MsJoJo

Honorary Members

View Profile See their activity

Posts
22
Joined
November 16, 2014
Last visited
December 31, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by MsJoJo

windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Well, Safe Mode still has the flashing issue making it unusable, however... I decided to try S-mode with C-line and that worked - good old faithful DOS. MBAM is out of date and I did not connect internet to update it, but it found nothing with the threat scan. Now what? Is it reasonable to assume we'll finally fix this or is it time to give up and simply re-install the OS? Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 12/18/2014Scan Time: 10:35:59 AMLogfile: MbamSafeMode.txtAdministrator: YesVersion: 2.00.4.1028Malware Database: v2014.12.06.05Rootkit Database: v2014.12.03.01License: PremiumMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 8.1CPU: x64File System: NTFSUser: JoanneScan Type: Threat ScanResult: CompletedObjects Scanned: 331958Time Elapsed: 10 min, 0 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)
- December 18, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Here it is - should I try booting into windows now or wait for further instructions?? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014Ran by SYSTEM at 2014-12-16 20:14:01 Run:2Running from d:\Boot Mode: Recovery==============================================Content of fixlist:*****************HKU\Joanne\...\Run: [Emvrtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Joanne\AppData\Local\Idgsoft\GdText.dll2014-12-03 14:44 - 2014-12-05 09:09 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Owzdics2014-12-03 14:44 - 2014-12-04 09:30 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Idgsoft*****************HKU\Joanne\Software\Microsoft\Windows\CurrentVersion\Run\\Emvrtion => value deleted successfully.C:\Users\Joanne\AppData\Local\Owzdics => Moved successfully.C:\Users\Joanne\AppData\Local\Idgsoft => Moved successfully.==== End of Fixlog ====
- December 17, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Here it is: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014 ([color=red]ATTENTION: ====> FRST version is 24 days old and could be outdated[/color])Ran by SYSTEM on MININT-POTF904 on 11-12-2014 19:46:47Running from d:\Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: RecoveryThe current controlset is ControlSet001[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-03] ()HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-03] ()HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [320168 2010-02-03] ()HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,Winlogon\Notify\igfxcui: igfxdev.dll [X]Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))HKU\Default\...\RunOnce: [RegDXVA1] => C:\Windows\system32\cmd.exe /c reg import "C:\Program Files (x86)\Acer\Acer Media_\SwitchUserVideoKey.reg"HKU\Default User\...\RunOnce: [RegDXVA1] => C:\Windows\system32\cmd.exe /c reg import "C:\Program Files (x86)\Acer\Acer Media_\SwitchUserVideoKey.reg"HKU\Joanne\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] ()HKU\Joanne\...\Run: [PCShowServer] => C:\Users\Joanne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1723760 2014-07-28] (NDS Technologies)HKU\Joanne\...\Run: [VueMinder] => C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe [9164288 2014-11-13] (VueSoft)HKU\Joanne\...\Run: [Emvrtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Joanne\AppData\Local\Idgsoft\GdText.dllStartup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Calendar Free.lnkShortcutTarget: Efficient Calendar Free.lnk -> C:\Program Files (x86)\Efficient Calendar Free\EfficientCalendarFree.exe (No File)Startup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)BootExecute: autocheck autochk * sdnclean64.exe==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] ()S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider)S2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] ()S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-26] (Avast Software)S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-27] (Lexmark International, Inc.)S2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )S2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)S2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] ()S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-08] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)S2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-18] (Realtek semiconductor corp)S1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-26] (Avast Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-05 04:21 - 2014-12-05 04:38 - 00000016 _____ () C:\InjectIntoProcess crash2014-12-04 20:10 - 2014-12-04 20:10 - 00000197 _____ () C:\Windows\System32\2014-12-05-04-10-25.070-AvastVBoxSVC.exe-2504.log2014-12-04 15:35 - 2014-12-04 15:35 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Lazy Turtle Games2014-12-04 15:21 - 2014-12-04 15:21 - 00002062 _____ () C:\Users\Public\Desktop\Play The Far Kingdoms - Elements.lnk2014-12-04 15:21 - 2014-12-04 15:21 - 00001284 _____ () C:\Users\Public\Desktop\More Great Games.lnk2014-12-04 15:21 - 2014-12-04 15:21 - 00000000 ____D () C:\Program Files (x86)\The Far Kingdoms - Elements2014-12-04 15:12 - 2014-12-04 15:12 - 00002067 _____ () C:\Users\Public\Desktop\Play True Fear - Forsaken Souls.lnk2014-12-04 15:11 - 2014-12-04 15:12 - 00000000 ____D () C:\Program Files (x86)\True Fear - Forsaken Souls2014-12-04 14:39 - 2014-12-04 14:40 - 00000247 _____ () C:\Windows\System32\2014-12-04-22-39-57.066-aswFe.exe-3344.log2014-12-04 14:20 - 2014-12-04 14:39 - 00000247 _____ () C:\Windows\System32\2014-12-04-22-20-37.023-aswFe.exe-5408.log2014-12-04 14:20 - 2014-12-04 14:20 - 00000197 _____ () C:\Windows\System32\2014-12-04-22-20-35.019-AvastVBoxSVC.exe-4092.log2014-12-04 14:01 - 2014-12-04 14:16 - 00000247 _____ () C:\Windows\System32\2014-12-04-22-01-33.076-aswFe.exe-3816.log2014-12-04 14:01 - 2014-12-04 14:01 - 00000197 _____ () C:\Windows\System32\2014-12-04-22-01-31.068-AvastVBoxSVC.exe-3560.log2014-12-04 10:30 - 2014-12-04 10:30 - 00000000 ____D () C:\Program Files (x86)\ESET2014-12-04 09:46 - 2014-12-04 09:46 - 00000000 __SHD () C:\Users\Joanne\AppData\Local\EmieBrowserModeList2014-12-04 09:32 - 2014-12-04 09:32 - 00000197 _____ () C:\Windows\System32\2014-12-04-17-32-38.013-AvastVBoxSVC.exe-3504.log2014-12-03 14:44 - 2014-12-05 09:09 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Owzdics2014-12-03 14:44 - 2014-12-04 09:30 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Idgsoft2014-12-02 12:44 - 2014-12-02 12:44 - 00000197 _____ () C:\Windows\System32\2014-12-02-20-44-14.043-AvastVBoxSVC.exe-5112.log2014-12-01 19:14 - 2014-12-01 19:14 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Mad Head Games2014-12-01 17:14 - 2014-12-01 17:14 - 00002164 _____ () C:\Users\Public\Desktop\Play Paranormal Pursuit - The Gifted One.lnk2014-12-01 17:12 - 2014-12-01 17:14 - 00000000 ____D () C:\Program Files (x86)\Paranormal Pursuit - The Gifted One2014-12-01 17:12 - 2014-12-01 17:12 - 00002074 _____ () C:\Users\Public\Desktop\Play Fear for Sale - The 13 Keys.lnk2014-12-01 17:11 - 2014-12-01 17:12 - 00000000 ____D () C:\Program Files (x86)\Fear for Sale - The 13 Keys2014-12-01 17:07 - 2014-12-01 17:07 - 00002129 _____ () C:\Users\Public\Desktop\Play Echoes of the Past - Wolf Healer.lnk2014-12-01 17:05 - 2014-12-01 17:07 - 00000000 ____D () C:\Program Files (x86)\Echoes of the Past - Wolf Healer2014-12-01 17:05 - 2014-12-01 17:05 - 00002089 _____ () C:\Users\Public\Desktop\Play Dreampath - The Two Kingdoms.lnk2014-12-01 17:04 - 2014-12-01 17:05 - 00000000 ____D () C:\Program Files (x86)\Dreampath - The Two Kingdoms2014-11-30 15:13 - 2014-11-30 15:13 - 00000197 _____ () C:\Windows\System32\2014-11-30-23-13-41.002-AvastVBoxSVC.exe-4476.log2014-11-30 10:28 - 2014-11-30 10:28 - 00002182 _____ () C:\Users\Public\Desktop\Play Rite of Passage - Child of the Forest.lnk2014-11-30 10:27 - 2014-11-30 10:28 - 00000000 ____D () C:\Program Files (x86)\Rite of Passage - Child of the Forest2014-11-30 10:08 - 2014-11-30 10:08 - 00002162 _____ () C:\Users\Public\Desktop\Play Legacy Tales - Mercy of the Gallows.lnk2014-11-30 10:07 - 2014-11-30 10:08 - 00000000 ____D () C:\Program Files (x86)\Legacy Tales - Mercy of the Gallows2014-11-30 09:44 - 2014-11-30 09:44 - 00237568 _____ (Big Fish Games) C:\Users\Joanne\Downloads\bigfishgames_p225147848_s1_l1.exe2014-11-29 14:42 - 2014-11-29 14:43 - 00000197 _____ () C:\Windows\System32\2014-11-29-22-42-35.086-AvastVBoxSVC.exe-3244.log2014-11-28 11:12 - 2014-11-28 11:12 - 00237568 _____ (Big Fish Games) C:\Users\Joanne\Downloads\bigfishgames_p224989807_s1_l1.exe2014-11-26 08:52 - 2014-11-26 08:52 - 00000247 _____ () C:\Windows\System32\2014-11-26-16-52-07.025-aswFe.exe-23296.log2014-11-26 08:31 - 2014-11-26 08:51 - 00000247 _____ () C:\Windows\System32\2014-11-26-16-31-49.008-aswFe.exe-17588.log2014-11-26 08:13 - 2014-11-26 08:28 - 00000247 _____ () C:\Windows\System32\2014-11-26-16-13-41.048-aswFe.exe-7968.log2014-11-26 08:13 - 2014-11-26 08:13 - 00000197 _____ () C:\Windows\System32\2014-11-26-16-13-39.038-AvastVBoxSVC.exe-6300.log2014-11-26 08:08 - 2014-11-26 08:09 - 00000000 ____D () C:\Windows\SysWOW64\vbox2014-11-26 08:08 - 2014-11-26 08:09 - 00000000 ____D () C:\Windows\System32\vbox2014-11-26 07:51 - 2014-11-26 07:51 - 00001990 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk2014-11-26 07:51 - 2014-11-26 07:50 - 00364512 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe2014-11-26 07:50 - 2014-11-26 07:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-11-21 11:56 - 2014-09-21 20:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll2014-11-21 11:56 - 2014-09-21 19:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys2014-11-21 11:56 - 2014-09-21 19:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys2014-11-21 11:56 - 2014-09-18 16:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll2014-11-21 11:56 - 2014-09-09 22:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys2014-11-21 11:56 - 2014-09-07 19:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2014-11-21 11:56 - 2014-09-07 19:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2014-11-21 11:56 - 2014-09-07 14:08 - 00389176 _____ () C:\Windows\System32\ApnDatabase.xml2014-11-21 11:56 - 2014-09-04 14:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll2014-11-21 11:56 - 2014-09-04 14:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll2014-11-21 11:56 - 2014-09-03 19:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll2014-11-21 11:56 - 2014-09-03 18:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll2014-11-21 11:56 - 2014-09-03 17:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll2014-11-21 11:56 - 2014-09-03 16:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll2014-11-21 11:56 - 2014-08-30 16:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS2014-11-21 11:56 - 2014-08-30 16:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll2014-11-21 11:56 - 2014-08-30 14:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-11-21 11:56 - 2014-08-30 14:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\System32\FXSCOMEX.dll2014-11-21 11:56 - 2014-08-30 13:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\System32\FXSAPI.dll2014-11-21 11:56 - 2014-08-30 13:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll2014-11-21 11:56 - 2014-08-30 12:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll2014-11-21 11:56 - 2014-08-30 12:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll2014-11-21 11:56 - 2014-08-27 18:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2014-11-21 11:56 - 2014-08-27 16:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll2014-11-21 11:56 - 2014-08-27 16:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll2014-11-21 11:56 - 2014-08-22 21:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll2014-11-21 11:56 - 2014-08-22 21:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll2014-11-21 11:56 - 2014-08-22 20:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers.dll2014-11-21 11:56 - 2014-08-01 16:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\System32\untfs.dll2014-11-21 11:56 - 2014-08-01 16:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll2014-11-21 11:55 - 2014-10-30 21:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2014-11-21 11:55 - 2014-10-30 19:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-11-21 11:55 - 2014-10-18 01:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2014-11-21 11:55 - 2014-10-18 00:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll2014-11-21 11:55 - 2014-10-18 00:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll2014-11-21 11:55 - 2014-10-17 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2014-11-21 11:55 - 2014-10-17 22:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wuaext.dll2014-11-21 11:55 - 2014-10-17 22:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2014-11-21 11:55 - 2014-10-17 22:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe2014-11-21 11:55 - 2014-10-17 22:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2014-11-21 11:55 - 2014-10-17 22:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll2014-11-21 11:55 - 2014-10-17 22:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll2014-11-21 11:55 - 2014-10-17 22:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll2014-11-21 11:55 - 2014-10-17 22:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll2014-11-21 11:55 - 2014-10-17 22:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-11-21 11:55 - 2014-10-17 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-11-21 11:55 - 2014-10-17 22:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-11-21 11:55 - 2014-10-17 22:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-11-21 11:55 - 2014-10-16 23:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll2014-11-21 11:55 - 2014-10-16 22:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-11-21 11:55 - 2014-10-12 18:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe2014-11-21 11:55 - 2014-10-10 16:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll2014-11-21 11:55 - 2014-10-10 16:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-11-21 11:55 - 2014-10-09 17:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2014-11-21 11:55 - 2014-10-09 17:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys2014-11-21 11:55 - 2014-10-09 17:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys2014-11-21 11:55 - 2014-10-07 23:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll2014-11-21 11:55 - 2014-10-07 23:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll2014-11-21 11:55 - 2014-10-07 23:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll2014-11-21 11:55 - 2014-10-07 23:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll2014-11-21 11:55 - 2014-10-07 23:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\rfxvmt.dll2014-11-21 11:55 - 2014-10-07 23:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll2014-11-21 11:55 - 2014-10-07 22:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll2014-11-21 11:55 - 2014-10-07 22:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-11-21 11:55 - 2014-10-07 22:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-11-21 11:55 - 2014-10-07 22:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-11-21 11:55 - 2014-10-07 22:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2014-11-21 11:55 - 2014-10-07 22:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll2014-11-21 11:55 - 2014-10-07 21:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll2014-11-21 11:55 - 2014-10-07 21:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll2014-11-21 11:55 - 2014-10-07 21:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-11-21 11:55 - 2014-09-26 23:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\System32\ncryptsslp.dll2014-11-21 11:55 - 2014-09-26 21:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll2014-11-21 11:55 - 2014-09-26 19:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll2014-11-21 11:55 - 2014-09-26 19:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\System32\dpapisrv.dll2014-11-21 11:55 - 2014-09-26 19:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-11-21 11:55 - 2014-09-21 18:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys2014-11-21 11:55 - 2014-09-02 14:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\winshfhc.dll2014-11-21 11:55 - 2014-09-02 14:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll2014-11-21 11:54 - 2014-10-30 21:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe2014-11-21 11:54 - 2014-10-30 21:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe2014-11-21 11:54 - 2014-10-30 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe2014-11-21 11:54 - 2014-10-30 21:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2014-11-21 11:54 - 2014-10-30 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2014-11-21 11:54 - 2014-10-30 21:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll2014-11-21 11:54 - 2014-10-30 21:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2014-11-21 11:54 - 2014-10-30 21:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec2014-11-21 11:54 - 2014-10-30 21:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll2014-11-21 11:54 - 2014-10-30 20:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2014-11-21 11:54 - 2014-10-30 20:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2014-11-21 11:54 - 2014-10-30 20:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2014-11-21 11:54 - 2014-10-30 20:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2014-11-21 11:54 - 2014-10-30 20:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\hlink.dll2014-11-21 11:54 - 2014-10-30 20:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2014-11-21 11:54 - 2014-10-30 20:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2014-11-21 11:54 - 2014-10-30 20:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe2014-11-21 11:54 - 2014-10-30 20:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2014-11-21 11:54 - 2014-10-30 20:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll2014-11-21 11:54 - 2014-10-30 20:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2014-11-21 11:54 - 2014-10-30 20:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2014-11-21 11:54 - 2014-10-30 20:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll2014-11-21 11:54 - 2014-10-30 20:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2014-11-21 11:54 - 2014-10-30 20:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx2014-11-21 11:54 - 2014-10-30 20:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll2014-11-21 11:54 - 2014-10-30 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2014-11-21 11:54 - 2014-10-30 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2014-11-21 11:54 - 2014-10-30 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2014-11-21 11:54 - 2014-10-30 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll2014-11-21 11:54 - 2014-10-30 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2014-11-21 11:54 - 2014-10-30 20:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll2014-11-21 11:54 - 2014-10-30 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll2014-11-21 11:54 - 2014-10-30 20:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll2014-11-21 11:54 - 2014-10-30 20:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2014-11-21 11:54 - 2014-10-30 20:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2014-11-21 11:54 - 2014-10-30 20:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2014-11-21 11:54 - 2014-10-30 20:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2014-11-21 11:54 - 2014-10-30 19:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2014-11-21 11:54 - 2014-10-30 19:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2014-11-21 11:54 - 2014-10-30 19:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll2014-11-21 11:54 - 2014-10-30 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll2014-11-21 11:54 - 2014-10-30 19:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2014-11-21 11:54 - 2014-10-30 19:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2014-11-21 11:54 - 2014-10-30 19:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-11-21 11:54 - 2014-10-30 19:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2014-11-21 11:54 - 2014-10-30 19:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2014-11-21 11:54 - 2014-10-30 19:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-11-21 11:54 - 2014-10-30 19:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-11-21 11:54 - 2014-10-30 19:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-11-21 11:54 - 2014-10-30 19:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-11-21 11:54 - 2014-10-30 19:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2014-11-21 11:54 - 2014-10-30 19:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-11-21 11:54 - 2014-10-30 19:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-11-21 11:54 - 2014-10-30 19:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2014-11-21 11:54 - 2014-10-30 19:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-11-21 11:54 - 2014-10-30 19:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-11-21 11:54 - 2014-10-30 19:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-11-21 11:54 - 2014-10-30 19:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2014-11-21 11:54 - 2014-10-30 19:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-11-21 11:54 - 2014-10-30 19:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll2014-11-21 11:54 - 2014-10-30 19:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-11-21 11:54 - 2014-10-30 19:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-11-21 11:54 - 2014-10-30 19:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-11-21 11:54 - 2014-10-30 19:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2014-11-21 11:54 - 2014-10-30 19:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-11-21 11:54 - 2014-10-30 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2014-11-21 11:54 - 2014-10-30 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-11-21 11:54 - 2014-10-30 18:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-11-21 11:54 - 2014-10-30 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-11-21 11:54 - 2014-10-30 18:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2014-11-21 11:54 - 2014-10-30 18:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-11-21 11:54 - 2014-10-30 18:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2014-11-21 11:54 - 2014-10-30 18:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-11-21 11:54 - 2014-10-30 18:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2014-11-21 11:54 - 2014-10-30 18:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2014-11-21 11:54 - 2014-10-30 18:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-11-21 11:54 - 2014-10-30 18:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-11-21 11:54 - 2014-10-30 18:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-11-21 11:54 - 2014-10-30 18:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-11-21 11:54 - 2014-10-30 18:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2014-11-21 11:54 - 2014-10-30 18:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2014-11-21 11:54 - 2014-10-30 18:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-11-21 11:54 - 2014-10-30 18:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-11-21 11:54 - 2014-10-30 18:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-11-21 11:50 - 2014-10-22 21:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll2014-11-21 11:50 - 2014-10-22 21:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-11-21 11:50 - 2014-10-06 19:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2014-11-21 11:50 - 2014-08-22 21:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll2014-11-21 11:50 - 2014-08-22 21:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-11-21 11:49 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll2014-11-21 11:49 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-11-21 11:49 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll2014-11-21 11:49 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll2014-11-21 11:49 - 2014-10-06 22:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe2014-11-21 11:49 - 2014-10-06 22:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll2014-11-21 11:49 - 2014-10-06 19:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-11-21 11:49 - 2014-10-06 19:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-21 11:49 - 2014-10-06 19:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-11-21 11:49 - 2014-10-06 17:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll2014-11-21 11:49 - 2014-10-06 17:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll2014-11-21 11:16 - 2014-11-21 11:16 - 00000000 _____ () C:\Recovery.txt2014-11-16 15:04 - 2014-11-16 15:06 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Nero2014-11-16 08:50 - 2014-12-05 08:21 - 00000000 ____D () C:\FRST2014-11-15 09:01 - 2014-11-15 09:01 - 00005764 _____ () C:\Users\Joanne\Desktop\Rkill.txt2014-11-15 08:31 - 2014-11-15 08:39 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix2014-11-15 08:29 - 2014-11-15 08:29 - 00025164 _____ () C:\Users\Joanne\Desktop\How to Fix icons.dll Error.html2014-11-13 16:14 - 2014-11-13 16:14 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\ERS Game Studios2014-11-13 12:36 - 2014-11-21 11:29 - 00000000 ____D () C:\Program Files\7-Zip2014-11-12 09:52 - 2014-11-12 09:52 - 00152096 _____ () C:\Users\Joanne\Desktop\Dental Plans Search Results - Dental Plan List _ Dental Plans.htm==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-11 19:44 - 2014-01-06 22:42 - 01248686 _____ () C:\Windows\WindowsUpdate.log2014-12-11 19:44 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-12-11 19:28 - 2013-10-07 03:31 - 00863592 _____ () C:\Windows\System32\PerfStringBackup.INI2014-12-11 19:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness2014-12-11 19:25 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp2014-12-08 06:51 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\BBI2014-12-08 06:45 - 2014-04-14 07:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys2014-12-08 06:45 - 2014-03-11 13:31 - 00000000 ___DO () C:\Users\Joanne\SkyDrive2014-12-06 13:37 - 2014-03-12 11:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-12-06 12:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru2014-12-06 00:16 - 2014-03-11 13:27 - 00000000 ____D () C:\users\Joanne2014-12-05 23:08 - 2014-01-06 23:12 - 00000000 ____D () C:\ProgramData\Temp2014-12-05 12:15 - 2014-03-11 13:34 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-459074797-2405321923-3278989467-10012014-12-05 11:30 - 2014-03-12 08:37 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\uTorrent2014-12-05 10:26 - 2014-03-11 17:54 - 00039236 _____ () C:\Windows\System32\lvcoinst.log2014-12-05 09:28 - 2014-03-12 10:10 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Deployment2014-12-05 08:17 - 2014-03-12 14:52 - 00000000 ___RD () C:\Users\Joanne\Desktop\UsefulTools2014-12-04 20:06 - 2013-10-07 03:25 - 00113390 _____ () C:\Windows\PFRO.log2014-12-04 20:05 - 2014-04-14 07:08 - 00001084 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-12-04 20:05 - 2014-04-14 07:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-12-03 15:09 - 2014-03-18 05:15 - 00000000 ____D () C:\Users\Joanne\Desktop\BWAC2014-12-03 15:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports2014-12-03 12:31 - 2014-03-11 17:21 - 00000000 ____D () C:\ProgramData\Lx_cats2014-12-02 11:50 - 2014-03-11 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-11-30 18:54 - 2014-03-11 20:56 - 00000000 ____D () C:\BigFishCache2014-11-30 15:26 - 2014-03-11 13:42 - 00000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc2014-11-29 16:05 - 2014-03-12 06:23 - 00000000 ____D () C:\Windows\System32\MRT2014-11-29 16:02 - 2014-03-12 06:23 - 103374192 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2014-11-29 16:02 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM2014-11-28 19:27 - 2014-03-12 09:50 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Eipix2014-11-26 09:53 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache2014-11-26 08:37 - 2014-03-12 11:42 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-26 08:01 - 2014-11-10 08:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-11-26 07:51 - 2014-03-11 14:56 - 01050432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys2014-11-26 07:50 - 2014-05-02 12:08 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00436624 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00267632 _____ () C:\Windows\System32\Drivers\aswVmm.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00116728 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00083280 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys2014-11-24 08:00 - 2013-08-22 06:44 - 05002664 _____ () C:\Windows\System32\FNTCACHE.DAT2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ToastData2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-11-21 11:51 - 2014-03-12 10:08 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-11-21 11:39 - 2014-08-19 17:42 - 00001907 _____ () C:\Users\Public\Desktop\VueMinder Ultimate.lnk2014-11-21 11:29 - 2014-11-10 08:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-11-21 11:29 - 2014-11-10 07:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-11-21 11:29 - 2014-03-13 13:31 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Free Desktop Clock 32014-11-21 11:29 - 2014-03-13 13:20 - 00000000 ____D () C:\Program Files (x86)\Amnesia2014-11-21 11:29 - 2014-03-12 10:41 - 00000000 ____D () C:\Users\Joanne\Documents\Amnesia2014-11-21 11:29 - 2014-03-12 08:50 - 00000000 ____D () C:\Program Files (x86)\East Side Story2014-11-21 11:29 - 2014-03-11 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 __RSD () C:\Windows\Media2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\setup2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\MediaViewer2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\FileManager2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Camera2014-11-21 11:24 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\registration2014-11-21 11:23 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\System32\Sysprep2014-11-21 11:22 - 2014-03-11 13:29 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Packages2014-11-21 11:21 - 2014-08-19 17:41 - 00000000 ____D () C:\Program Files (x86)\VueSoft2014-11-21 11:21 - 2013-10-07 03:40 - 00000000 ____D () C:\Program Files (x86)\Nero2014-11-21 06:14 - 2014-04-14 07:07 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys2014-11-21 06:14 - 2014-04-14 07:07 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys2014-11-21 06:14 - 2014-03-11 17:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2014-11-20 12:51 - 2014-05-02 07:48 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-11-20 12:51 - 2014-05-02 07:48 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-11-16 08:39 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\NDF2014-11-16 07:41 - 2013-08-22 06:46 - 00023906 _____ () C:\Windows\setupact.log==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe[2014-09-14 20:29] - [2014-08-22 23:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEAC:\Windows\SysWOW64\explorer.exe[2014-09-14 20:29] - [2014-08-22 23:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595C:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll[2014-11-21 11:56] - [2014-09-21 20:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6CC:\Windows\SysWOW64\User32.dll[2014-11-21 11:56] - [2014-09-18 16:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1BC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2014-09-14 20:29] - [2014-06-18 18:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB==================== Restore Points =========================Restore point made on: 2014-12-06 10:59:33==================== Memory info =========================== Percentage of memory in use: 9%Total physical RAM: 10043.08 MBAvailable physical RAM: 9089.07 MBTotal Pagefile: 10043.08 MBAvailable Pagefile: 9124.67 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.87 MB==================== Drives ================================Drive c: (Local Disk) (Fixed) (Total:914.75 GB) (Free:750.41 GB) NTFSDrive d: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.23 GB) FATDrive f: (Recovery) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFSDrive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 107C8CDB)Partition: GPT Partition Type.========================================================Disk: 1 (Size: 246 MB) (Disk ID: 1BFA02B9)Partition 1: (Active) - (Size=246 MB) - (Type=06)LastRegBack: 2014-12-02 10:08==================== End Of Log ============================
- December 12, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Yes, but it's not useable because it has the same repeated flashing (between desktop and blue screen). I get an application error from explorer.exe about memory that can't be written at 0x00000000. When I click OK to terminate the program the error just keeps repeating. So, safe mode would be good if I could get rid of that flashing problem again somehow. I also tried system restore again - it actually said I had a restore point this time - from the 8th - exactly when the flashing problem started again. So, I tried to restore to that point and I got an error that "...system restore failed while copying the registry from the restore point. An unspecified error occurred during system restore (0x80070570)". Help! whimper...
- December 8, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Here's the bad news before I go to bed. The 'puter is back to desktop/bluescreen flashing. When I attempt to restore to another point I get an error message saying I have no restore points. That's troubling since I certainly created some. Anyhow, whatever we do next will need to be done via command line again. Help!!!
- December 6, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

I just thought of something. It has been taking upwards of 5 minutes to boot the 'puter (if it actually does boot), but I discovered that disconnecting from the internet allows it to boot normally (and quickly). I may have still had the internet disconnected when I ran these - does that matter?
