8B0-49E9-863B-8FC373E54C0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {BC675A67-0CC5-46CC-B37F-519DB5745D38} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-11] (Microsoft Corporation) Task: {BE9B037A-2C25-4E4E-982B-36B8D0F8BE88} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-31] (Jelbrus) Task: {BF5A22AC-67D2-4F59-889F-5A0CA28EB6CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {C14DD66F-61DA-48B4-8A39-1F2A71C36C88} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-17] (CyberLink Corp.) Task: {C605FB90-B3E9-4290-9111-7908D68CA9EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {C754D718-617D-4B41-9C40-36DC14E713DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {CA4671AD-3A46-4C05-B23C-B6843DAAAF40} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {EB87482D-A23B-4E11-BEFE-22A3B8646C74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {F39B73B7-D933-4537-904C-C8749C2BE318} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {FA59E05D-50C3-4F1B-A01F-FB928C8D37E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForTrue.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe 2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2013-12-11 17:12 - 2013-12-11 17:12 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2013-12-11 17:11 - 2013-12-11 17:11 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-10-26 18:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-11-18 17:13 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2014-11-05 23:04 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-11-05 23:04 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-11-05 23:04 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-11-05 23:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-11-05 23:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-03-25 15:05 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-11-18 16:50 - 2014-11-18 16:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2014-11-25 09:03 - 2014-11-25 09:03 - 00043008 _____ () c:\users\true\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjxmrur.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\True\AppData\Roaming\Dropbox\bin\libcef.dll 2014-11-18 16:50 - 2014-11-18 16:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2014-11-18 17:12 - 2014-11-18 17:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2014-11-11 19:43 - 2014-11-06 19:09 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\True\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1734499517-1423219126-3406439121-500 - Administrator - Disabled) Guest (S-1-5-21-1734499517-1423219126-3406439121-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1734499517-1423219126-3406439121-1004 - Limited - Enabled) True (S-1-5-21-1734499517-1423219126-3406439121-1002 - Administrator - Enabled) => C:\Users\True ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/22/2014 11:20:30 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a58 Start Time: 01d0066f80e2b6b5 Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: 759e1113-7263-11e4-827b-a02bb835ea16 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (11/21/2014 10:58:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1766 Error: (11/21/2014 10:58:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1766 Error: (11/21/2014 10:58:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/21/2014 06:16:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59 Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x940 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (11/21/2014 11:37:00 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (11/21/2014 11:00:31 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 534 Start Time: 01d005a37cd7c4bd Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: 6fd883cb-7197-11e4-827a-a02bb835ea16 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (11/20/2014 07:37:13 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2093 Error: (11/20/2014 07:37:13 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2093 Error: (11/20/2014 05:23:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (11/25/2014 09:00:03 AM) (Source: DCOM) (EventID: 10010) (User: HOMEPC) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (11/21/2014 11:33:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error: %%1053 Error: (11/21/2014 11:33:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the AppX Deployment Service (AppXSVC) service to connect. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-11-20 03:17:50.145 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-14 18:58:44.801 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-10 22:03:44.355 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-07 12:36:15.161 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-05 21:42:50.283 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-25 21:49:38.238 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-08-20 17:23:47.703 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E1-2100 APU with Radeon HD Graphics Percentage of memory in use: 47% Total physical RAM: 3537.01 MB Available physical RAM: 1847.79 MB Total Pagefile: 4305.01 MB Available Pagefile: 2342.19 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:446.21 GB) (Free:389.65 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:18.67 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 3F95D415) Partition: GPT Partition Type. ==================== End Of Log ============================
  11. I ran the scan and it said no malware found - no cleanup required. M-Bar Log: Malwarebytes Anti-Rootkit BETA 1.08.2.1001 www.malwarebytes.org Database version: v2014.11.22.09 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17416 True :: HOMEPC [administrator] 11/22/2014 12:49:32 PM mbar-log-2014-11-22 (12-49-32).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 324606 Time elapsed: 38 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) ============================================================== System Log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17416 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 0.998000 GHz Memory total: 3708825600, free: 1741967360 Downloaded database version: v2014.11.22.09 Downloaded database version: v2014.11.21.01 ======================================= This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17416 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 0.998000 GHz Memory total: 3708825600, free: 1899589632 Initializing... ====================== ------------ Kernel report ------------ 11/22/2014 12:49:01 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\amdsata.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\amdxata.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\drivers\amdppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\RtsP2Stor.sys \SystemRoot\system32\DRIVERS\athwbx.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\System32\drivers\usbohci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\sdbus.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\WirelessButtonDriver64.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\AmdAS4.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\system32\drivers\AtihdWB6.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\AMDACPKSL.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_amdsata.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\System32\drivers\WSDPrint.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\System32\Drivers\NDProxy.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffe0002e1bc060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\0000002c\ Lower Device Object: 0xffffe0002e0b6060 Lower Device Driver Name: \Driver\amdsata\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe0002e1bc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe0002e1bcb20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe0002e1bc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe0002e0b4ad0, DeviceName: Unknown, DriverName: \Driver\amdxata\ DevicePointer: 0xffffe0002e0b6060, DeviceName: \Device\0000002c\, DriverName: \Driver\amdsata\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1) Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 3F95D415 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 990474525 GPT Header CurrentLba = 1 BackupLba 976773167 GPT Header FirstUsableLba 34 LastUsableLba 976773134 GPT Header Guid 9b734414-5096-4db7-9dde-5f3b5cea714 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 990474525 Backup GPT header CurrentLba = 976773167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 976773134 Backup GPT header Guid 9b734414-5096-4db7-9dde-5f3b5cea714 Backup GPT header Contains 128 partition entries starting at LBA 976773135 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 8144acd0-46e0-4bea-b91e-dce2d08c57ab FirstLBA 2048 Last LBA 821247 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e7c680db-a729-4fcb-ada6-3aa9fe69f37 FirstLBA 821248 Last LBA 1353727 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 744c35ad-9716-489a-80f-203bd5892e1f FirstLBA 1353728 Last LBA 1845247 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 4f67597a-fda3-474b-aa93-d0e7d5698e5e FirstLBA 1845248 Last LBA 937613311 Attributes 0 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID ac90cc0c-a45f-4dc0-b4f7-a09a478b8b7d FirstLBA 937613312 Last LBA 976773119 Attributes 1 Partition Name Basic data partition Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished
  12. Here's the fixlog. Not sure if this was supposed to fix it - if it was, it didn't. The 'Ad by Notification' is still there. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014 Ran by True at 2014-11-21 18:16:28 Run:1 Running from C:\Users\True\Desktop Loaded Profile: True (Available profiles: True) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] => [X] ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:50183;https=127.0.0.1:50183 HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.amazon.co...s={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://www.amazon.co...s={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://www.amazon.co...s={searchTerms} SearchScopes: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} C:\Users\True\AppData\Local\Temp\dllnt_dump.dll C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpztxckg.dll C:\Users\True\AppData\Local\Temp\Extract.exe C:\Users\True\AppData\Local\Temp\ose00000.exe C:\Users\True\AppData\Local\Temp\Quarantine.exe C:\Users\True\AppData\Local\Temp\sqlite3.dll EmptyTemp: Reboot: ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key deleted successfully. "HKCR\CLSID\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully. "HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found. "HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key deleted successfully. "HKCR\CLSID\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key not found. "HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully. "HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found. C:\Users\True\AppData\Local\Temp\dllnt_dump.dll => Moved successfully. C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpztxckg.dll => Moved successfully. C:\Users\True\AppData\Local\Temp\Extract.exe => Moved successfully. C:\Users\True\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\True\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\True\AppData\Local\Temp\sqlite3.dll => Moved successfully. EmptyTemp: => Removed 468.4 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
  13. Ran all the above scans and here are the logs. JRT Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.9 (11.15.2014:2) OS: Windows 8.1 x64 Ran by True on Wed 11/19/2014 at 17:43:14.94 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 11/19/2014 at 17:50:09.61 End of JRT log ================================================================================================== AdwCleaner Log: # AdwCleaner v4.101 - Report created 19/11/2014 at 18:07:45 # Updated 09/11/2014 by Xplode # Database : 2014-11-16.1 [Live] # Operating System : Windows 8.1 (64 bits) # Username : True - HOMEPC # Running from : C:\Users\True\Desktop\AdwCleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v33.1 (x86 en-US) ************************* AdwCleaner[R0].txt - [939 octets] - [14/11/2014 18:23:14] AdwCleaner[R1].txt - [842 octets] - [19/11/2014 17:57:42] AdwCleaner[s0].txt - [965 octets] - [14/11/2014 18:31:24] AdwCleaner[s1].txt - [764 octets] - [19/11/2014 18:07:45] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [823 octets] ########## =============================================================================================================== MalwareBytes Log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/19/2014 Scan Time: 6:22:51 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.19.07 Rootkit Database: v2014.11.18.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: True Scan Type: Threat Scan Result: Completed Objects Scanned: 324660 Time Elapsed: 38 min, 57 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) =================================================================================================================== ESET Log: C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll a variant of Win32/Techsnab.C potentially unwanted application C:\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe a variant of Win32/Techsnab.C potentially unwanted application C:\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe a variant of Win32/Techsnab.C potentially unwanted application C:\Program Files (x86)\Jelbrus Secure Web\jsweb.dll a variant of Win32/Techsnab.C potentially unwanted application C:\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll a variant of Win32/Techsnab.C potentially unwanted application C:\Program Files (x86)\Jelbrus Secure Web\jswff.exe a variant of Win32/Techsnab.C potentially unwanted application C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe a variant of Win32/Techsnab.C potentially unwanted application C:\Users\True\AppData\Local\Microsoft\Windows\INetCache\IE\0MG0BT1B\OrbiterInstaller[1].exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\Users\True\AppData\Local\Microsoft\Windows\INetCache\IE\0MG0BT1B\SPSetup[1].exe a variant of Win32/ClientConnect.A potentially unwanted application C:\Users\True\AppData\Local\Microsoft\Windows\INetCache\IE\MTUW70C6\spstub[1].exe a variant of Win32/ClientConnect.A potentially unwanted application ================================================================================================================ Farbar Log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014 Ran by True (administrator) on HOMEPC on 20-11-2014 06:15:58 Running from C:\Users\True\Downloads Loaded Profile: True (Available profiles: True) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Dropbox, Inc.) C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-07-05] (Realtek Semiconductor) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated) HKLM\...\Run: [ColtsTray] => C:\Program Files (x86)\DeskSite Software\Colts DeskSite\ColtsTray.exe HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:50183;https=127.0.0.1:50183 HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT14/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM -> {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM-x32 -> {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002 -> {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\True\AppData\Roaming\Mozilla\Firefox\Profiles\ywkk0q2m.default-1416000456201 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\b85afb9c3dde7f804c95414cfb510fb1 [2014-11-13] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-11] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed] R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-07-05] (Realtek Semiconductor) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-20 06:15 - 2014-11-20 06:15 - 00000000 ____D () C:\Users\True\Downloads\FRST-OlderVersion 2014-11-19 19:09 - 2014-11-19 19:09 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-11-19 19:08 - 2014-11-19 19:09 - 02347384 _____ (ESET) C:\Users\True\Downloads\esetsmartinstaller_enu.exe 2014-11-19 17:56 - 2014-11-19 17:56 - 02140160 _____ () C:\Users\True\Desktop\AdwCleaner(1).exe 2014-11-19 17:50 - 2014-11-19 17:50 - 00000678 _____ () C:\Users\True\Desktop\JRT.txt 2014-11-19 17:44 - 2014-11-19 17:44 - 00000000 ____D () C:\Users\True\AppData\Local\CrashDumps 2014-11-19 17:43 - 2014-11-19 17:43 - 00000000 ____D () C:\Windows\ERUNT 2014-11-19 17:39 - 2014-11-19 17:39 - 01707532 _____ (Thisisu) C:\Users\True\Desktop\JRT.exe 2014-11-18 16:55 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-18 16:55 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-18 16:55 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-18 16:55 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-17 19:44 - 2014-11-17 19:44 - 00004637 _____ () C:\Users\True\Desktop\RKreport_SCN_11172014_194138.log 2014-11-17 19:21 - 2014-11-17 19:21 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-11-17 19:20 - 2014-11-17 19:20 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-11-17 19:16 - 2014-11-17 19:18 - 17535064 _____ () C:\Users\True\Desktop\RogueKillerX64.exe 2014-11-17 17:06 - 2014-11-17 17:06 - 00000000 ____D () C:\Users\True\Desktop\11-17-2014 2014-11-17 17:04 - 2014-11-17 17:04 - 00000947 _____ () C:\Users\True\Desktop\NTREGOPT.lnk 2014-11-17 17:04 - 2014-11-17 17:04 - 00000928 _____ () C:\Users\True\Desktop\ERUNT.lnk 2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-11-17 17:02 - 2014-11-17 17:02 - 00791393 _____ (Lars Hederer ) C:\Users\True\Downloads\erunt-setup.exe 2014-11-17 17:01 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill report.txt 2014-11-17 16:58 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill.txt 2014-11-17 16:56 - 2014-11-17 16:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\True\Desktop\rkill.exe 2014-11-14 