- December 5, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Here's FRST... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014 ([color=red]ATTENTION: ====> FRST version is 15 days old and could be outdated[/color])Ran by Joanne (administrator) on NANNABANANA on 05-12-2014 08:16:10Running from C:\Users\Joanne\Desktop\UsefulToolsLoaded Profile: Joanne (Available profiles: Joanne)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe() C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe() C:\Program Files\Free Desktop Clock\timeserv.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe( ) C:\Windows\System32\lxdncoms.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe() C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Soluto) C:\Program Files\Soluto\Soluto.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe(Soluto) C:\Program Files\Soluto\SolutoService.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Intel Corporation) C:\Windows\System32\igfxTray.exe(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe() C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe(NDS Technologies) C:\Users\Joanne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe() C:\Users\Joanne\AppData\Local\DIRECTV Player\NDSPCShowServer.exe(VueSoft) C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe(Microsoft Corporation) C:\Windows\System32\regsvr32.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-03] ()HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-03] ()HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [320168 2010-02-03] ()HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,Winlogon\Notify\igfxcui: igfxdev.dll [X]Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] ()HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [uTorrent] => C:\Users\Joanne\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.)HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [PCShowServer] => C:\Users\Joanne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1723760 2014-07-28] (NDS Technologies)HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [VueMinder] => C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe [9164288 2014-11-13] (VueSoft)HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [Owzdics] => regsvr32.exe C:\Users\Joanne\AppData\Local\Owzdics\CfgMouselib.dll <===== ATTENTIONHKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [Emvrtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Joanne\AppData\Local\Idgsoft\GdText.dllStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnkShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)Startup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Calendar Free.lnkShortcutTarget: Efficient Calendar Free.lnk -> C:\Program Files (x86)\Efficient Calendar Free\EfficientCalendarFree.exe (No File)Startup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-459074797-2405321923-3278989467-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJBSearchScopes: HKLM -> {EF24F0CD-DE58-443C-9DF1-CB4B4119DE6E} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJBSearchScopes: HKLM-x32 -> {EF24F0CD-DE58-443C-9DF1-CB4B4119DE6E} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJBSearchScopes: HKU\S-1-5-21-459074797-2405321923-3278989467-1001 -> URL http://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB427A612-E140-4F7B-B715-76540BE3B4EA&q={searchTerms}&SSPV=SearchScopes: HKU\S-1-5-21-459074797-2405321923-3278989467-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}SearchScopes: HKU\S-1-5-21-459074797-2405321923-3278989467-1001 -> {EF24F0CD-DE58-443C-9DF1-CB4B4119DE6E} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444FF NewTab: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKU\S-1-5-21-459074797-2405321923-3278989467-1001: @nds.com/PlayerPlugin -> C:\Users\Joanne\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)FF Plugin HKU\S-1-5-21-459074797-2405321923-3278989467-1001: @nds.com/PlayerPlugin64 -> C:\Users\Joanne\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (DIRECTV)FF Plugin HKU\S-1-5-21-459074797-2405321923-3278989467-1001: NDS.com/PlayerPlugin -> C:\Users\Joanne\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Extension: Flashblock - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-07]FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-07]FF Extension: Restart - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\Restart@schuzak.jp.xpi [2014-08-10]FF Extension: Save as PDF - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2014-05-07]FF Extension: Adblock Plus - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-07]FF Extension: UnMHT - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2014-05-07]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-11]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-25]FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-20]Chrome: =======CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx []CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] () [File not signed]S3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider)R2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-26] (Avast Software)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-27] (Lexmark International, Inc.)R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )R2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)R2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] () [File not signed]R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-04] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-18] (Realtek semiconductor corp)R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-26] (Avast Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-05 04:21 - 2014-12-05 04:38 - 00000016 _____ () C:\InjectIntoProcess crash2014-12-04 20:10 - 2014-12-04 20:10 - 00000197 _____ () C:\Windows\system32\2014-12-05-04-10-25.070-AvastVBoxSVC.exe-2504.log2014-12-04 15:35 - 2014-12-04 15:35 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Lazy Turtle Games2014-12-04 15:21 - 2014-12-04 15:21 - 00002062 _____ () C:\Users\Public\Desktop\Play The Far Kingdoms - Elements.lnk2014-12-04 15:21 - 2014-12-04 15:21 - 00001284 _____ () C:\Users\Public\Desktop\More Great Games.lnk2014-12-04 15:21 - 2014-12-04 15:21 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Far Kingdoms - Elements2014-12-04 15:21 - 2014-12-04 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Far Kingdoms - Elements2014-12-04 15:21 - 2014-12-04 15:21 - 00000000 ____D () C:\Program Files (x86)\The Far Kingdoms - Elements2014-12-04 15:12 - 2014-12-04 15:12 - 00002067 _____ () C:\Users\Public\Desktop\Play True Fear - Forsaken Souls.lnk2014-12-04 15:11 - 2014-12-04 15:12 - 00000000 ____D () C:\Program Files (x86)\True Fear - Forsaken Souls2014-12-04 15:11 - 2014-12-04 15:11 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\True Fear - Forsaken Souls2014-12-04 15:11 - 2014-12-04 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Fear - Forsaken Souls2014-12-04 14:39 - 2014-12-04 14:40 - 00000247 _____ () C:\Windows\system32\2014-12-04-22-39-57.066-aswFe.exe-3344.log2014-12-04 14:20 - 2014-12-04 14:39 - 00000247 _____ () C:\Windows\system32\2014-12-04-22-20-37.023-aswFe.exe-5408.log2014-12-04 14:20 - 2014-12-04 14:20 - 00000197 _____ () C:\Windows\system32\2014-12-04-22-20-35.019-AvastVBoxSVC.exe-4092.log2014-12-04 14:01 - 2014-12-04 14:16 - 00000247 _____ () C:\Windows\system32\2014-12-04-22-01-33.076-aswFe.exe-3816.log2014-12-04 14:01 - 2014-12-04 14:01 - 00000197 _____ () C:\Windows\system32\2014-12-04-22-01-31.068-AvastVBoxSVC.exe-3560.log2014-12-04 10:30 - 2014-12-04 10:30 - 00000000 ____D () C:\Program Files (x86)\ESET2014-12-04 09:46 - 2014-12-04 09:46 - 00000000 __SHD () C:\Users\Joanne\AppData\Local\EmieBrowserModeList2014-12-04 09:32 - 2014-12-04 09:32 - 00000197 _____ () C:\Windows\system32\2014-12-04-17-32-38.013-AvastVBoxSVC.exe-3504.log2014-12-03 14:44 - 2014-12-04 09:30 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Idgsoft2014-12-03 14:44 - 2014-12-03 14:44 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Owzdics2014-12-02 12:44 - 2014-12-02 12:44 - 00000197 _____ () C:\Windows\system32\2014-12-02-20-44-14.043-AvastVBoxSVC.exe-5112.log2014-12-01 19:14 - 2014-12-01 19:14 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Mad Head Games2014-12-01 17:14 - 2014-12-01 17:14 - 00002164 _____ () C:\Users\Public\Desktop\Play Paranormal Pursuit - The Gifted One.lnk2014-12-01 17:12 - 2014-12-01 17:14 - 00000000 ____D () C:\Program Files (x86)\Paranormal Pursuit - The Gifted One2014-12-01 17:12 - 2014-12-01 17:12 - 00002074 _____ () C:\Users\Public\Desktop\Play Fear for Sale - The 13 Keys.lnk2014-12-01 17:12 - 2014-12-01 17:12 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paranormal Pursuit - The Gifted One2014-12-01 17:12 - 2014-12-01 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paranormal Pursuit - The Gifted One2014-12-01 17:11 - 2014-12-01 17:12 - 00000000 ____D () C:\Program Files (x86)\Fear for Sale - The 13 Keys2014-12-01 17:11 - 2014-12-01 17:11 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fear for Sale - The 13 Keys2014-12-01 17:11 - 2014-12-01 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fear for Sale - The 13 Keys2014-12-01 17:07 - 2014-12-01 17:07 - 00002129 _____ () C:\Users\Public\Desktop\Play Echoes of the Past - Wolf Healer.lnk2014-12-01 17:06 - 2014-12-01 17:06 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Wolf Healer2014-12-01 17:06 - 2014-12-01 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Wolf Healer2014-12-01 17:05 - 2014-12-01 17:07 - 00000000 ____D () C:\Program Files (x86)\Echoes of the Past - Wolf Healer2014-12-01 17:05 - 2014-12-01 17:05 - 00002089 _____ () C:\Users\Public\Desktop\Play Dreampath - The Two Kingdoms.lnk2014-12-01 17:04 - 2014-12-01 17:05 - 00000000 ____D () C:\Program Files (x86)\Dreampath - The Two Kingdoms2014-12-01 17:04 - 2014-12-01 17:04 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dreampath - The Two Kingdoms2014-12-01 17:04 - 2014-12-01 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dreampath - The Two Kingdoms2014-11-30 15:13 - 2014-11-30 15:13 - 00000197 _____ () C:\Windows\system32\2014-11-30-23-13-41.002-AvastVBoxSVC.exe-4476.log2014-11-30 10:28 - 2014-11-30 10:28 - 00002182 _____ () C:\Users\Public\Desktop\Play Rite of Passage - Child of the Forest.lnk2014-11-30 10:27 - 2014-11-30 10:28 - 00000000 ____D () C:\Program Files (x86)\Rite of Passage - Child of the Forest2014-11-30 10:27 - 2014-11-30 10:27 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rite of Passage - Child of the Forest2014-11-30 10:27 - 2014-11-30 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rite of Passage - Child of the Forest2014-11-30 10:08 - 2014-11-30 10:08 - 00002162 _____ () C:\Users\Public\Desktop\Play Legacy Tales - Mercy of the Gallows.lnk2014-11-30 10:07 - 2014-11-30 10:08 - 00000000 ____D () C:\Program Files (x86)\Legacy Tales - Mercy of the Gallows2014-11-30 10:07 - 2014-11-30 10:07 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Legacy Tales - Mercy of the Gallows2014-11-30 10:07 - 2014-11-30 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy Tales - Mercy of the Gallows2014-11-30 09:44 - 2014-11-30 09:44 - 00237568 _____ (Big Fish Games) C:\Users\Joanne\Downloads\bigfishgames_p225147848_s1_l1.exe2014-11-29 14:42 - 2014-11-29 14:43 - 00000197 _____ () C:\Windows\system32\2014-11-29-22-42-35.086-AvastVBoxSVC.exe-3244.log2014-11-28 11:12 - 2014-11-28 11:12 - 00237568 _____ (Big Fish Games) C:\Users\Joanne\Downloads\bigfishgames_p224989807_s1_l1.exe2014-11-26 08:52 - 2014-11-26 08:52 - 00000247 _____ () C:\Windows\system32\2014-11-26-16-52-07.025-aswFe.exe-23296.log2014-11-26 08:31 - 2014-11-26 08:51 - 00000247 _____ () C:\Windows\system32\2014-11-26-16-31-49.008-aswFe.exe-17588.log2014-11-26 08:13 - 2014-11-26 08:28 - 00000247 _____ () C:\Windows\system32\2014-11-26-16-13-41.048-aswFe.exe-7968.log2014-11-26 08:13 - 2014-11-26 08:13 - 00000197 _____ () C:\Windows\system32\2014-11-26-16-13-39.038-AvastVBoxSVC.exe-6300.log2014-11-26 08:08 - 2014-11-26 08:09 - 00000000 ____D () C:\Windows\SysWOW64\vbox2014-11-26 08:08 - 2014-11-26 08:09 - 00000000 ____D () C:\Windows\system32\vbox2014-11-26 07:51 - 2014-11-26 07:51 - 00001990 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk2014-11-26 07:51 - 2014-11-26 07:50 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-11-26 07:50 - 2014-11-26 07:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-11-21 11:56 - 2014-09-21 20:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll2014-11-21 11:56 - 2014-09-21 19:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys2014-11-21 11:56 - 2014-09-21 19:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys2014-11-21 11:56 - 2014-09-18 16:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll2014-11-21 11:56 - 2014-09-09 22:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2014-11-21 11:56 - 2014-09-07 19:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2014-11-21 11:56 - 2014-09-07 19:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS2014-11-21 11:56 - 2014-09-07 14:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml2014-11-21 11:56 - 2014-09-04 14:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll2014-11-21 11:56 - 2014-09-04 14:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2014-11-21 11:56 - 2014-09-03 19:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll2014-11-21 11:56 - 2014-09-03 18:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll2014-11-21 11:56 - 2014-09-03 17:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll2014-11-21 11:56 - 2014-09-03 16:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll2014-11-21 11:56 - 2014-08-30 16:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS2014-11-21 11:56 - 2014-08-30 16:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-11-21 11:56 - 2014-08-30 14:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-11-21 11:56 - 2014-08-30 14:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll2014-11-21 11:56 - 2014-08-30 13:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll2014-11-21 11:56 - 2014-08-30 13:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll2014-11-21 11:56 - 2014-08-30 12:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll2014-11-21 11:56 - 2014-08-30 12:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll2014-11-21 11:56 - 2014-08-27 18:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-11-21 11:56 - 2014-08-27 16:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll2014-11-21 11:56 - 2014-08-27 16:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll2014-11-21 11:56 - 2014-08-22 21:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll2014-11-21 11:56 - 2014-08-22 21:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll2014-11-21 11:56 - 2014-08-22 20:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll2014-11-21 11:56 - 2014-08-01 16:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll2014-11-21 11:56 - 2014-08-01 16:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll2014-11-21 11:55 - 2014-10-30 21:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-11-21 11:55 - 2014-10-30 19:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-11-21 11:55 - 2014-10-18 01:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-11-21 11:55 - 2014-10-18 00:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2014-11-21 11:55 - 2014-10-18 00:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-11-21 11:55 - 2014-10-17 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2014-11-21 11:55 - 2014-10-17 22:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll2014-11-21 11:55 - 2014-10-17 22:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-11-21 11:55 - 2014-10-17 22:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-11-21 11:55 - 2014-10-17 22:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-11-21 11:55 - 2014-10-17 22:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2014-11-21 11:55 - 2014-10-17 22:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2014-11-21 11:55 - 2014-10-17 22:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2014-11-21 11:55 - 2014-10-17 22:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-11-21 11:55 - 2014-10-17 22:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-11-21 11:55 - 2014-10-17 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-11-21 11:55 - 2014-10-17 22:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-11-21 11:55 - 2014-10-17 22:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-11-21 11:55 - 2014-10-16 23:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2014-11-21 11:55 - 2014-10-16 22:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-11-21 11:55 - 2014-10-12 18:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2014-11-21 11:55 - 2014-10-10 16:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-11-21 11:55 - 2014-10-10 16:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-11-21 11:55 - 2014-10-09 17:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-11-21 11:55 - 2014-10-09 17:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys2014-11-21 11:55 - 2014-10-09 17:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2014-11-21 11:55 - 2014-10-07 23:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2014-11-21 11:55 - 2014-10-07 23:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2014-11-21 11:55 - 2014-10-07 23:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll2014-11-21 11:55 - 2014-10-07 23:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll2014-11-21 11:55 - 2014-10-07 23:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll2014-11-21 11:55 - 2014-10-07 23:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2014-11-21 11:55 - 2014-10-07 22:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2014-11-21 11:55 - 2014-10-07 22:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-11-21 11:55 - 2014-10-07 22:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-11-21 11:55 - 2014-10-07 22:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-11-21 11:55 - 2014-10-07 22:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2014-11-21 11:55 - 2014-10-07 22:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-11-21 11:55 - 2014-10-07 21:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2014-11-21 11:55 - 2014-10-07 21:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-11-21 11:55 - 2014-10-07 21:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-11-21 11:55 - 2014-09-26 23:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll2014-11-21 11:55 - 2014-09-26 21:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll2014-11-21 11:55 - 2014-09-26 19:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-11-21 11:55 - 2014-09-26 19:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll2014-11-21 11:55 - 2014-09-26 19:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-11-21 11:55 - 2014-09-21 18:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys2014-11-21 11:55 - 2014-09-02 14:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll2014-11-21 11:55 - 2014-09-02 14:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll2014-11-21 11:54 - 2014-10-30 21:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe2014-11-21 11:54 - 2014-10-30 21:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-11-21 11:54 - 2014-10-30 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe2014-11-21 11:54 - 2014-10-30 21:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll2014-11-21 11:54 - 2014-10-30 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-11-21 11:54 - 2014-10-30 21:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-11-21 11:54 - 2014-10-30 21:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-11-21 11:54 - 2014-10-30 21:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2014-11-21 11:54 - 2014-10-30 21:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-11-21 11:54 - 2014-10-30 20:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-11-21 11:54 - 2014-10-30 20:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-11-21 11:54 - 2014-10-30 20:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll2014-11-21 11:54 - 2014-10-30 20:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-11-21 11:54 - 2014-10-30 20:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll2014-11-21 11:54 - 2014-10-30 20:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-11-21 11:54 - 2014-10-30 20:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-11-21 11:54 - 2014-10-30 20:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-11-21 11:54 - 2014-10-30 20:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-11-21 11:54 - 2014-10-30 20:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-11-21 11:54 - 2014-10-30 20:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll2014-11-21 11:54 - 2014-10-30 20:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-11-21 11:54 - 2014-10-30 20:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-11-21 11:54 - 2014-10-30 20:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-11-21 11:54 - 2014-10-30 20:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx2014-11-21 11:54 - 2014-10-30 20:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll2014-11-21 11:54 - 2014-10-30 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-11-21 11:54 - 2014-10-30 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-11-21 11:54 - 2014-10-30 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-11-21 11:54 - 2014-10-30 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2014-11-21 11:54 - 2014-10-30 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-11-21 11:54 - 2014-10-30 20:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2014-11-21 11:54 - 2014-10-30 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2014-11-21 11:54 - 2014-10-30 20:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2014-11-21 11:54 - 2014-10-30 20:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-11-21 11:54 - 2014-10-30 20:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-11-21 11:54 - 2014-10-30 20:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-11-21 11:54 - 2014-10-30 20:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-11-21 11:54 - 2014-10-30 19:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-11-21 11:54 - 2014-10-30 19:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-11-21 11:54 - 2014-10-30 19:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2014-11-21 11:54 - 2014-10-30 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll2014-11-21 11:54 - 2014-10-30 19:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-11-21 11:54 - 2014-10-30 19:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2014-11-21 11:54 - 2014-10-30 19:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-11-21 11:54 - 2014-10-30 19:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2014-11-21 11:54 - 2014-10-30 19:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2014-11-21 11:54 - 2014-10-30 19:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-11-21 11:54 - 2014-10-30 19:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-11-21 11:54 - 2014-10-30 19:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-11-21 11:54 - 2014-10-30 19:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-11-21 11:54 - 2014-10-30 19:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2014-11-21 11:54 - 2014-10-30 19:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-11-21 11:54 - 2014-10-30 19:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-11-21 11:54 - 2014-10-30 19:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-11-21 11:54 - 2014-10-30 19:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-11-21 11:54 - 2014-10-30 19:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-11-21 11:54 - 2014-10-30 19:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-11-21 11:54 - 2014-10-30 19:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2014-11-21 11:54 - 2014-10-30 19:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-11-21 11:54 - 2014-10-30 19:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll2014-11-21 11:54 - 2014-10-30 19:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-11-21 11:54 - 2014-10-30 19:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-11-21 11:54 - 2014-10-30 19:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-11-21 11:54 - 2014-10-30 19:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2014-11-21 11:54 - 2014-10-30 19:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-11-21 11:54 - 2014-10-30 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2014-11-21 11:54 - 2014-10-30 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-11-21 11:54 - 2014-10-30 18:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-11-21 11:54 - 2014-10-30 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-11-21 11:54 - 2014-10-30 18:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2014-11-21 11:54 - 2014-10-30 18:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-11-21 11:54 - 2014-10-30 18:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2014-11-21 11:54 - 2014-10-30 18:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-11-21 11:54 - 2014-10-30 18:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2014-11-21 11:54 - 2014-10-30 18:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2014-11-21 11:54 - 2014-10-30 18:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-11-21 11:54 - 2014-10-30 18:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-11-21 11:54 - 2014-10-30 18:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-11-21 11:54 - 2014-10-30 18:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-11-21 11:54 - 2014-10-30 18:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2014-11-21 11:54 - 2014-10-30 18:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2014-11-21 11:54 - 2014-10-30 18:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-11-21 11:54 - 2014-10-30 18:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-11-21 11:54 - 2014-10-30 18:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-11-21 11:50 - 2014-10-22 21:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-11-21 11:50 - 2014-10-22 21:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-11-21 11:50 - 2014-10-06 19:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-11-21 11:50 - 2014-08-22 21:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-11-21 11:50 - 2014-08-22 21:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-11-21 11:49 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-11-21 11:49 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-11-21 11:49 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll2014-11-21 11:49 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll2014-11-21 11:49 - 2014-10-06 22:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe2014-11-21 11:49 - 2014-10-06 22:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-11-21 11:49 - 2014-10-06 19:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-11-21 11:49 - 2014-10-06 19:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-21 11:49 - 2014-10-06 19:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-11-21 11:49 - 2014-10-06 17:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll2014-11-21 11:49 - 2014-10-06 17:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-11-21 11:39 - 2014-11-21 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VueMinder Ultimate2014-11-21 11:16 - 2014-11-21 11:16 - 00000000 _____ () C:\Recovery.txt2014-11-16 15:04 - 2014-11-16 15:06 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Nero2014-11-16 08:50 - 2014-12-05 08:16 - 00000000 ____D () C:\FRST2014-11-15 09:01 - 2014-11-15 09:01 - 00005764 _____ () C:\Users\Joanne\Desktop\Rkill.txt2014-11-15 08:31 - 2014-11-15 08:39 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix2014-11-15 08:29 - 2014-11-15 08:29 - 00025164 _____ () C:\Users\Joanne\Desktop\How to Fix icons.dll Error.html2014-11-13 16:14 - 2014-11-13 16:14 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\ERS Game Studios2014-11-13 12:36 - 2014-11-21 11:29 - 00000000 ____D () C:\Program Files\7-Zip2014-11-12 09:52 - 2014-11-12 09:52 - 00152096 _____ () C:\Users\Joanne\Desktop\Dental Plans Search Results - Dental Plan List _ Dental Plans.htm2014-11-10 16:44 - 2014-11-10 16:44 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-11-10 15:37 - 2014-11-10 15:37 - 00001827 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-11-10 15:37 - 2014-11-10 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-11-10 15:37 - 2014-11-10 15:37 - 00000000 ____D () C:\ProgramData\Apple Computer2014-11-10 15:37 - 2014-11-10 15:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-11-10 13:52 - 2014-11-10 13:52 - 00000000 ____D () C:\Users\Joanne\Documents\ProcAlyzer Dumps2014-11-10 13:45 - 2014-03-12 10:34 - 00001805 ____R () C:\Windows\system32\Drivers\etc\hosts.20141110-134549.backup2014-11-10 08:18 - 2014-11-26 08:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-11-10 08:18 - 2014-11-10 08:18 - 00001373 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-11-10 08:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2014-11-10 08:17 - 2014-11-21 11:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-11-10 07:53 - 2014-11-21 11:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-11-07 13:38 - 2014-11-07 13:45 - 00000000 ____D () C:\AdwCleaner2014-11-07 13:24 - 2014-11-07 13:24 - 00000000 ____D () C:\Windows\ERUNT2014-11-05 07:07 - 2014-11-05 07:07 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-11-05 07:07 - 2014-11-05 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-05 08:16 - 2014-03-12 14:52 - 00000000 ___RD () C:\Users\Joanne\Desktop\UsefulTools2014-12-05 08:14 - 2014-03-11 13:31 - 00000000 ___DO () C:\Users\Joanne\SkyDrive2014-12-05 08:14 - 2014-01-06 22:42 - 01854031 _____ () C:\Windows\WindowsUpdate.log2014-12-05 08:14 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness2014-12-05 08:11 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-12-05 08:11 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-12-05 08:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru2014-12-05 07:37 - 2014-03-12 11:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-12-04 22:52 - 2014-04-14 07:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-12-04 20:17 - 2014-03-11 13:34 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-459074797-2405321923-3278989467-10012014-12-04 20:15 - 2013-10-07 03:31 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI2014-12-04 20:06 - 2014-03-11 13:27 - 00000000 ____D () C:\Users\Joanne2014-12-04 20:06 - 2013-10-07 03:25 - 00113390 _____ () C:\Windows\PFRO.log2014-12-04 20:05 - 2014-04-14 07:08 - 00001084 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-12-04 20:05 - 2014-04-14 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-12-04 20:05 - 2014-04-14 07:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-12-04 20:05 - 2014-01-06 23:12 - 00000000 ____D () C:\ProgramData\Temp2014-12-04 15:21 - 2013-10-07 03:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-12-04 10:20 - 2014-03-11 17:54 - 00038640 _____ () C:\Windows\system32\lvcoinst.log2014-12-03 15:09 - 2014-03-18 05:15 - 00000000 ____D () C:\Users\Joanne\Desktop\BWAC2014-12-03 15:09 - 2014-03-12 10:10 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Deployment2014-12-03 15:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports2014-12-03 12:31 - 2014-03-11 17:21 - 00000000 ____D () C:\ProgramData\Lx_cats2014-12-02 11:50 - 2014-03-11 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-11-30 18:54 - 2014-03-11 20:56 - 00000000 ____D () C:\BigFishCache2014-11-30 15:26 - 2014-03-11 13:42 - 00000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc2014-11-29 16:05 - 2014-03-12 06:23 - 00000000 ____D () C:\Windows\system32\MRT2014-11-29 16:05 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp2014-11-29 16:02 - 2014-03-12 06:23 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-11-29 16:02 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM2014-11-28 19:27 - 2014-03-12 09:50 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Eipix2014-11-26 09:53 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache2014-11-26 08:37 - 2014-03-12 11:42 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-26 07:51 - 2014-03-11 14:56 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-11-26 07:50 - 2014-05-02 12:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-11-24 08:00 - 2013-08-22 06:44 - 05002664 _____ () C:\Windows\system32\FNTCACHE.DAT2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ToastData2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-11-21 11:51 - 2014-03-12 10:08 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-11-21 11:39 - 2014-08-19 17:42 - 00001907 _____ () C:\Users\Public\Desktop\VueMinder Ultimate.lnk2014-11-21 11:29 - 2014-03-13 13:31 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Free Desktop Clock 32014-11-21 11:29 - 2014-03-13 13:20 - 00000000 ____D () C:\Program Files (x86)\Amnesia2014-11-21 11:29 - 2014-03-12 10:41 - 00000000 ____D () C:\Users\Joanne\Documents\Amnesia2014-11-21 11:29 - 2014-03-12 08:51 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\East Side Story2014-11-21 11:29 - 2014-03-12 08:50 - 00000000 ____D () C:\Program Files (x86)\East Side Story2014-11-21 11:29 - 2014-03-12 08:37 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\uTorrent2014-11-21 11:29 - 2014-03-11 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 __RSD () C:\Windows\Media2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\setup2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\MediaViewer2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\FileManager2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Camera2014-11-21 11:24 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\registration2014-11-21 11:23 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\system32\Sysprep2014-11-21 11:22 - 2014-03-13 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Games2014-11-21 11:22 - 2014-03-11 13:29 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Packages2014-11-21 11:21 - 2014-08-19 17:41 - 00000000 ____D () C:\Program Files (x86)\VueSoft2014-11-21 11:21 - 2013-10-07 03:40 - 00000000 ____D () C:\Program Files (x86)\Nero2014-11-21 06:14 - 2014-04-14 07:07 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-11-21 06:14 - 2014-04-14 07:07 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-11-21 06:14 - 2014-03-11 17:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-11-20 12:51 - 2014-05-02 07:48 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-11-20 12:51 - 2014-05-02 07:48 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-11-16 08:39 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\NDF2014-11-16 07:41 - 2013-08-22 06:46 - 00023906 _____ () C:\Windows\setupact.log2014-11-10 15:35 - 2014-07-15 05:08 - 00001604 _____ () C:\Users\Joanne\Desktop\DivX Movies.lnk2014-11-10 15:35 - 2014-07-15 05:08 - 00001113 _____ () C:\Users\Public\Desktop\DivX Converter.lnk2014-11-10 15:35 - 2014-07-15 05:08 - 00001048 _____ () C:\Users\Public\Desktop\DivX Player.lnk2014-11-10 15:35 - 2014-07-15 05:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX2014-11-10 15:35 - 2014-07-15 05:06 - 00000000 ____D () C:\Program Files (x86)\DivX2014-11-10 15:35 - 2014-07-15 05:04 - 00000000 ____D () C:\ProgramData\DivX2014-11-10 15:33 - 2014-08-24 14:31 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Adobe2014-11-07 12:11 - 2014-03-12 09:22 - 00000000 ____D () C:\Program Files\WinRAR2014-11-06 16:08 - 2014-03-12 14:21 - 00000000 ____D () C:\Users\Joanne\Desktop\LOB2014-11-05 07:09 - 2014-04-23 07:51 - 00000000 ____D () C:\ProgramData\Oracle==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-12-02 10:08==================== End Of Log ============================
- December 5, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Here's the addition... For whatever reason I needed to get rid of the first Addition file - I know not why - the FRST file gets over-written correctly. Oh well, I finally got a new one, but need to post FRST it separately... Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014Ran by Joanne at 2014-12-05 08:17:09Running from C:\Users\Joanne\Desktop\UsefulToolsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Spybot - Search and Destroy (Enabled - Out of date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)µTorrent (HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)A New Beginning (HKLM-x32\...\A New Beginning) (Version: 1.0 - Lace Mamba Global)ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)AC3File 0.6b (HKLM-x32\...\AC3File_is1) (Version: 0.6b - Alexander Vigovsky)Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)Adobe Photoshop Elements 3.0 (HKLM-x32\...\{851C67EF-068A-4060-9EF5-2E3DDCD68382}) (Version: 003.000.0000 - Adobe Systems Inc.)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Amaranthine Voyage.The Tree of Life CE 1.0 (HKLM-x32\...\Amaranthine Voyage.The Tree of Life CE 1.0) (Version: 1.0 - Cat-A-Cat)Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)Amazon Kindle (HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Amazon Kindle) (Version: - Amazon)Amnesia (HKLM-x32\...\Amnesia_is1) (Version: - )Art of Murder (1.0) (HKLM-x32\...\Art of Murder_is1) (Version: - City Interactive)Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Azada: In Libro (HKLM-x32\...\BFG-Azada - In Libro) (Version: - )Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )Bullzip PDF Printer 10.3.0.2191 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.3.0.2191 - Bullzip)CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) HiddenChampionship Cribbage All-Stars 7.50 (HKLM-x32\...\ChampCribbage) (Version: 7.50 - DreamQuest)Championship Euchre All-Stars 7.50 (HKLM-x32\...\ChampEuchre) (Version: 7.50 - DreamQuest)Championship Hearts All-Stars 7.50 (HKLM-x32\...\ChampHearts) (Version: 7.50 - DreamQuest)Championship Spades All-Stars 7.50 (HKLM-x32\...\ChampSpades) (Version: 7.50 - DreamQuest)Chronicles of Albian 2: The Wizbury School of Magic (HKLM-x32\...\BFG-Chronicles of Albian 2 - The Wizbury School of Magic) (Version: - )Chronicles of Mystery - The Scorpio Ritual (1.0) (HKLM-x32\...\Chronicles of Mystery - The Scorpio Ritual_is1) (Version: - City Interactive)Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.57 - CyberLink Corp.)DIRECTV Player (HKLM-x32\...\{ced7d84f-76e6-4ae6-8de8-4501b4755bd7}) (Version: 10.1 - DIRECTV)DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)Dream Chronicles 2 The Eternal Maze 1.00 (HKLM-x32\...\Dream Chronicles 2 The Eternal Maze 1.00) (Version: - )Dreamfall - The Longest Journey (HKLM-x32\...\GOGPACKDREAMFALL_is1) (Version: 2.0.0.12 - GOG.com)Dreampath: The Two Kingdoms (HKLM-x32\...\BFG-Dreampath - The Two Kingdoms) (Version: - )East Side Story (HKLM-x32\...\East Side Story) (Version: - JustAdventure)Echoes of the Past: Wolf Healer (HKLM-x32\...\BFG-Echoes of the Past - Wolf Healer) (Version: - )erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Eternal Journey: New Atlantis Collector's Edition (HKLM-x32\...\BFG-Eternal Journey - New Atlantis Collector's Edition) (Version: - )Fear for Sale: The 13 Keys (HKLM-x32\...\BFG-Fear for Sale - The 13 Keys) (Version: - )Fishdom 2 (HKLM-x32\...\Fishdom 21.0) (Version: 1.0 - FishBone Games)Free Desktop Clock 3.0 (HKLM\...\Free Desktop Clock_is1) (Version: - Drive Software Company)Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)Garmin BaseCamp (HKLM-x32\...\{B0BED0BB-E1C4-49AA-840F-7CA052ADF5EB}) (Version: 4.3.4 - Garmin Ltd or its subsidiaries)Garmin TOPO U.S. 24K West v2 (HKLM-x32\...\{C701DC2B-7240-43D8-B776-3653952E781F}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)Garmin USB Drivers (x32 Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) HiddenGoogle Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Hallowed Legends: Samhain (HKLM-x32\...\BFG-Hallowed Legends - Samhain) (Version: - )honestech VHS to DVD 5.0 Deluxe (HKLM-x32\...\{44FF002B-5AB3-4447-8F98-614387B63EE6}) (Version: 5.0 - honestech)honestech VHS to DVD 5.0 Deluxe (x32 Version: 5.0 - honestech) HiddenHotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)ICA (x32 Version: 16.0.0.113 - Corel Corporation) HiddenIdentity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation)IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) HiddenJava 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)Legacy Tales: Mercy of the Gallows (HKLM-x32\...\BFG-Legacy Tales - Mercy of the Gallows) (Version: - )Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - )Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version: - Lexmark International, Inc.)Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version: - )Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SkyDrive (HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Midnight Mysteries Salem Witch Trials (HKLM-x32\...\Midnight Mysteries Salem Witch Trials_is1) (Version: - )Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)Myst V End Of Ages (HKLM-x32\...\GOGPACKMYST5_is1) (Version: 2.0.0.9 - GOG.com)Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) HiddenOffice Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)Paranormal Pursuit: The Gifted One (HKLM-x32\...\BFG-Paranormal Pursuit - The Gifted One) (Version: - )Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) HiddenPSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) HiddenPSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) HiddenPSPPro64 (Version: 16.2.0.20 - Corel Corporation) HiddenQlock Free (HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Qlock) (Version: 1.91 - Vitei inc)Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Raven Lite 1.0 (HKLM-x32\...