19:05 - 2014-11-14 19:07 - 00037343 _____ () C:\Users\True\Downloads\Addition.txt 2014-11-14 19:03 - 2014-11-20 06:16 - 00000000 ____D () C:\FRST 2014-11-14 19:03 - 2014-11-20 06:15 - 00018002 _____ () C:\Users\True\Downloads\FRST.txt 2014-11-14 18:50 - 2014-11-20 06:15 - 02117120 _____ (Farbar) C:\Users\True\Downloads\FRST64.exe 2014-11-14 18:23 - 2014-11-19 18:21 - 00000000 ____D () C:\AdwCleaner 2014-11-14 18:20 - 2014-11-14 18:21 - 02140160 _____ () C:\Users\True\Downloads\AdwCleaner.exe 2014-11-14 16:26 - 2014-11-14 16:26 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieBrowserModeList 2014-11-11 19:43 - 2014-11-11 19:43 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-11 19:43 - 2014-11-11 19:43 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-11 19:43 - 2014-11-11 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 19:30 - 2014-11-11 19:30 - 00244088 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.1.exe 2014-11-11 15:14 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 15:13 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-11 15:10 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 15:09 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 15:09 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-11 15:09 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-11 15:08 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 15:08 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 15:08 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 15:08 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-11 15:08 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-11 15:08 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 15:08 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 15:08 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-11-11 15:08 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-11-11 15:08 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 15:08 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 15:08 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 15:08 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-11 15:08 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 15:08 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-11 15:08 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-11 15:08 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-11 15:08 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-11 15:08 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-11 15:08 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-11 15:08 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-11 15:08 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-11 15:08 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-11-11 15:08 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-11-11 15:08 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-11 15:08 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-11 15:08 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-11 15:08 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-11 15:08 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-11 15:07 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-11 15:07 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-11 15:07 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-11 15:07 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-11-11 15:07 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-11 15:07 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 15:07 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-11 15:07 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-11 15:07 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 15:07 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-11 15:07 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-11 15:07 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-11 15:07 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-11 15:07 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-11 15:07 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-11 15:07 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-11 15:07 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 15:07 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-11 15:07 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-11-11 15:07 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-11 15:07 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-11 15:07 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-11 15:07 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-11 15:07 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-11 15:07 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-11 15:07 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-11 15:07 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-11 15:07 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-11 15:07 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-11-11 15:07 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-11 15:07 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-11 15:07 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-11 15:07 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-11 15:07 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-11 15:07 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-11 15:07 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-11 15:07 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-11 15:07 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-11 15:07 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-11 15:07 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-11 15:07 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-11 15:07 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-11-11 15:07 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-11 15:07 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-11 15:07 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-11 15:07 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-11 15:06 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-11 15:06 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-11 15:06 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-11 15:06 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-11 15:06 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-11 15:06 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-11 15:06 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-11 15:06 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-11 15:00 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-11 15:00 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-11 15:00 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-11 15:00 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-11 15:00 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-11 15:00 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-11 15:00 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-11 15:00 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-11 15:00 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-11 15:00 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-11 15:00 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-11 15:00 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-11 14:59 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-11 14:59 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-11 14:59 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-11 14:59 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-11 14:59 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-11 14:59 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-11 14:59 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-11 14:59 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-11 14:59 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-11 14:59 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-11 14:59 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-11 14:59 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-11 14:59 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-11 14:59 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-11 14:59 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-11 14:59 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-11 14:59 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-11 14:59 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-11 14:59 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-11 14:59 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-11 14:59 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-11 14:59 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-11 14:58 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-11 14:58 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-11 14:58 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-11 14:58 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-11 14:58 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-11 14:58 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-11 14:58 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-11 14:58 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-11 14:58 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-11 14:58 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-11 14:58 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-11 14:58 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-11 14:58 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-11 14:58 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-11 14:58 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-11 14:58 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-11 14:58 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-11 14:55 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-11 14:55 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-11 14:55 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-11 14:55 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-11 14:55 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-11 14:55 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-11 14:55 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-11 14:55 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 14:55 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-11 14:55 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-11 14:55 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-11 14:55 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-11 14:54 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-11 14:54 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-11 14:54 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-11 14:54 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-11 14:54 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-11 14:54 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-11 14:54 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-11 14:54 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-11 14:54 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-11 14:54 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-11 14:54 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-11 14:54 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-11 14:54 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-11 14:54 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-11 14:54 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-11 14:54 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-11 14:54 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-11 14:54 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-11 14:54 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-11 14:53 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-11 14:53 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-11 14:53 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-11 14:53 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-11 14:53 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-11 14:53 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-11 14:53 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-11-11 13:58 - 2014-11-20 02:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-11 13:57 - 2014-11-11 13:57 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-11 13:57 - 2014-11-11 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-11 13:56 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-11 13:56 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-11 13:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-11 13:55 - 2014-11-11 13:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-11 13:55 - 2014-11-11 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-11 13:51 - 2014-11-11 13:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\True\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-11 13:39 - 2014-11-17 17:04 - 00000000 ____D () C:\Users\True\Desktop\SOA 2014-11-10 19:10 - 2014-11-13 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-07 12:44 - 2014-11-07 12:44 - 00244152 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.3.exe 2014-11-07 12:16 - 2014-11-07 12:18 - 15047896 _____ (DeskSite) C:\Users\True\Downloads\install_colts_desksite.exe 2014-11-06 13:40 - 2014-11-06 13:40 - 00244032 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.2.exe 2014-11-06 09:28 - 2013-08-22 08:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141106-092815.backup 2014-11-05 23:05 - 2014-11-05 23:05 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-11-05 23:05 - 2014-11-05 23:05 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-11-05 23:04 - 2014-11-06 09:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-11-05 23:04 - 2014-11-05 23:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-11-05 23:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-11-05 22:52 - 2014-11-05 23:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\True\Downloads\spybot-2.4.exe 2014-11-05 22:36 - 2014-11-14 16:27 - 00000000 ____D () C:\Users\True\Desktop\Old Firefox Data 2014-11-04 22:11 - 2014-11-04 22:11 - 00002259 _____ () C:\Windows\epplauncher.mif 2014-11-04 22:07 - 2014-11-04 22:09 - 14087848 _____ (Microsoft Corporation) C:\Users\True\Downloads\mseinstall.exe 2014-10-31 14:01 - 2014-11-19 20:09 - 00003272 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task 2014-10-31 14:01 - 2014-10-31 14:01 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web 2014-10-31 13:58 - 2014-11-11 13:12 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll 2014-10-30 12:26 - 2014-10-30 12:26 - 00000000 ____D () C:\Users\True\.swt 2014-10-30 12:24 - 2014-10-30 19:24 - 00000000 ____D () C:\Users\True\AppData\Roaming\Azureus 2014-10-30 12:17 - 2014-10-30 12:17 - 00072008 _____ (Azureus Software, Inc.) C:\Users\True\Downloads\VuzeBittorrentClientInstaller.exe 2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieUserList 2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieSiteList 2014-10-26 20:14 - 2014-11-19 18:28 - 00004962 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC 2014-10-26 20:14 - 2014-10-26 20:14 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002 2014-10-26 20:14 - 2014-10-26 20:14 - 00000000 ___RD () C:\Users\True\OneDrive 2014-10-26 20:13 - 2014-10-26 20:13 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-10-26 18:39 - 2014-10-26 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-10-26 18:21 - 2014-11-18 17:16 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-26 18:20 - 2014-10-26 18:20 - 01055920 _____ (Microsoft Corporation) C:\Users\True\Downloads\setuponenotefreeretail.x86.en-us_.exe 2014-10-25 21:22 - 2014-10-27 13:49 - 00000000 ____D () C:\Users\True\Documents\OneNote Notebooks 2014-10-25 20:31 - 2014-10-29 19:55 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-25 20:31 - 2014-10-29 19:55 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-20 06:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru 2014-11-20 05:23 - 2014-06-08 21:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-19 20:29 - 2014-06-06 20:19 - 01190241 _____ () C:\Windows\WindowsUpdate.log 2014-11-19 18:30 - 2014-06-06 20:27 - 00000000 ____D () C:\Users\True\Documents\Youcam 2014-11-19 18:19 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-19 18:18 - 2014-10-17 16:03 - 00000000 ___RD () C:\Users\True\Dropbox 2014-11-19 18:18 - 2014-10-17 15:57 - 00000000 ____D () C:\Users\True\AppData\Roaming\Dropbox 2014-11-19 18:17 - 2014-06-06 20:44 - 00000000 ___DO () C:\Users\True\SkyDrive 2014-11-19 18:11 - 2013-08-26 01:01 - 00121530 _____ () C:\Windows\PFRO.log 2014-11-19 18:11 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-19 18:10 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-11-19 18:02 - 2014-06-06 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1734499517-1423219126-3406439121-1002 2014-11-19 17:53 - 2014-06-06 20:51 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E44FF485-5807-49FF-B743-482D2C37A352} 2014-11-18 17:33 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-11-17 17:04 - 2014-06-22 17:04 - 00695808 ___SH () C:\Users\True\Desktop\Thumbs.db 2014-11-16 17:23 - 2014-06-09 09:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-16 17:23 - 2014-06-09 09:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-16 14:37 - 2014-07-27 16:21 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTrue 2014-11-16 14:37 - 2014-07-27 16:21 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTrue.job 2014-11-16 12:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-11-14 20:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache 2014-11-14 18:47 - 2014-10-17 16:03 - 00001070 _____ () C:\Users\True\Desktop\Dropbox.lnk 2014-11-14 18:47 - 2014-10-17 16:02 - 00000000 ____D () C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-12 15:13 - 2014-06-07 15:50 - 00000000 ____D () C:\Users\True\Desktop\Randy 2014-11-11 18:18 - 2013-08-22 09:44 - 00484248 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-11 18:16 - 2014-03-25 14:47 - 00000000 ____D () C:\Windows\Options 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-11 15:31 - 2014-06-07 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-11 15:25 - 2014-06-08 21:07 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 15:22 - 2014-06-09 08:54 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-11 15:16 - 2014-06-09 08:54 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 13:08 - 2014-07-22 13:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-11-11 09:23 - 2014-06-07 15:35 - 00000000 ____D () C:\Users\True\Desktop\Debbie Carvings 2014-11-07 15:47 - 2014-09-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Legacy8 2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\ProgramData\McAfee 2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-11-04 22:53 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-11-04 22:51 - 2014-01-18 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection 2014-11-04 22:45 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True\AppData\Local\Packages 2014-11-03 20:50 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-11-02 10:11 - 2014-06-07 21:17 - 00000000 ____D () C:\Users\True\Desktop\True Woodcarving Books 2014-10-30 12:26 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True 2014-10-30 06:25 - 2014-08-20 14:01 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera 2014-10-25 20:21 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore Some content of TEMP: ==================== C:\Users\True\AppData\Local\Temp\dllnt_dump.dll C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpztxckg.dll C:\Users\True\AppData\Local\Temp\Extract.exe C:\Users\True\AppData\Local\Temp\ose00000.exe C:\Users\True\AppData\Local\Temp\Quarantine.exe C:\Users\True\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-20 03:15 ==================== End Of Log ===
  14. Thank you for helping me. You have no idea how much I appreciate it! Here's the results from the Threat Scan: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/17/2014 Scan Time: 5:09:20 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.17.07 Rootkit Database: v2014.11.12.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: True Scan Type: Threat Scan Result: Completed Objects Scanned: 323982 Time Elapsed: 39 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) And here's the log from RogueKiller: RogueKiller V10.0.6.0 (x64) [Nov 13 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits version Started in : Normal mode User : True [Administrator] Mode : Scan -- Date : 11/17/2014 19:41:38 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 16 ¤¤¤ [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183 -> Found [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183 -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACEA431E-6210-4E77-A94A-E742D2D8142B} | DhcpNameServer : 100.100.1.5 [(Unknown Country?) (XX)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACEA431E-6210-4E77-A94A-E742D2D8142B} | DhcpNameServer : 100.100.1.5 [(Unknown Country?) (XX)] -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 6 (Driver: Loaded) ¤¤¤ [iAT:Addr] (explorer.exe @ USERENV.dll) ext-ms-win-profile-userenv-l1-1-0.dll - GetAppContainerFolderPathWorker : C:\Windows\SYSTEM32\profext.dll @ 0x7ffa67844f28 [iAT:Addr] (explorer.exe @ SettingSyncCore.dll) ext-ms-win-winbici-l1-1-0.dll - SetUserId : C:\Windows\SYSTEM32\winbici.dll @ 0x7ffa69163470 [iAT:Addr] (explorer.exe @ SettingSyncCore.dll) ext-ms-win-winbici-l1-1-0.dll - SetUserBetaState : C:\Windows\SYSTEM32\winbici.dll @ 0x7ffa69163710 [iAT:Addr] (explorer.exe @ Windows.Globalization.dll) ext-ms-win-globalization-collation-l1-1-0.dll - WGCGetGroupingLetter : C:\Windows\SYSTEM32\globcollationhost.dll @ 0x7ffa6db30c78 [iAT:Addr] (explorer.exe @ Windows.Globalization.dll) ext-ms-win-globalization-collation-l1-1-0.dll - WGCGetCharacterGroupDisplayName : C:\Windows\SYSTEM32\globcollationhost.dll @ 0x7ffa6db30c84 [iAT:Addr] (explorer.exe @ Windows.Globalization.dll) ext-ms-win-globalization-collation-l1-1-0.dll - WGCGetDefaultGroupingLetters : C:\Windows\SYSTEM32\globcollationhost.dll @ 0x7ffa6db30c6c ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: HGST HTS545050A7E680 SATA Disk Device +++++ --- User --- [MBR] 50f32aaf7394053b52d5af7f949c1c83 [bSP] 39086017092d4150764ee2cf324d8bd9 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB User = LL1 ... OK User = LL2 ... OK
  15. A few weeks ago I installed P2P software to download a copy of an old TV show. The 'Ad by Notification' must have downloaded along with the P2P software. Since then I have uninstalled the software, reset, uninstalled then re-installed mozilla and explorer, ran windows defender, malware bytes, spybot and adw cleaner. I have looked for any obscure software on my pc to install buy haven't found any. While some items were detected and quaranteened, the problem still persists. I don't know what else to do - hoping you can help me fix my screw-up. I ran the Farbar Recovery Scan Tool and here are the results. Thank you in advance for any help you can give me! FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014 Ran by True (administrator) on HOMEPC on 14-11-2014 19:03:23 Running from C:\Users\True\Downloads Loaded Profile: True (Available profiles: True) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Dropbox, Inc.) C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-07-05] (Realtek Semiconductor) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated) HKLM\...\Run: [ColtsTray] => C:\Program Files (x86)\DeskSite Software\Colts DeskSite\ColtsTray.exe HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT14/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM - {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS SearchScopes: HKLM-x32 - {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\True\AppData\Roaming\Mozilla\Firefox\Profiles\ywkk0q2m.default-1416000456201 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\b85afb9c3dde7f804c95414cfb510fb1 [2014-11-13] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-11] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed] R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.) R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-07-05] (Realtek Semiconductor) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-14 19:03 - 2014-11-14 19:04 - 00018230 _____ () C:\Users\True\Downloads\FRST.txt 2014-11-14 19:03 - 2014-11-14 19:03 - 00000000 ____D () C:\FRST 2014-11-14 18:50 - 2014-11-14 18:50 - 02116608 _____ (Farbar) C:\Users\True\Downloads\FRST64.exe 2014-11-14 18:23 - 2014-11-14 18:36 - 00000000 ____D () C:\AdwCleaner 2014-11-14 18:20 - 2014-11-14 18:21 - 02140160 _____ () C:\Users\True\Downloads\AdwCleaner.exe 2014-11-14 16:26 - 2014-11-14 16:26 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieBrowserModeList 2014-11-11 19:43 - 2014-11-11 19:43 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-11 19:43 - 2014-11-11 19:43 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-11 19:43 - 2014-11-11 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 19:30 - 2014-11-11 19:30 - 00244088 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.1.exe 2014-11-11 15:14 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 15:13 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-11 15:10 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 15:09 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 15:09 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-11 15:09 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-11 15:08 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 15:08 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 15:08 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 15:08 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-11 15:08 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-11 15:08 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 15:08 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 15:08 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-11-11 15:08 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-11-11 15:08 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 15:08 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 15:08 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 15:08 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-11 15:08 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 15:08 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-11 15:08 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-11 15:08 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-11 15:08 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-11 15:08 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-11 15:08 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-11 15:08 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-11 15:08 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-11 15:08 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-11-11 15:08 