\Raven Lite 1.0) (Version: 1.0.9.18 - Bioacoustics Research Program, Cornell Lab of Ornithology)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)Rhiannon (HKLM-x32\...\RHIANNON_is1) (Version: 1.00 - Lighthouse Interactive)Rite of Passage: Child of the Forest (HKLM-x32\...\BFG-Rite of Passage - Child of the Forest) (Version: - )Setup (x32 Version: 16.0.0.113 - Corel Corporation) HiddenSoluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )Thayer eField Guide Viewer v4.0 (HKLM-x32\...\{95DD02BC-3C7E-41D0-8F4C-8F4C0F308FE6}) (Version: 4.0.0 - Thayer Birding Software)The Fall Trilogy Chapter 3 (HKLM-x32\...\The Fall Trilogy Chapter 31.0) (Version: 1.0 - FishBone Games)The Far Kingdoms: Elements (HKLM-x32\...\BFG-The Far Kingdoms - Elements) (Version: - )The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)True Fear: Forsaken Souls (HKLM-x32\...\BFG-True Fear - Forsaken Souls) (Version: - )VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenVIDBOX Driver (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 4.0.0 - honestech)Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)VueMinder Ultimate (HKLM-x32\...\{D500E2C4-F980-4006-B445-DD40196B9D11}) (Version: 11.2.4410 - VueSoft)Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-459074797-2405321923-3278989467-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)CustomCLSID: HKU\S-1-5-21-459074797-2405321923-3278989467-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-459074797-2405321923-3278989467-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-459074797-2405321923-3278989467-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\Joanne\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (DIRECTV)CustomCLSID: HKU\S-1-5-21-459074797-2405321923-3278989467-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-459074797-2405321923-3278989467-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)==================== Restore Points ============================================= Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 05:25 - 2014-11-10 13:45 - 00451696 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 10sek.com127.0.0.1 www.10sek.com127.0.0.1 www.1-2005-search.comThere are 1000 more lines.==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {04EFE914-775B-459C-A7C4-E418F636672D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-29] (Microsoft Corporation)Task: {11BDAF0A-D869-403D-B324-C1F82102BE96} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exeTask: {4BBB2FB1-97AE-4F60-93DC-746E76ED490B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-459074797-2405321923-3278989467-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exeTask: {9AD939F6-D1A9-4DFC-A729-673362EDFE71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)Task: {9C3E2D03-5692-4398-9B54-DBD3A3FD86AB} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()Task: {A1A18FCA-2CF8-459F-91DC-B80119661AB9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software)Task: {A531040C-DA78-4CBB-99B2-C51C78016DE4} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)Task: {B59AD2AF-ED3A-44AE-A849-A36DB6A6E28F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeTask: {B8A57A26-0F41-4F37-A5F8-C3C552C43A8F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-459074797-2405321923-3278989467-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exeTask: {C70D2563-0FAC-4A67-A7A3-B1631380920A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()Task: {DE1AAD7C-E41D-4A65-A7C7-929A119F4E30} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeTask: {F029474E-E2F8-4739-84ED-68E67AE8090C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe==================== Loaded Modules (whitelisted) =============2014-03-11 17:14 - 2009-04-20 22:33 - 00045568 _____ () C:\Windows\System32\LXF3PMON.DLL2014-03-11 17:14 - 2007-08-26 21:44 - 00053248 _____ () C:\Windows\System32\LXF3OEM.DLL2014-03-11 17:14 - 2009-04-20 22:31 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll2014-03-11 17:14 - 2009-04-20 22:33 - 00003584 _____ () C:\Windows\System32\LXF3PMRC.DLL2014-03-11 17:15 - 2009-08-13 00:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll2004-10-04 03:47 - 2004-10-04 03:47 - 00098304 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe2014-03-13 13:31 - 2013-04-24 18:20 - 02007040 _____ () C:\Program Files\Free Desktop Clock\timeserv.exe2014-03-19 22:29 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2004-10-04 02:40 - 2004-10-04 02:40 - 00118784 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe2014-11-21 11:50 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-11-04 13:58 - 2014-11-04 13:58 - 03507200 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll2014-03-13 13:31 - 2013-06-07 19:20 - 01875968 _____ () C:\Program Files\Free Desktop Clock\Clock.dll2014-11-04 13:58 - 2014-11-04 13:58 - 02688512 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll2013-01-29 12:28 - 2013-01-29 12:28 - 00109024 _____ () c:\program files\soluto\PCGDllExportInspector.dll2013-01-29 12:28 - 2013-01-29 12:28 - 00109024 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll2013-01-29 12:28 - 2013-01-29 12:28 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll2014-10-30 02:57 - 2014-10-30 02:57 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll2014-10-21 05:17 - 2014-10-21 05:17 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll2014-10-21 05:17 - 2014-10-21 05:17 - 00207872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll2014-10-21 05:17 - 2014-10-21 05:17 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll2009-05-14 01:47 - 2009-05-14 01:47 - 00025088 _____ () C:\Windows\system32\lxdncaps64.dll2009-07-23 07:54 - 2009-07-23 07:54 - 01024512 _____ () C:\Windows\system32\lxdndrs64.dll2007-10-02 02:51 - 2007-10-02 02:51 - 00054784 _____ () C:\Windows\system32\lxdncnv464.dll2014-11-26 07:50 - 2014-11-26 07:50 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll2014-11-26 07:50 - 2014-11-26 07:50 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll2013-09-25 03:04 - 2013-09-25 03:04 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll2013-09-25 03:01 - 2013-09-25 03:01 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll2013-09-25 03:08 - 2013-09-25 03:08 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe2014-03-11 17:13 - 2010-02-03 20:05 - 00660136 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe2014-03-11 17:13 - 2010-02-03 20:05 - 00025256 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe2014-03-13 13:31 - 2013-06-27 22:07 - 04652544 _____ () C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe2014-07-28 15:25 - 2014-07-28 15:25 - 01523560 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\NDSPCShowServer.exe2014-01-09 21:26 - 2014-01-09 21:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe2014-12-05 05:45 - 2014-12-05 05:45 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120501\algo.dll2014-11-26 07:50 - 2014-11-26 07:50 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll2004-10-04 03:46 - 2004-10-04 03:46 - 00147456 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\platform.dll2014-11-10 08:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-11-10 08:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl2014-11-10 08:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2014-11-10 08:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll2014-11-10 08:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll2014-12-03 14:44 - 2014-12-03 14:44 - 00034816 _____ () C:\Users\Joanne\AppData\Local\Owzdics\CfgMouselib.dll2014-03-11 17:13 - 2009-07-23 07:48 - 00380928 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll2014-03-11 17:13 - 2007-05-28 19:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll2014-03-11 17:13 - 2007-03-25 19:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll2014-03-11 17:13 - 2009-07-23 07:49 - 00782336 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll2014-03-11 17:13 - 2009-05-14 01:46 - 00081920 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll2014-03-11 17:13 - 2007-10-02 02:51 - 00069632 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll2014-03-11 17:13 - 2010-02-02 21:21 - 00028672 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll2014-03-11 17:13 - 2010-02-02 21:21 - 00036864 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll2014-03-11 17:13 - 2010-02-02 21:20 - 00065536 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll2014-03-11 17:13 - 2009-06-26 01:17 - 00012288 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll2014-07-28 15:25 - 2014-07-28 15:25 - 05979488 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\PCShowServer.dll2014-07-28 15:27 - 2014-07-28 15:27 - 00338784 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\ndsLogStore.dll2014-07-28 15:25 - 2014-07-28 15:25 - 03261280 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\DrmSingleton.dll2014-07-28 15:25 - 2014-07-28 15:25 - 02229096 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\DiscoveryManager.dll2014-07-28 15:26 - 2014-07-28 15:26 - 00689000 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll2014-07-28 15:26 - 2014-07-28 15:26 - 00060272 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll2014-07-28 15:26 - 2014-07-28 15:26 - 00043880 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll2014-07-28 15:26 - 2014-07-28 15:26 - 00205672 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\libgstbase-0.10.dll2014-07-28 15:27 - 2014-07-28 15:27 - 01403224 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\libxml2-2.dll2014-07-28 15:27 - 2014-07-28 15:27 - 00091976 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\z.dll2014-07-28 15:26 - 2014-07-28 15:26 - 07742304 _____ () C:\Users\Joanne\AppData\Local\DIRECTV Player\gsttspplugin.dll2014-12-03 14:44 - 2014-12-03 14:44 - 00032256 _____ () C:\Users\Joanne\AppData\Local\Idgsoft\GdText.dll2014-11-26 07:50 - 2014-11-26 07:50 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-01-09 21:28 - 2014-01-09 21:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll2014-01-06 23:00 - 2013-08-19 10:12 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\ProgramData\Temp:0ED45B2EAlternateDataStreams: C:\ProgramData\Temp:104A1C3EAlternateDataStreams: C:\ProgramData\Temp:12258D63AlternateDataStreams: C:\ProgramData\Temp:1309637AAlternateDataStreams: C:\ProgramData\Temp:268A5068AlternateDataStreams: C:\ProgramData\Temp:2CB9631FAlternateDataStreams: C:\ProgramData\Temp:45A64DE6AlternateDataStreams: C:\ProgramData\Temp:4A9C284DAlternateDataStreams: C:\ProgramData\Temp:4C5C1DD3AlternateDataStreams: C:\ProgramData\Temp:506698B2AlternateDataStreams: C:\ProgramData\Temp:58306E4CAlternateDataStreams: C:\ProgramData\Temp:699EFEEDAlternateDataStreams: C:\ProgramData\Temp:69F562A6AlternateDataStreams: C:\ProgramData\Temp:75765D7BAlternateDataStreams: C:\ProgramData\Temp:865F21BFAlternateDataStreams: C:\ProgramData\Temp:8B076EC5AlternateDataStreams: C:\ProgramData\Temp:9CD7CD43AlternateDataStreams: C:\ProgramData\Temp:9CE870B8AlternateDataStreams: C:\ProgramData\Temp:9FC58CBBAlternateDataStreams: C:\ProgramData\Temp:A291068EAlternateDataStreams: C:\ProgramData\Temp:A3E0A552AlternateDataStreams: C:\ProgramData\Temp:AAA06E15AlternateDataStreams: C:\ProgramData\Temp:ACD280B8AlternateDataStreams: C:\ProgramData\Temp:B74BD6BFAlternateDataStreams: C:\ProgramData\Temp:B8791731AlternateDataStreams: C:\ProgramData\Temp:BCFEA004AlternateDataStreams: C:\ProgramData\Temp:BDDA21B6AlternateDataStreams: C:\ProgramData\Temp:C04D2B44AlternateDataStreams: C:\ProgramData\Temp:C1D3D9A3AlternateDataStreams: C:\ProgramData\Temp:D442BE9AAlternateDataStreams: C:\ProgramData\Temp:DE0BD04EAlternateDataStreams: C:\ProgramData\Temp:E265ED33AlternateDataStreams: C:\ProgramData\Temp:FFA396CDAlternateDataStreams: C:\Users\Joanne\SkyDrive:ms-properties==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)HKLM\...\StartupApproved\Run32: => "FaxCenterServer"HKLM\...\StartupApproved\Run32: => "LWS"HKLM\...\StartupApproved\Run32: => "AmazonGSDownloaderTray"HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\StartupApproved\StartupFolder: => "Efficient Calendar Free.lnk"HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\StartupApproved\Run: => "uTorrent"HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\StartupApproved\Run: => "Idgsoft"========================= Accounts: ==========================Administrator (S-1-5-21-459074797-2405321923-3278989467-500 - Administrator - Disabled)Guest (S-1-5-21-459074797-2405321923-3278989467-501 - Limited - Disabled)Joanne (S-1-5-21-459074797-2405321923-3278989467-1001 - Administrator - Enabled) => C:\Users\Joanne==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (12/05/2014 08:10:38 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dcFaulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x5215f944Exception code: 0x40000015Fault offset: 0x0000000000055326Faulting process id: 0x97cFaulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3Faulting package full name: Explorer.EXE4Faulting package-relative application ID: Explorer.EXE5Error: (12/05/2014 04:35:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.Details:AddCoreCsiFiles : pSetupStringTableAddString() failed.System Error:Not enough storage is available to complete this operation..Error: (12/05/2014 04:33:35 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ecFaulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0xb74Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5Error: (12/05/2014 04:32:52 AM) (Source: VSS) (EventID: 12289) (User: )Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10 - 00000000000001E4,0x00560034,000000E2D5C83100,0,000000E2D5C820F0,4096,[0]). hr = 0x80070057, The parameter is incorrect..Operation: Processing PreFinalCommitSnapshotsContext: Execution Context: System ProviderError: (12/05/2014 04:31:31 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: ngtool.exe, version: 10.0.0.72, time stamp: 0x00000000Faulting module name: ngtool.exe, version: 10.0.0.72, time stamp: 0x00000000Exception code: 0x80000003Fault offset: 0x000000000001add6Faulting process id: 0x26d8Faulting application start time: 0xngtool.exe0Faulting application path: ngtool.exe1Faulting module path: ngtool.exe2Report Id: ngtool.exe3Faulting package full name: ngtool.exe4Faulting package-relative application ID: ngtool.exe5Error: (12/05/2014 04:31:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.Details:AddCoreCsiFiles : pSetupStringTableAddString() failed.System Error:Not enough storage is available to complete this operation..Error: (12/04/2014 00:11:52 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.Error: (12/04/2014 00:09:54 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.Error: (12/04/2014 10:30:26 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.Error: (12/04/2014 10:03:41 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: SolutoService.exe, version: 1.3.1193.1, time stamp: 0x5107c8fdFaulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eebd22Exception code: 0xc0000374Fault offset: 0x00000000000f0d6cFaulting process id: 0xbf8Faulting application start time: 0xSolutoService.exe0Faulting application path: SolutoService.exe1Faulting module path: SolutoService.exe2Report Id: SolutoService.exe3Faulting package full name: SolutoService.exe4Faulting package-relative application ID: SolutoService.exe5System errors:=============Error: (12/05/2014 08:12:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The lxdnCATSCustConnectService service failed to start due to the following error: %%1053Error: (12/05/2014 08:12:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.Error: (12/05/2014 08:11:04 AM) (Source: DCOM) (EventID: 10010) (User: NANNABANANA)Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}Error: (12/05/2014 04:36:42 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)Description: 1053AvastVBoxSvcUnavailable{F319F1B8-7587-4146-AF9C-0D6D77819BF1}Error: (12/05/2014 04:36:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The AvastVBox COM Service service failed to start due to the following error: %%1053Error: (12/05/2014 04:36:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.Error: (12/05/2014 04:35:57 AM) (Source: volsnap) (EventID: 6) (User: )Description: The shadow copy of volume C: could not create a new paged heap. The system may be low on virtual memory.Error: (12/05/2014 04:30:49 AM) (Source: volsnap) (EventID: 29) (User: )Description: The shadow copies of volume C: were aborted during detection.Error: (12/05/2014 04:30:49 AM) (Source: volsnap) (EventID: 6) (User: )Description: The shadow copy of volume C: could not create a new paged heap. The system may be low on virtual memory.Error: (12/05/2014 04:29:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).Microsoft Office Sessions:=========================Error: (12/05/2014 08:10:38 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.3.9600.1728453f816dcmsvcrt.dll7.0.9600.163845215f94440000015000000000005532697c01d01040eac58811C:\Windows\Explorer.EXEC:\Windows\system32\msvcrt.dll3ff9cce2-7c99-11e4-829d-40f02f1b2f54Error: (12/05/2014 04:35:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Details:AddCoreCsiFiles : pSetupStringTableAddString() failed.System Error:Not enough storage is available to complete this operation.Error: (12/05/2014 04:33:35 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.1.711542b53ecMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdb7401d010466c0be0dbC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlled7abec3-7c7a-11e4-829d-40f02f1b2f54Error: (12/05/2014 04:32:52 AM) (Source: VSS) (EventID: 12289) (User: )Description: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy10 - 00000000000001E4,0x00560034,000000E2D5C83100,0,000000E2D5C820F0,4096,[0])0x80070057, The parameter is incorrect.Operation: Processing PreFinalCommitSnapshotsContext: Execution Context: System ProviderError: (12/05/2014 04:31:31 AM) (Source: Application Error) (EventID: 1000) (User: )Description: ngtool.exe10.0.0.7200000000ngtool.exe10.0.0.720000000080000003000000000001add626d801d010875a89218cC:\Program Files\AVAST Software\Avast\ng\ngtool.exeC:\Program Files\AVAST Software\Avast\ng\ngtool.exea3af8d0c-7c7a-11e4-829d-40f02f1b2f54Error: (12/05/2014 04:31:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Details:AddCoreCsiFiles : pSetupStringTableAddString() failed.System Error:Not enough storage is available to complete this operation.Error: (12/04/2014 00:11:52 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exeError: (12/04/2014 00:09:54 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exeError: (12/04/2014 10:30:26 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Joanne\AppData\Local\Temp\ICD1.tmp\ESETSmartInstaller.exeError: (12/04/2014 10:03:41 AM) (Source: Application Error) (EventID: 1000) (User: )Description: SolutoService.exe1.3.1193.15107c8fdntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6cbf801d00fe844f705a3C:\Program Files\Soluto\SolutoService.exeC:\Windows\SYSTEM32\ntdll.dlle0ca0f2e-7bdf-11e4-829a-40f02f1b2f54CodeIntegrity Errors:=================================== Date: 2014-12-05 08:15:17.016 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-05 08:10:19.092 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-05 04:21:00.532 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-05 04:08:06.856 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements. Date: 2014-12-05 04:08:05.559 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements. Date: 2014-12-05 04:08:05.043 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements. Date: 2014-12-05 04:08:04.090 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements. Date: 2014-12-05 01:42:09.523 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-04 20:10:21.948 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-04 15:34:20.158 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHzPercentage of memory in use: 26%Total physical RAM: 10043.08 MBAvailable physical RAM: 7360.73 MBTotal Pagefile: 23355.08 MBAvailable Pagefile: 20323.13 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.78 MB==================== Drives ================================Drive c: (Local Disk) (Fixed) (Total:914.75 GB) (Free:752.98 GB) NTFSDrive e: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.23 GB) FAT==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 107C8CDB)Partition: GPT Partition Type.========================================================Disk: 1 (Size: 246 MB) (Disk ID: 1BFA02B9)Partition 1: (Active) - (Size=246 MB) - (Type=06)==================== End Of Log ============================
- December 5, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

wow - i just googled that trojan - it's a bad one! This isn't the first time I have been hit by a false java update notice - how completely annoying! Please help me get rid of this soon...