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-11-11 15:08 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-11 15:08 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-11 15:08 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-11 15:08 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-11 15:08 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-11 15:07 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-11-11 15:07 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-11 15:07 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-11 15:07 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-11-11 15:07 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-11 15:07 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 15:07 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-11-11 15:07 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2014-11-11 15:07 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 15:07 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-11 15:07 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-11-11 15:07 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-11 15:07 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-11 15:07 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-11-11 15:07 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-11-11 15:07 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-11 15:07 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 15:07 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-11 15:07 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-11-11 15:07 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-11-11 15:07 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-11 15:07 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-11 15:07 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-11-11 15:07 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-11-11 15:07 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-11-11 15:07 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-11-11 15:07 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-11-11 15:07 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-11 15:07 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-11-11 15:07 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-11 15:07 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-11 15:07 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-11 15:07 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-11 15:07 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-11-11 15:07 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2014-11-11 15:07 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-11 15:07 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-11-11 15:07 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-11 15:07 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-11-11 15:07 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-11 15:07 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-11 15:07 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-11 15:07 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-11-11 15:07 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-11-11 15:07 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-11 15:07 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-11 15:07 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-11-11 15:06 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-11-11 15:06 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-11 15:06 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-11-11 15:06 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-11 15:06 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-11 15:06 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-11 15:06 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-11-11 15:06 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-11-11 15:00 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-11 15:00 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-11 15:00 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-11 15:00 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-11 15:00 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-11 15:00 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-11-11 15:00 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-11 15:00 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2014-11-11 15:00 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-11 15:00 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-11-11 15:00 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2014-11-11 15:00 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2014-11-11 14:59 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-11 14:59 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-11 14:59 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-11 14:59 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-11 14:59 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-11 14:59 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-11 14:59 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-11 14:59 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-11 14:59 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-11-11 14:59 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-11 14:59 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-11-11 14:59 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-11 14:59 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-11 14:59 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-11 14:59 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-11-11 14:59 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-11 14:59 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-11 14:59 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-11 14:59 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-11 14:59 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-11 14:59 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-11-11 14:59 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-11 14:58 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-11-11 14:58 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-11-11 14:58 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-11-11 14:58 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-11-11 14:58 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-11-11 14:58 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-11-11 14:58 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-11-11 14:58 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-11-11 14:58 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-11-11 14:58 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-11-11 14:58 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-11-11 14:58 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-11-11 14:58 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-11-11 14:58 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-11-11 14:58 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-11-11 14:58 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-11-11 14:58 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-11 14:55 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-11 14:55 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-11 14:55 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-11 14:55 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-11-11 14:55 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-11 14:55 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-11 14:55 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-11 14:55 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-11 14:55 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 14:55 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-11 14:55 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-11 14:55 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-11 14:55 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-11 14:54 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-11-11 14:54 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-11 14:54 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-11-11 14:54 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-11-11 14:54 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-11-11 14:54 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-11-11 14:54 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-11-11 14:54 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-11-11 14:54 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-11-11 14:54 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-11 14:54 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-11 14:54 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-11-11 14:54 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-11-11 14:54 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-11-11 14:54 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-11 14:54 