- December 4, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

These certainly produced useful information! Both logs attached. Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 12/4/2014Scan Time: 8:56:36 AMLogfile: Administrator: YesVersion: 2.00.3.1025Malware Database: v2014.12.04.07Rootkit Database: v2014.12.03.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: EnabledOS: Windows 8.1CPU: x64File System: NTFSUser: JoanneScan Type: Threat ScanResult: CompletedObjects Scanned: 333576Time Elapsed: 15 min, 18 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1Spyware.Zbot.ED, C:\ProgramData\Microsoft\Secure\Icons\temp\tmp54E8.exe, 411060, Delete-on-Reboot, [a6d158067a0247ef9d2bc4cf29dc2bd5]Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 1Spyware.Zbot.ED, HKU\S-1-5-21-459074797-2405321923-3278989467-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Idgsoft, C:\Users\Joanne\AppData\Local\Idgsoft\tmp54E8.exe, Quarantined, [2a4dfe609edee74f8f39316238cd4ab6]Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 2Spyware.Zbot.ED, C:\ProgramData\Microsoft\Secure\Icons\temp\tmp54E8.exe, Delete-on-Reboot, [a6d158067a0247ef9d2bc4cf29dc2bd5], Spyware.Zbot.ED, C:\Users\Joanne\AppData\Local\Idgsoft\tmp54E8.exe, Quarantined, [2a4dfe609edee74f8f39316238cd4ab6], Physical Sectors: 0(No malicious items detected)(end)After re-boot, here is the ESET scan result: C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll a variant of Win64/Sathurbot.A trojanC:\ProgramData\Microsoft\Secure\Icons\temp\tmp2382.exe Win32/Boaxxe.BR trojanC:\ProgramData\Microsoft\Secure\Icons\temp\tmp8E02.exe Win32/Boaxxe.BR trojanC:\ProgramData\Microsoft\Secure\Icons\temp\tmp9528.exe Win32/Boaxxe.BR trojanC:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll a variant of Win64/Sathurbot.A trojanC:\Users\All Users\Microsoft\Secure\Icons\temp\tmp2382.exe Win32/Boaxxe.BR trojanC:\Users\All Users\Microsoft\Secure\Icons\temp\tmp8E02.exe Win32/Boaxxe.BR trojanC:\Users\All Users\Microsoft\Secure\Icons\temp\tmp9528.exe Win32/Boaxxe.BR trojanC:\Users\Joanne\AppData\Local\Idgsoft\GdText.dll a variant of Win32/Boaxxe.BY trojanC:\Users\Joanne\AppData\Local\Owzdics\CfgMouselib.dll a variant of Win32/Boaxxe.BY trojanC:\Users\Joanne\Downloads\setup_free_pdf_merger.exe Win32/OpenCandy potentially unsafe applicationOperating memory a variant of Win32/Boaxxe.BY trojan
- December 4, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

I have no idea how to get a new addition file - how do I do that? Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014 ([color=red]ATTENTION: ====> FRST version is 15 days old and could be outdated[/color])Ran by SYSTEM on MININT-17L8UIU on 02-12-2014 12:26:39Running from D:\Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: RecoveryThe current controlset is ControlSet001[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-03] ()HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-03] ()HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [320168 2010-02-03] ()HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,Winlogon\Notify\igfxcui: igfxdev.dll [X]Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))HKU\Default\...\RunOnce: [RegDXVA1] => C:\Windows\system32\cmd.exe /c reg import "C:\Program Files (x86)\Acer\Acer Media_\SwitchUserVideoKey.reg"HKU\Default User\...\RunOnce: [RegDXVA1] => C:\Windows\system32\cmd.exe /c reg import "C:\Program Files (x86)\Acer\Acer Media_\SwitchUserVideoKey.reg"HKU\Joanne\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] ()HKU\Joanne\...\Run: [uTorrent] => C:\Users\Joanne\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.)HKU\Joanne\...\Run: [PCShowServer] => C:\Users\Joanne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1723760 2014-07-28] (NDS Technologies)HKU\Joanne\...\Run: [Idgsoft] => C:\Users\Joanne\AppData\Local\Idgsoft\tmp2382.exeHKU\Joanne\...\Run: [VueMinder] => C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe [9164288 2014-11-13] (VueSoft)Startup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Calendar Free.lnkShortcutTarget: Efficient Calendar Free.lnk -> C:\Program Files (x86)\Efficient Calendar Free\EfficientCalendarFree.exe (No File)Startup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)BootExecute: autocheck autochk * sdnclean64.exe==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] ()S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider)S2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] ()S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-26] (Avast Software)S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-27] (Lexmark International, Inc.)S2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )S2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)S2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] ()S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-01] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)S2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-18] (Realtek semiconductor corp)S1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-26] (Avast Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-01 19:14 - 2014-12-01 19:14 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Mad Head Games2014-12-01 17:14 - 2014-12-01 17:14 - 00002164 _____ () C:\Users\Public\Desktop\Play Paranormal Pursuit - The Gifted One.lnk2014-12-01 17:14 - 2014-12-01 17:14 - 00001300 _____ () C:\Users\Public\Desktop\More Great Games.lnk2014-12-01 17:12 - 2014-12-01 17:14 - 00000000 ____D () C:\Program Files (x86)\Paranormal Pursuit - The Gifted One2014-12-01 17:12 - 2014-12-01 17:12 - 00002074 _____ () C:\Users\Public\Desktop\Play Fear for Sale - The 13 Keys.lnk2014-12-01 17:11 - 2014-12-01 17:12 - 00000000 ____D () C:\Program Files (x86)\Fear for Sale - The 13 Keys2014-12-01 17:07 - 2014-12-01 17:07 - 00002129 _____ () C:\Users\Public\Desktop\Play Echoes of the Past - Wolf Healer.lnk2014-12-01 17:05 - 2014-12-01 17:07 - 00000000 ____D () C:\Program Files (x86)\Echoes of the Past - Wolf Healer2014-12-01 17:05 - 2014-12-01 17:05 - 00002089 _____ () C:\Users\Public\Desktop\Play Dreampath - The Two Kingdoms.lnk2014-12-01 17:04 - 2014-12-01 17:05 - 00000000 ____D () C:\Program Files (x86)\Dreampath - The Two Kingdoms2014-12-01 17:03 - 2014-12-01 17:03 - 00002087 _____ () C:\Users\Public\Desktop\Play Dark Realm - Queen of Flames.lnk2014-12-01 17:01 - 2014-12-01 17:03 - 00000000 ____D () C:\Program Files (x86)\Dark Realm - Queen of Flames2014-11-30 15:13 - 2014-11-30 15:13 - 00000197 _____ () C:\Windows\System32\2014-11-30-23-13-41.002-AvastVBoxSVC.exe-4476.log2014-11-30 10:28 - 2014-11-30 10:28 - 00002182 _____ () C:\Users\Public\Desktop\Play Rite of Passage - Child of the Forest.lnk2014-11-30 10:27 - 2014-11-30 10:28 - 00000000 ____D () C:\Program Files (x86)\Rite of Passage - Child of the Forest2014-11-30 10:08 - 2014-11-30 10:08 - 00002162 _____ () C:\Users\Public\Desktop\Play Legacy Tales - Mercy of the Gallows.lnk2014-11-30 10:07 - 2014-11-30 10:08 - 00000000 ____D () C:\Program Files (x86)\Legacy Tales - Mercy of the Gallows2014-11-30 09:44 - 2014-11-30 09:44 - 00237568 _____ (Big Fish Games) C:\Users\Joanne\Downloads\bigfishgames_p225147848_s1_l1.exe2014-11-29 14:42 - 2014-11-29 14:43 - 00000197 _____ () C:\Windows\System32\2014-11-29-22-42-35.086-AvastVBoxSVC.exe-3244.log2014-11-28 11:12 - 2014-11-28 11:12 - 00237568 _____ (Big Fish Games) C:\Users\Joanne\Downloads\bigfishgames_p224989807_s1_l1.exe2014-11-26 08:52 - 2014-11-26 08:52 - 00000247 _____ () C:\Windows\System32\2014-11-26-16-52-07.025-aswFe.exe-23296.log2014-11-26 08:31 - 2014-11-26 08:51 - 00000247 _____ () C:\Windows\System32\2014-11-26-16-31-49.008-aswFe.exe-17588.log2014-11-26 08:13 - 2014-11-26 08:28 - 00000247 _____ () C:\Windows\System32\2014-11-26-16-13-41.048-aswFe.exe-7968.log2014-11-26 08:13 - 2014-11-26 08:13 - 00000197 _____ () C:\Windows\System32\2014-11-26-16-13-39.038-AvastVBoxSVC.exe-6300.log2014-11-26 08:08 - 2014-11-26 08:09 - 00000000 ____D () C:\Windows\SysWOW64\vbox2014-11-26 08:08 - 2014-11-26 08:09 - 00000000 ____D () C:\Windows\System32\vbox2014-11-26 07:51 - 2014-11-26 07:51 - 00001990 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk2014-11-26 07:51 - 2014-11-26 07:50 - 00364512 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe2014-11-26 07:50 - 2014-11-26 07:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-11-21 11:56 - 2014-09-21 20:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll2014-11-21 11:56 - 2014-09-21 19:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys2014-11-21 11:56 - 2014-09-21 19:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys2014-11-21 11:56 - 2014-09-18 16:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll2014-11-21 11:56 - 2014-09-09 22:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys2014-11-21 11:56 - 2014-09-07 19:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2014-11-21 11:56 - 2014-09-07 19:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2014-11-21 11:56 - 2014-09-07 14:08 - 00389176 _____ () C:\Windows\System32\ApnDatabase.xml2014-11-21 11:56 - 2014-09-04 14:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll2014-11-21 11:56 - 2014-09-04 14:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll2014-11-21 11:56 - 2014-09-03 19:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll2014-11-21 11:56 - 2014-09-03 18:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll2014-11-21 11:56 - 2014-09-03 17:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll2014-11-21 11:56 - 2014-09-03 16:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll2014-11-21 11:56 - 2014-08-30 16:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS2014-11-21 11:56 - 2014-08-30 16:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll2014-11-21 11:56 - 2014-08-30 14:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-11-21 11:56 - 2014-08-30 14:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\System32\FXSCOMEX.dll2014-11-21 11:56 - 2014-08-30 13:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\System32\FXSAPI.dll2014-11-21 11:56 - 2014-08-30 13:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll2014-11-21 11:56 - 2014-08-30 12:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll2014-11-21 11:56 - 2014-08-30 12:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll2014-11-21 11:56 - 2014-08-27 18:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2014-11-21 11:56 - 2014-08-27 16:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll2014-11-21 11:56 - 2014-08-27 16:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll2014-11-21 11:56 - 2014-08-22 21:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll2014-11-21 11:56 - 2014-08-22 21:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll2014-11-21 11:56 - 2014-08-22 20:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers.dll2014-11-21 11:56 - 2014-08-01 16:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\System32\untfs.dll2014-11-21 11:56 - 2014-08-01 16:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll2014-11-21 11:55 - 2014-10-30 21:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2014-11-21 11:55 - 2014-10-30 19:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-11-21 11:55 - 2014-10-18 01:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2014-11-21 11:55 - 2014-10-18 00:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll2014-11-21 11:55 - 2014-10-18 00:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll2014-11-21 11:55 - 2014-10-17 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2014-11-21 11:55 - 2014-10-17 22:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wuaext.dll2014-11-21 11:55 - 2014-10-17 22:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2014-11-21 11:55 - 2014-10-17 22:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe2014-11-21 11:55 - 2014-10-17 22:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2014-11-21 11:55 - 2014-10-17 22:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll2014-11-21 11:55 - 2014-10-17 22:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll2014-11-21 11:55 - 2014-10-17 22:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll2014-11-21 11:55 - 2014-10-17 22:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll2014-11-21 11:55 - 2014-10-17 22:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-11-21 11:55 - 2014-10-17 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-11-21 11:55 - 2014-10-17 22:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-11-21 11:55 - 2014-10-17 22:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-11-21 11:55 - 2014-10-16 23:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll2014-11-21 11:55 - 2014-10-16 22:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-11-21 11:55 - 2014-10-12 18:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe2014-11-21 11:55 - 2014-10-10 16:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll2014-11-21 11:55 - 2014-10-10 16:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-11-21 11:55 - 2014-10-09 17:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2014-11-21 11:55 - 2014-10-09 17:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys2014-11-21 11:55 - 2014-10-09 17:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys2014-11-21 11:55 - 2014-10-07 23:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll2014-11-21 11:55 - 2014-10-07 23:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll2014-11-21 11:55 - 2014-10-07 23:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll2014-11-21 11:55 - 2014-10-07 23:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll2014-11-21 11:55 - 2014-10-07 23:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\rfxvmt.dll2014-11-21 11:55 - 2014-10-07 23:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll2014-11-21 11:55 - 2014-10-07 22:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll2014-11-21 11:55 - 2014-10-07 22:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-11-21 11:55 - 2014-10-07 22:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-11-21 11:55 - 2014-10-07 22:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-11-21 11:55 - 2014-10-07 22:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2014-11-21 11:55 - 2014-10-07 22:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll2014-11-21 11:55 - 2014-10-07 21:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll2014-11-21 11:55 - 2014-10-07 21:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll2014-11-21 11:55 - 2014-10-07 21:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-11-21 11:55 - 2014-09-26 23:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\System32\ncryptsslp.dll2014-11-21 11:55 - 2014-09-26 21:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll2014-11-21 11:55 - 2014-09-26 19:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll2014-11-21 11:55 - 2014-09-26 19:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\System32\dpapisrv.dll2014-11-21 11:55 - 2014-09-26 19:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-11-21 11:55 - 2014-09-21 18:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys2014-11-21 11:55 - 2014-09-02 14:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\winshfhc.dll2014-11-21 11:55 - 2014-09-02 14:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll2014-11-21 11:54 - 2014-10-30 21:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe2014-11-21 11:54 - 2014-10-30 21:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe2014-11-21 11:54 - 2014-10-30 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe2014-11-21 11:54 - 2014-10-30 21:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2014-11-21 11:54 - 2014-10-30 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2014-11-21 11:54 - 2014-10-30 21:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2014-11-21 11:54 - 2014-10-30 21:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll2014-11-21 11:54 - 2014-10-30 21:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2014-11-21 11:54 - 2014-10-30 21:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec2014-11-21 11:54 - 2014-10-30 21:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll2014-11-21 11:54 - 2014-10-30 20:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2014-11-21 11:54 - 2014-10-30 20:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2014-11-21 11:54 - 2014-10-30 20:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2014-11-21 11:54 - 2014-10-30 20:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2014-11-21 11:54 - 2014-10-30 20:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\hlink.dll2014-11-21 11:54 - 2014-10-30 20:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2014-11-21 11:54 - 2014-10-30 20:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2014-11-21 11:54 - 2014-10-30 20:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe2014-11-21 11:54 - 2014-10-30 20:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2014-11-21 11:54 - 2014-10-30 20:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll2014-11-21 11:54 - 2014-10-30 20:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2014-11-21 