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-11 14:54 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-11 14:54 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-11 14:54 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-11-11 14:53 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-11-11 14:53 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-11 14:53 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-11 14:53 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-11 14:53 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-11 14:53 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-11-11 14:53 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-11-11 13:58 - 2014-11-14 18:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-11 13:57 - 2014-11-11 13:57 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-11 13:57 - 2014-11-11 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-11 13:56 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-11 13:56 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-11 13:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-11 13:55 - 2014-11-11 13:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-11 13:55 - 2014-11-11 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-11 13:51 - 2014-11-11 13:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\True\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-11 13:39 - 2014-11-11 13:40 - 00000000 ____D () C:\Users\True\Desktop\SOA 2014-11-11 12:03 - 2014-11-11 12:06 - 00023159 _____ () C:\Windows\wininit.ini 2014-11-10 19:10 - 2014-11-13 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-07 12:44 - 2014-11-07 12:44 - 00244152 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.3.exe 2014-11-07 12:16 - 2014-11-07 12:18 - 15047896 _____ (DeskSite) C:\Users\True\Downloads\install_colts_desksite.exe 2014-11-06 13:40 - 2014-11-06 13:40 - 00244032 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.2.exe 2014-11-06 09:28 - 2013-08-22 08:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141106-092815.backup 2014-11-05 23:05 - 2014-11-05 23:05 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-11-05 23:05 - 2014-11-05 23:05 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-11-05 23:04 - 2014-11-06 09:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-11-05 23:04 - 2014-11-05 23:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-11-05 23:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-11-05 22:52 - 2014-11-05 23:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\True\Downloads\spybot-2.4.exe 2014-11-05 22:36 - 2014-11-14 16:27 - 00000000 ____D () C:\Users\True\Desktop\Old Firefox Data 2014-11-04 22:11 - 2014-11-04 22:11 - 00002259 _____ () C:\Windows\epplauncher.mif 2014-11-04 22:07 - 2014-11-04 22:09 - 14087848 _____ (Microsoft Corporation) C:\Users\True\Downloads\mseinstall.exe 2014-10-31 14:01 - 2014-11-13 19:39 - 00003272 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task 2014-10-31 14:01 - 2014-10-31 14:01 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web 2014-10-31 13:58 - 2014-11-11 13:12 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll 2014-10-30 12:26 - 2014-10-30 12:26 - 00000000 ____D () C:\Users\True\.swt 2014-10-30 12:24 - 2014-10-30 19:24 - 00000000 ____D () C:\Users\True\AppData\Roaming\Azureus 2014-10-30 12:17 - 2014-10-30 12:17 - 00072008 _____ (Azureus Software, Inc.) C:\Users\True\Downloads\VuzeBittorrentClientInstaller.exe 2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieUserList 2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieSiteList 2014-10-26 20:14 - 2014-11-14 18:56 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC 2014-10-26 20:14 - 2014-10-26 20:14 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002 2014-10-26 20:14 - 2014-10-26 20:14 - 00000000 ___RD () C:\Users\True\OneDrive 2014-10-26 20:13 - 2014-10-26 20:13 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-10-26 18:39 - 2014-10-26 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-10-26 18:21 - 2014-10-26 18:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-26 18:20 - 2014-10-26 18:20 - 01055920 _____ (Microsoft Corporation) C:\Users\True\Downloads\setuponenotefreeretail.x86.en-us_.exe 2014-10-25 21:22 - 2014-10-27 13:49 - 00000000 ____D () C:\Users\True\Documents\OneNote Notebooks 2014-10-25 20:31 - 2014-10-29 19:55 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-25 20:31 - 2014-10-29 19:55 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-17 16:03 - 2014-11-14 18:48 - 00000000 ___RD () C:\Users\True\Dropbox 2014-10-17 16:03 - 2014-11-14 18:47 - 00001070 _____ () C:\Users\True\Desktop\Dropbox.lnk 2014-10-17 16:02 - 2014-11-14 18:47 - 00000000 ____D () C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-10-17 15:57 - 2014-11-14 18:48 - 00000000 ____D () C:\Users\True\AppData\Roaming\Dropbox 2014-10-17 15:56 - 2014-10-17 15:56 - 00323672 _____ (Dropbox, Inc.) C:\Users\True\Downloads\DropboxInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-14 19:04 - 2014-06-06 20:19 - 01626191 _____ () C:\Windows\WindowsUpdate.log 2014-11-14 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru 2014-11-14 18:56 - 2014-06-06 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1734499517-1423219126-3406439121-1002 2014-11-14 18:41 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-14 18:36 - 2014-06-06 20:27 - 00000000 ____D () C:\Users\True\Documents\Youcam 2014-11-14 18:35 - 2014-06-06 20:44 - 00000000 ___DO () C:\Users\True\SkyDrive 2014-11-14 18:32 - 2013-08-26 01:01 - 00120606 _____ () C:\Windows\PFRO.log 2014-11-14 18:32 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-14 18:32 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-11-14 18:23 - 2014-06-08 21:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-14 18:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-11-14 16:26 - 2014-06-06 20:51 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E44FF485-5807-49FF-B743-482D2C37A352} 2014-11-12 15:13 - 2014-06-07 15:50 - 00000000 ____D () C:\Users\True\Desktop\Randy 2014-11-12 14:37 - 2014-07-27 16:21 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTrue 2014-11-12 14:37 - 2014-07-27 16:21 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTrue.job 2014-11-12 11:25 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-11-11 18:33 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache 2014-11-11 18:18 - 2013-08-22 09:44 - 00484248 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-11 18:16 - 2014-03-25 14:47 - 00000000 ____D () C:\Windows\Options 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-11 15:31 - 2014-06-07 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-11 15:25 - 2014-06-08 21:07 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 15:22 - 2014-06-09 08:54 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-11 15:16 - 2014-06-09 08:54 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 13:08 - 2014-07-22 13:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-11-11 09:23 - 2014-06-07 15:35 - 00000000 ____D () C:\Users\True\Desktop\Debbie Carvings 2014-11-07 15:47 - 2014-09-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Legacy8 2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\ProgramData\McAfee 2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-11-04 22:53 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-11-04 22:51 - 2014-01-18 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection 2014-11-04 22:45 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True\AppData\Local\Packages 2014-11-03 20:50 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-11-03 20:29 - 2014-06-22 17:04 - 00695808 ___SH () C:\Users\True\Desktop\Thumbs.db 2014-11-02 20:34 - 2014-06-09 09:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-02 20:34 - 2014-06-09 09:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-02 10:11 - 2014-06-07 21:17 - 00000000 ____D () C:\Users\True\Desktop\True Woodcarving Books 2014-10-30 12:26 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True 2014-10-30 06:25 - 2014-08-20 14:01 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera 2014-10-25 20:21 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore Some content of TEMP: ==================== C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuh5wix.dll C:\Users\True\AppData\Local\Temp\Extract.exe C:\Users\True\AppData\Local\Temp\ose00000.exe C:\Users\True\AppData\Local\Temp\Quarantine.exe C:\Users\True\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-10 22:02 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014 Ran by True at 2014-11-14 19:05:53 Running from C:\Users\True\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{FA071D2C-FB23-9D66-88DB-8B3B1CEBEDDC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3618 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard) HP Photosmart 5510 series Product Improvement Study (HKLM\...