11:54 - 2014-10-30 20:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2014-11-21 11:54 - 2014-10-30 20:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll2014-11-21 11:54 - 2014-10-30 20:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2014-11-21 11:54 - 2014-10-30 20:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx2014-11-21 11:54 - 2014-10-30 20:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll2014-11-21 11:54 - 2014-10-30 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2014-11-21 11:54 - 2014-10-30 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2014-11-21 11:54 - 2014-10-30 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2014-11-21 11:54 - 2014-10-30 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll2014-11-21 11:54 - 2014-10-30 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2014-11-21 11:54 - 2014-10-30 20:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll2014-11-21 11:54 - 2014-10-30 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll2014-11-21 11:54 - 2014-10-30 20:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll2014-11-21 11:54 - 2014-10-30 20:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2014-11-21 11:54 - 2014-10-30 20:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2014-11-21 11:54 - 2014-10-30 20:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2014-11-21 11:54 - 2014-10-30 20:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2014-11-21 11:54 - 2014-10-30 19:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2014-11-21 11:54 - 2014-10-30 19:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2014-11-21 11:54 - 2014-10-30 19:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll2014-11-21 11:54 - 2014-10-30 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll2014-11-21 11:54 - 2014-10-30 19:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2014-11-21 11:54 - 2014-10-30 19:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2014-11-21 11:54 - 2014-10-30 19:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-11-21 11:54 - 2014-10-30 19:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2014-11-21 11:54 - 2014-10-30 19:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2014-11-21 11:54 - 2014-10-30 19:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-11-21 11:54 - 2014-10-30 19:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-11-21 11:54 - 2014-10-30 19:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-11-21 11:54 - 2014-10-30 19:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-11-21 11:54 - 2014-10-30 19:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2014-11-21 11:54 - 2014-10-30 19:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-11-21 11:54 - 2014-10-30 19:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-11-21 11:54 - 2014-10-30 19:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2014-11-21 11:54 - 2014-10-30 19:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-11-21 11:54 - 2014-10-30 19:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-11-21 11:54 - 2014-10-30 19:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-11-21 11:54 - 2014-10-30 19:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2014-11-21 11:54 - 2014-10-30 19:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-11-21 11:54 - 2014-10-30 19:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll2014-11-21 11:54 - 2014-10-30 19:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-11-21 11:54 - 2014-10-30 19:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-11-21 11:54 - 2014-10-30 19:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-11-21 11:54 - 2014-10-30 19:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2014-11-21 11:54 - 2014-10-30 19:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-11-21 11:54 - 2014-10-30 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-11-21 11:54 - 2014-10-30 18:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2014-11-21 11:54 - 2014-10-30 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-11-21 11:54 - 2014-10-30 18:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-11-21 11:54 - 2014-10-30 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-11-21 11:54 - 2014-10-30 18:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2014-11-21 11:54 - 2014-10-30 18:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-11-21 11:54 - 2014-10-30 18:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2014-11-21 11:54 - 2014-10-30 18:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-11-21 11:54 - 2014-10-30 18:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2014-11-21 11:54 - 2014-10-30 18:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2014-11-21 11:54 - 2014-10-30 18:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-11-21 11:54 - 2014-10-30 18:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-11-21 11:54 - 2014-10-30 18:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-11-21 11:54 - 2014-10-30 18:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-11-21 11:54 - 2014-10-30 18:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2014-11-21 11:54 - 2014-10-30 18:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2014-11-21 11:54 - 2014-10-30 18:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-11-21 11:54 - 2014-10-30 18:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-11-21 11:54 - 2014-10-30 18:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-11-21 11:50 - 2014-10-22 21:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll2014-11-21 11:50 - 2014-10-22 21:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-11-21 11:50 - 2014-10-06 19:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2014-11-21 11:50 - 2014-08-22 21:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll2014-11-21 11:50 - 2014-08-22 21:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-11-21 11:49 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll2014-11-21 11:49 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-11-21 11:49 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll2014-11-21 11:49 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll2014-11-21 11:49 - 2014-10-06 22:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll2014-11-21 11:49 - 2014-10-06 22:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe2014-11-21 11:49 - 2014-10-06 22:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll2014-11-21 11:49 - 2014-10-06 19:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-11-21 11:49 - 2014-10-06 19:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-21 11:49 - 2014-10-06 19:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-11-21 11:49 - 2014-10-06 17:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll2014-11-21 11:49 - 2014-10-06 17:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll2014-11-21 11:16 - 2014-11-21 11:16 - 00000000 _____ () C:\Recovery.txt2014-11-16 15:04 - 2014-11-16 15:06 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Nero2014-11-16 08:50 - 2014-12-02 12:20 - 00000000 ____D () C:\FRST2014-11-15 09:01 - 2014-11-15 09:01 - 00005764 _____ () C:\Users\Joanne\Desktop\Rkill.txt2014-11-15 08:31 - 2014-11-15 08:39 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix2014-11-15 08:29 - 2014-11-15 08:29 - 00025164 _____ () C:\Users\Joanne\Desktop\How to Fix icons.dll Error.html2014-11-13 16:14 - 2014-11-13 16:14 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\ERS Game Studios2014-11-13 12:36 - 2014-11-21 11:29 - 00000000 ____D () C:\Program Files\7-Zip2014-11-12 09:52 - 2014-11-12 09:52 - 00152096 _____ () C:\Users\Joanne\Desktop\Dental Plans Search Results - Dental Plan List _ Dental Plans.htm2014-11-10 16:44 - 2014-11-10 16:44 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-11-10 15:37 - 2014-11-10 15:37 - 00001827 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-11-10 15:37 - 2014-11-10 15:37 - 00000000 ____D () C:\ProgramData\Apple Computer2014-11-10 15:37 - 2014-11-10 15:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-11-10 13:52 - 2014-11-10 13:52 - 00000000 ____D () C:\Users\Joanne\Documents\ProcAlyzer Dumps2014-11-10 13:45 - 2014-03-12 10:34 - 00001805 ____R () C:\Windows\System32\Drivers\etc\hosts.20141110-134549.backup2014-11-10 08:18 - 2014-11-26 08:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-11-10 08:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe2014-11-10 08:17 - 2014-11-21 11:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-11-10 07:53 - 2014-11-21 11:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-11-07 13:38 - 2014-11-07 13:45 - 00000000 ____D () C:\AdwCleaner2014-11-07 13:24 - 2014-11-07 13:24 - 00000000 ____D () C:\Windows\ERUNT2014-11-05 07:07 - 2014-11-05 07:07 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-11-04 10:38 - 2014-11-04 10:38 - 01376768 _____ () C:\Users\Joanne\Downloads\7z920-x64.msi2014-11-02 16:21 - 2014-11-02 16:21 - 00102758 _____ () C:\Users\Joanne\Desktop\Avaya moving lab operations to Thornton; services group headed to Highlands Ranch - Denver Business Journal.html2014-11-02 16:04 - 2014-11-02 16:04 - 00100010 _____ () C:\Users\Joanne\Desktop\Avaya Inc. to relocate to Thornton, DigitalGlobe moves to Westminster - The Denver Post.htm==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-02 12:25 - 2014-01-06 22:42 - 01634400 _____ () C:\Windows\WindowsUpdate.log2014-12-02 12:25 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-12-02 12:14 - 2014-03-12 14:52 - 00000000 ___RD () C:\Users\Joanne\Desktop\UsefulTools2014-12-02 12:12 - 2014-03-11 13:34 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-459074797-2405321923-3278989467-10012014-12-02 11:50 - 2014-03-11 14:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-12-02 11:41 - 2014-01-06 23:12 - 00000000 ____D () C:\ProgramData\Temp2014-12-02 11:37 - 2014-03-12 11:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-12-01 21:34 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\BBI2014-12-01 21:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru2014-12-01 17:47 - 2014-04-14 07:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys2014-11-30 18:54 - 2014-03-11 20:56 - 00000000 ____D () C:\BigFishCache2014-11-30 15:35 - 2014-03-11 17:54 - 00036856 _____ () C:\Windows\System32\lvcoinst.log2014-11-30 15:35 - 2013-10-07 03:31 - 00863592 _____ () C:\Windows\System32\PerfStringBackup.INI2014-11-30 15:26 - 2014-03-11 13:42 - 00000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc2014-11-30 15:12 - 2014-03-11 13:31 - 00000000 ___DO () C:\Users\Joanne\SkyDrive2014-11-30 14:23 - 2014-03-11 13:27 - 00000000 ____D () C:\users\Joanne2014-11-29 16:05 - 2014-03-12 06:23 - 00000000 ____D () C:\Windows\System32\MRT2014-11-29 16:05 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp2014-11-29 16:02 - 2014-03-12 06:23 - 103374192 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2014-11-29 16:02 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM2014-11-29 14:42 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness2014-11-28 19:27 - 2014-03-12 09:50 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Eipix2014-11-26 09:53 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache2014-11-26 08:37 - 2014-03-12 11:42 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-26 08:06 - 2013-10-07 03:25 - 00111528 _____ () C:\Windows\PFRO.log2014-11-26 07:51 - 2014-03-11 14:56 - 01050432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys2014-11-26 07:50 - 2014-05-02 12:08 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00436624 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00267632 _____ () C:\Windows\System32\Drivers\aswVmm.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00116728 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00083280 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys2014-11-26 07:50 - 2014-03-11 14:56 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys2014-11-24 09:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports2014-11-24 08:00 - 2013-08-22 06:44 - 05002664 _____ () C:\Windows\System32\FNTCACHE.DAT2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ToastData2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-11-24 07:52 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-11-23 19:05 - 2014-03-11 17:21 - 00000000 ____D () C:\ProgramData\Lx_cats2014-11-21 11:51 - 2014-03-12 10:08 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-11-21 11:39 - 2014-08-19 17:42 - 00001907 _____ () C:\Users\Public\Desktop\VueMinder Ultimate.lnk2014-11-21 11:29 - 2014-03-13 13:31 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Free Desktop Clock 32014-11-21 11:29 - 2014-03-13 13:20 - 00000000 ____D () C:\Program Files (x86)\Amnesia2014-11-21 11:29 - 2014-03-12 10:41 - 00000000 ____D () C:\Users\Joanne\Documents\Amnesia2014-11-21 11:29 - 2014-03-12 08:50 - 00000000 ____D () C:\Program Files (x86)\East Side Story2014-11-21 11:29 - 2014-03-12 08:37 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\uTorrent2014-11-21 11:29 - 2014-03-11 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 __RSD () C:\Windows\Media2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\setup2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\MediaViewer2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\FileManager2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Camera2014-11-21 11:24 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\registration2014-11-21 11:23 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\System32\Sysprep2014-11-21 11:22 - 2014-03-11 13:29 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Packages2014-11-21 11:21 - 2014-08-19 17:41 - 00000000 ____D () C:\Program Files (x86)\VueSoft2014-11-21 11:21 - 2013-10-07 03:40 - 00000000 ____D () C:\Program Files (x86)\Nero2014-11-20 12:51 - 2014-05-02 07:48 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-11-20 12:51 - 2014-05-02 07:48 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-11-16 08:39 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\NDF2014-11-16 07:41 - 2013-08-22 06:46 - 00023906 _____ () C:\Windows\setupact.log2014-11-12 12:31 - 2014-03-12 10:10 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Deployment2014-11-12 04:00 - 2014-03-18 05:15 - 00000000 ____D () C:\Users\Joanne\Desktop\BWAC2014-11-10 15:35 - 2014-07-15 05:08 - 00001604 _____ () C:\Users\Joanne\Desktop\DivX Movies.lnk2014-11-10 15:35 - 2014-07-15 05:08 - 00001113 _____ () C:\Users\Public\Desktop\DivX Converter.lnk2014-11-10 15:35 - 2014-07-15 05:08 - 00001048 _____ () C:\Users\Public\Desktop\DivX Player.lnk2014-11-10 15:35 - 2014-07-15 05:06 - 00000000 ____D () C:\Program Files (x86)\DivX2014-11-10 15:35 - 2014-07-15 05:04 - 00000000 ____D () C:\ProgramData\DivX2014-11-10 15:33 - 2014-08-24 14:31 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Adobe2014-11-07 12:11 - 2014-03-12 09:22 - 00000000 ____D () C:\Program Files\WinRAR2014-11-06 16:08 - 2014-03-12 14:21 - 00000000 ____D () C:\Users\Joanne\Desktop\LOB2014-11-05 07:09 - 2014-04-23 07:51 - 00000000 ____D () C:\ProgramData\Oracle==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe[2014-09-14 20:29] - [2014-08-22 23:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEAC:\Windows\SysWOW64\explorer.exe[2014-09-14 20:29] - [2014-08-22 23:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595C:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll[2014-11-21 11:56] - [2014-09-21 20:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6CC:\Windows\SysWOW64\User32.dll[2014-11-21 11:56] - [2014-09-18 16:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1BC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2014-09-14 20:29] - [2014-06-18 18:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB==================== Restore Points =========================Restore point made on: 2014-11-21 11:36:37Restore point made on: 2014-11-21 22:28:21Restore point made on: 2014-11-26 07:44:36Restore point made on: 2014-11-26 08:09:24Restore point made on: 2014-11-29 15:55:43Restore point made on: 2014-11-29 16:01:32==================== Memory info =========================== Percentage of memory in use: 9%Total physical RAM: 10043.08 MBAvailable physical RAM: 9087.9 MBTotal Pagefile: 10043.08 MBAvailable Pagefile: 9117.54 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.87 MB==================== Drives ================================Drive c: (Local Disk) (Fixed) (Total:914.75 GB) (Free:741.36 GB) NTFSDrive d: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.23 GB) FATDrive f: (Recovery) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFSDrive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 107C8CDB)Partition: GPT Partition Type.========================================================Disk: 1 (Size: 246 MB) (Disk ID: 1BFA02B9)Partition 1: (Active) - (Size=246 MB) - (Type=06)LastRegBack: 2014-12-02 10:08==================== End Of Log ============================
- December 2, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

I just got home and checked my 'puter and the error messages are back again as well. So, I'm still at ground zero. What do we do next?