\{CBB98874-7884-4CC1-A78C-CB53C62BC77B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation) Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla) MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.) Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\True\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 22-10-2014 03:03:08 Windows Update 30-10-2014 23:10:15 Scheduled Checkpoint 07-11-2014 17:21:52 Installed Colts DeskSite. 11-11-2014 17:05:34 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2014-11-06 09:28 - 00450713 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0390F844-8BB8-4CF2-8B6A-333B34585420} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN191045FP05NR => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard) Task: {14C88463-7927-4A82-91E1-76418DF41312} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation) Task: {1F999654-F0FA-4ED7-B6CC-BF747915E701} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink) Task: {2DCE66DC-4EC1-4969-A8A6-90B5FDBDA48C} - System32\Tasks\HPCeeScheduleForTrue => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {31ACA094-369F-4EC6-9699-FE5E91D6E428} - \GPUP No Task File <==== ATTENTION Task: {3AF72D1A-C3A0-4163-BA2D-A11572E75918} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-11] (Microsoft Corporation) Task: {3FEE3CEB-BC79-45F5-B477-F98F63967A10} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-10-26] (Microsoft Corporation) Task: {58129A26-74CB-4553-8BD5-9814AE98D6CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {632829CF-193A-42C0-A92B-FAC82F8EF5CA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated) Task: {65828A87-D349-48FA-8777-5D15D920D332} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {84F919F4-E2FA-48C7-A521-1FD7702876CF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.) Task: {98EA16A6-70E5-4DFB-9193-EFA7CA8E6769} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {9AEAAAFB-7FF9-4217-83B0-4541E87B93BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated) Task: {9F4D2CFC-A8B0-49E9-863B-8FC373E54C0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard) Task: {ACF70E8D-BCAA-417B-A3DF-B4F0BFE09FC2} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-31] (Jelbrus) Task: {C14DD66F-61DA-48B4-8A39-1F2A71C36C88} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-17] (CyberLink Corp.) Task: {C605FB90-B3E9-4290-9111-7908D68CA9EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {C754D718-617D-4B41-9C40-36DC14E713DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {CA4671AD-3A46-4C05-B23C-B6843DAAAF40} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {EB87482D-A23B-4E11-BEFE-22A3B8646C74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {F39B73B7-D933-4537-904C-C8749C2BE318} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {FA59E05D-50C3-4F1B-A01F-FB928C8D37E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForTrue.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe 2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2013-12-11 17:12 - 2013-12-11 17:12 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2013-12-11 17:11 - 2013-12-11 17:11 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-10-26 18:21 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-10-26 19:22 - 2014-10-26 19:22 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2014-09-09 18:57 - 2014-09-09 18:58 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-11-05 23:04 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-11-05 23:04 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-11-05 23:04 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-11-05 23:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-11-05 23:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-03-25 15:05 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-10-26 19:23 - 2014-10-26 19:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2014-10-26 18:23 - 2014-10-26 18:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2014-11-11 19:43 - 2014-11-06 19:09 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-11-14 18:48 - 2014-11-14 18:48 - 00043008 _____ () c:\users\true\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuh5wix.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\True\AppData\Roaming\Dropbox\bin\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\True\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1734499517-1423219126-3406439121-500 - Administrator - Disabled) Guest (S-1-5-21-1734499517-1423219126-3406439121-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1734499517-1423219126-3406439121-1004 - Limited - Enabled) True (S-1-5-21-1734499517-1423219126-3406439121-1002 - Administrator - Enabled) => C:\Users\True ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/14/2014 04:50:17 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e68 Start Time: 01d00052596c3036 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 3339015c-6c48-11e4-8278-a02bb835ea16 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (11/13/2014 08:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1938 Start Time: 01cffe918d6a1fed Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: eda1ae42-6b97-11e4-8276-a02bb835ea16 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (11/13/2014 07:41:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1680 Start Time: 01cfffa2e44ca04d Termination Time: 4294967295 Application Path: C:\Windows\system32\backgroundTaskHost.exe Report Id: dc8caab8-6b96-11e4-8276-a02bb835ea16 Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt Faulting package-relative application ID: App Error: (11/12/2014 10:48:50 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1af8 Start Time: 01cffe0c1016922e Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 23e6ba1c-6a83-11e4-8276-a02bb835ea16 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (11/11/2014 01:29:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939 Faulting module name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939 Exception code: 0xc0000005 Fault offset: 0x00021a20 Faulting process id: 0x1470 Faulting application start time: 0xWajamInternetEnhancerService.exe0 Faulting application path: WajamInternetEnhancerService.exe1 Faulting module path: WajamInternetEnhancerService.exe2 Report Id: WajamInternetEnhancerService.exe3 Faulting package full name: WajamInternetEnhancerService.exe4 Faulting package-relative application ID: WajamInternetEnhancerService.exe5 Error: (11/11/2014 01:28:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939 Faulting module name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939 Exception code: 0xc0000005 Fault offset: 0x00021a20 Faulting process id: 0x199c Faulting application start time: 0xWajamInternetEnhancerService.exe0 Faulting application path: WajamInternetEnhancerService.exe1 Faulting module path: WajamInternetEnhancerService.exe2 Report Id: WajamInternetEnhancerService.exe3 Faulting package full name: WajamInternetEnhancerService.exe4 Faulting package-relative application ID: WajamInternetEnhancerService.exe5 Error: (11/11/2014 01:06:24 PM) (Source: MsiInstaller) (EventID: 1024) (User: HOMEPC) Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (11/11/2014 09:34:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59 Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x1990 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (11/11/2014 09:30:35 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 33.1.0.5423 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 154c Start Time: 01cffdba3391b8e6 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 49cbe4d4-69af-11e4-8274-a02bb835ea16 Faulting package full name: Faulting package-relative application ID: Error: (11/11/2014 09:30:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59 Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x1998 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 System errors: ============= Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s). Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (11/14/2014 06:31:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (11/14/2014 06:31:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-11-14 18:58:44.801 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-10 22:03:44.355 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-07 12:36:15.161 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-05 21:42:50.283 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-25 21:49:38.238 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-08-20 17:23:47.703 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E1-2100 APU with Radeon HD Graphics Percentage of memory in use: 48% Total physical RAM: 3537.01 MB Available physical RAM: 1827.7 MB Total Pagefile: 4305.01 MB Available Pagefile: 2237.05 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:446.21 GB) (Free:388.14 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:18.67 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 3F95D415) Partition: GPT Partition Type. ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.