- December 2, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Um, yes. I didn't know if I should run your script after having restored my computer to an earlier restore point. I ran it last night. The log is attached. Please do note that the outcome may reflect the fact the I restored. Overall, it seems much better - I have stopped getting windows errors and and virus notices from Avast. However, I do still have something running that still gives me the repeated web site block message outgoing from windows explorer so there is still something wrong. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014Ran by SYSTEM at 2014-11-30 15:07:03 Run:1Running from D:\Boot Mode: Recovery==============================================Content of fixlist:*****************HKU\Default\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatformHKU\Default User\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatformHKU\Joanne\...\Run: [Owzdics] => regsvr32.exe C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll <===== ATTENTIONHKU\Joanne\...\RunOnce: [Application Restart #1] => C:\Users\Joanne\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side (the data entry has 542 more characters).HKU\Joanne\...\RunOnce: [Application Restart #1] => C:\Users\Joanne\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side (the data entry has 542 more characters).%LOCALAPPDATA%\Pokki2014-11-11 07:36 - 2014-11-13 16:17 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Owzdics2014-11-11 07:36 - 2014-11-13 16:17 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Idgsoft*****************HKU\Default\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value deleted successfully.HKU\Default User\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => Value not found.HKU\Joanne\Software\Microsoft\Windows\CurrentVersion\Run\\Owzdics => Value not found.HKU\Joanne\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => value deleted successfully.HKU\Joanne\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => Value not found.%LOCALAPPDATA%\Pokki => Error: No automatic fix found for this entry.C:\Users\Joanne\AppData\Local\Owzdics => Moved successfully.C:\Users\Joanne\AppData\Local\Idgsoft => Moved successfully.==== End of Fixlog ====
- December 1, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Here's TDSSKiller It didn't find anything - log attached. Um, maybe not - I don't seem to have a tool anywhere for attaching?!?!? I used it before - where is it?
- November 21, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Here is Gmer It had errors - said it couldn't access things that were in use - it also triggered a virus warning from Avast. It was unclear if I should have turned off virus protection. GMER 2.1.19357 - http://www.gmer.netRootkit scan 2014-11-21 15:00:53Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e ST1000DM003-1CH162 rev.CC47 931.51GBRunning: g630wd1b.exe; Driver: C:\Users\Joanne\AppData\Local\Temp\kwlyrpow.sys---- Threads - GMER 2.1 ----Thread C:\Windows\system32\csrss.exe [792:808] fffff96000880b90Thread C:\Windows\SysWOW64\regsvr32.exe [4384:5364] 000000006c2c95e0Thread C:\Windows\SysWOW64\regsvr32.exe [5640:2096] 000000006c2c2f08Thread C:\Windows\SysWOW64\regsvr32.exe [5640:5400] 000000006c2c2f08Thread C:\Windows\SysWOW64\regsvr32.exe [5640:5192] 000000006c2c2f08---- Processes - GMER 2.1 ----Library C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2628] (FILE NOT FOUND) 00007ffbc2d60000Library C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2628](2014-11-04 21:58:39) 00007ffbc10c0000Library C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll (*** suspicious ***) @ C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [3052](2014-11-11 15:36:56) 0000000001e90000Library C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll (*** suspicious ***) @ C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe [1312](2014-11-11 15:36:56) 0000000010000000Library C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll (*** suspicious ***) @ C:\Users\Joanne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [4208](2014-11-11 15:36:56) 0000000010000000Library C:\Users\Joanne\AppData\Local\Idgsoft\LGdrvNetwork8.dll (*** suspicious ***) @ C:\Windows\SysWOW64\regsvr32.exe [4384](2014-11-11 15:36:45) 0000000010000000Library C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll (*** suspicious ***) @ C:\Program Files\AVAST Software\Avast\avastui.exe [2568](2014-11-11 15:36:56) 0000000010000000Library C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll (*** suspicious ***) @ C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2156](2014-11-11 15:36:56) 00000000041d0000Library C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll (*** suspicious ***) @ C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [2708](2014-11-11 15:36:56) 0000000010000000Library C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll (*** suspicious ***) @ C:\Windows\SysWOW64\regsvr32.exe [5640](2014-11-11 15:36:56) 0000000010000000Library C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5332](2014-11-11 15:36:56) 0000000010000000Process C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB1DC.exe (*** suspicious ***) @ C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB1DC.exe [6124](2014-11-21 19:34:52) 0000000000400000Library C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll (*** suspicious ***) @ C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe [4348](2014-11-11 15:36:56) 0000000010000000Library C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c\LibWrap.dll (*** suspicious ***) @ C:\Windows\syswow64\wwahost.exe [3376] (Microsoft Skype/Microsoft Corporation)(2014-08-20 01:38:42) 0000000050d20000Library C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c\Microsoft.PerfTrack.dll (*** suspicious ***) @ C:\Windows\syswow64\wwahost.exe [3376] (Microsoft.PerfTrack.dll/Microsoft Corporation)(2014-03-11 23:32:22) 00000000707c0000Library C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c\MicrosoftAdvertising.dll (*** suspicious ***) @ C:\Windows\syswow64\wwahost.exe [3376] (Microsoft Advertising Native SDK for Windows 8/Microsoft Corporation)(2014-03-11 23:32:22) 0000000012c80000---- Disk sectors - GMER 2.1 ----Disk \Device\Harddisk0\DR0 unknown MBR code---- EOF - GMER 2.1 ----
- November 21, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

I am going to take the start over option before something worse happens again and I can't run everything.. I will send the three scans separately. Here's FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014Ran by Joanne (administrator) on NANNABANANA on 21-11-2014 14:52:31Running from C:\Users\Joanne\Desktop\UsefulToolsLoaded Profile: Joanne (Available profiles: Joanne)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe() C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe() C:\Program Files\Free Desktop Clock\timeserv.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe( ) C:\Windows\System32\lxdncoms.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe() C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Soluto) C:\Program Files\Soluto\Soluto.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe(Soluto) C:\Program Files\Soluto\SolutoService.exe(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Intel Corporation) C:\Windows\System32\igfxTray.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe() C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe(NDS Technologies) C:\Users\Joanne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe(Microsoft Corporation) C:\Windows\System32\regsvr32.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe() C:\Users\Joanne\AppData\Local\DIRECTV Player\NDSPCShowServer.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe() C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB1DC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(VueSoft) C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\WerFault.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-03] ()HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-03] ()HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-07] (AVAST Software)HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [320168 2010-02-03] ()HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,Winlogon\Notify\igfxcui: igfxdev.dll [X]Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] ()HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [uTorrent] => C:\Users\Joanne\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.)HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [PCShowServer] => C:\Users\Joanne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1723760 2014-07-28] (NDS Technologies)HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [Idgsoft] => C:\Users\Joanne\AppData\Local\Idgsoft\tmp2382.exe [118896 2014-11-11] ()HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [Owzdics] => regsvr32.exe C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll <===== ATTENTIONHKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [Emvrtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Joanne\AppData\Local\Idgsoft\LGdrvNetwork8.dllHKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\Run: [VueMinder] => C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe [9164288 2014-11-13] (VueSoft)HKU\S-1-5-21-459074797-2405321923-3278989467-1001\...\RunOnce: [Application Restart #1] => C:\Users\Joanne\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side (the data entry has 542 more characters).Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnkShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)Startup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Calendar Free.lnkShortcutTarget: Efficient Calendar Free.lnk -> C:\Program Files (x86)\Efficient Calendar Free\EfficientCalendarFree.exe (No File)Startup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-459074797-2405321923-3278989467-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJBSearchScopes: HKLM -> {EF24F0CD-DE58-443C-9DF1-CB4B4119DE6E} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJBSearchScopes: HKLM-x32 -> {EF24F0CD-DE58-443C-9DF1-CB4B4119DE6E} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJBSearchScopes: HKU\S-1-5-21-459074797-2405321923-3278989467-1001 -> URL http://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPB427A612-E140-4F7B-B715-76540BE3B4EA&q={searchTerms}&SSPV=SearchScopes: HKU\S-1-5-21-459074797-2405321923-3278989467-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}SearchScopes: HKU\S-1-5-21-459074797-2405321923-3278989467-1001 -> {EF24F0CD-DE58-443C-9DF1-CB4B4119DE6E} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444FF NewTab: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKU\S-1-5-21-459074797-2405321923-3278989467-1001: @nds.com/PlayerPlugin -> C:\Users\Joanne\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)FF Plugin HKU\S-1-5-21-459074797-2405321923-3278989467-1001: @nds.com/PlayerPlugin64 -> C:\Users\Joanne\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (DIRECTV)FF Plugin HKU\S-1-5-21-459074797-2405321923-3278989467-1001: NDS.com/PlayerPlugin -> C:\Users\Joanne\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Extension: Flashblock - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-05-07]FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-07]FF Extension: Restart - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\Restart@schuzak.jp.xpi [2014-08-10]FF Extension: Save as PDF - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2014-05-07]FF Extension: Adblock Plus - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-07]FF Extension: UnMHT - C:\Users\Joanne\AppData\Roaming\Mozilla\Firefox\Profiles\6tglq8ad.default-1394602370444\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2014-05-07]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-11]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-25]FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-20]Chrome: =======CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx []==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] () [File not signed]S3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider)R2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-02] (AVAST Software)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-27] (Lexmark International, Inc.)R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )R2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)R2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] () [File not signed]R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-02] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-02] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-02] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-02] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-02] ()R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-21] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-18] (Realtek semiconductor corp)R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-21 11:50 - 2014-10-22 21:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-11-21 11:50 - 2014-10-22 21:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-11-21 11:39 - 2014-11-21 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VueMinder Ultimate2014-11-21 11:16 - 2014-11-21 11:16 - 00000000 _____ () C:\Recovery.txt2014-11-16 15:04 - 2014-11-16 15:06 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Nero2014-11-16 08:50 - 2014-11-21 14:52 - 00000000 ____D () C:\FRST2014-11-15 09:01 - 2014-11-15 09:01 - 00005764 _____ () C:\Users\Joanne\Desktop\Rkill.txt2014-11-15 08:31 - 2014-11-15 08:39 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix2014-11-15 08:29 - 2014-11-15 08:29 - 00025164 _____ () C:\Users\Joanne\Desktop\How to Fix icons.dll Error.html2014-11-13 16:14 - 2014-11-13 16:14 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\ERS Game Studios2014-11-13 12:36 - 2014-11-21 11:29 - 00000000 ____D () C:\Program Files\7-Zip2014-11-12 09:52 - 2014-11-12 09:52 - 00152096 _____ () C:\Users\Joanne\Desktop\Dental Plans Search Results - Dental Plan List _ Dental Plans.htm2014-11-11 07:36 - 2014-11-21 11:29 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Owzdics2014-11-11 07:36 - 2014-11-21 11:29 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Idgsoft2014-11-10 16:44 - 2014-11-10 16:44 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-11-10 15:37 - 2014-11-10 15:37 - 00001827 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-11-10 15:37 - 2014-11-10 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-11-10 15:37 - 2014-11-10 15:37 - 00000000 ____D () C:\ProgramData\Apple Computer2014-11-10 15:37 - 2014-11-10 15:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-11-10 13:52 - 2014-11-10 13:52 - 00000000 ____D () C:\Users\Joanne\Documents\ProcAlyzer Dumps2014-11-10 13:45 - 2014-03-12 10:34 - 00001805 ____R () C:\Windows\system32\Drivers\etc\hosts.20141110-134549.backup2014-11-10 08:18 - 2014-11-10 13:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-11-10 08:18 - 2014-11-10 08:18 - 00001373 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-11-10 08:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2014-11-10 08:17 - 2014-11-21 11:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-11-10 07:53 - 2014-11-21 11:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-11-07 13:38 - 2014-11-07 13:45 - 00000000 ____D () C:\AdwCleaner2014-11-07 13:24 - 2014-11-07 13:24 - 00000000 ____D () C:\Windows\ERUNT2014-11-05 07:07 - 2014-11-05 07:07 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-11-05 07:07 - 2014-11-05 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-11-04 10:38 - 2014-11-04 10:38 - 01376768 _____ () C:\Users\Joanne\Downloads\7z920-x64.msi2014-11-02 16:21 - 2014-11-02 16:21 - 00102758 _____ () C:\Users\Joanne\Desktop\Avaya moving lab operations to Thornton; services group headed to Highlands Ranch - Denver Business Journal.html2014-11-02 16:04 - 2014-11-02 16:04 - 00100010 _____ () C:\Users\Joanne\Desktop\Avaya Inc. to relocate to Thornton, DigitalGlobe moves to Westminster - The Denver Post.htm2014-10-30 10:28 - 2014-10-30 10:28 - 00067682 _____ () C:\Users\Joanne\Desktop\Flexible Jobs How to Find Success - Not Scams.htm2014-10-22 13:48 - 2014-10-22 13:48 - 00000000 ____D () C:\Program Files\McAfee==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-21 14:52 - 2014-03-12 14:52 - 00000000 ___RD () C:\Users\Joanne\Desktop\UsefulTools2014-11-21 14:37 - 2014-03-12 11:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-21 14:31 - 2014-01-06 22:42 - 01716169 _____ () C:\Windows\WindowsUpdate.log2014-11-21 14:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru2014-11-21 12:05 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness2014-11-21 11:57 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp2014-11-21 11:56 - 2014-03-11 13:34 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-459074797-2405321923-3278989467-10012014-11-21 11:52 - 2014-03-11 17:54 - 00033614 _____ () C:\Windows\system32\lvcoinst.log2014-11-21 11:51 - 2014-03-12 10:08 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-11-21 11:46 - 2014-04-14 07:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-21 11:40 - 2013-10-07 03:31 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-21 11:39 - 2014-08-19 17:42 - 00001907 _____ () C:\Users\Public\Desktop\VueMinder Ultimate.lnk2014-11-21 11:37 - 2014-03-11 14:56 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-11-21 11:37 - 2014-03-11 14:56 - 00001992 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-11-21 11:37 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM2014-11-21 11:35 - 2014-03-11 13:31 - 00000000 ___DO () C:\Users\Joanne\SkyDrive2014-11-21 11:32 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-21 11:29 - 2014-03-13 13:31 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Free Desktop Clock 32014-11-21 11:29 - 2014-03-13 13:20 - 00000000 ____D () C:\Program Files (x86)\Amnesia2014-11-21 11:29 - 2014-03-12 10:41 - 00000000 ____D () C:\Users\Joanne\Documents\Amnesia2014-11-21 11:29 - 2014-03-12 08:51 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\East Side Story2014-11-21 11:29 - 2014-03-12 08:50 - 00000000 ____D () C:\Program Files (x86)\East Side Story2014-11-21 11:29 - 2014-03-12 08:37 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\uTorrent2014-11-21 11:29 - 2014-03-11 17:21 - 00000000 ____D () C:\ProgramData\Lx_cats2014-11-21 11:29 - 2014-03-11 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-11-21 11:29 - 2014-03-11 13:27 - 00000000 ____D () C:\Users\Joanne2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 __RSD () C:\Windows\Media2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ToastData2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\setup2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\MediaViewer2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\FileManager2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Camera2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-11-21 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-11-21 11:24 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\registration2014-11-21 11:23 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\system32\Sysprep2014-11-21 11:22 - 2014-03-13 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Games2014-11-21 11:22 - 2014-03-11 13:29 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Packages2014-11-21 11:21 - 2014-08-19 17:41 - 00000000 ____D () C:\Program Files (x86)\VueSoft2014-11-21 11:21 - 2013-10-07 03:40 - 00000000 ____D () C:\Program Files (x86)\Nero2014-11-21 11:09 - 2013-10-07 03:25 - 00104510 _____ () C:\Windows\PFRO.log2014-11-16 08:39 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\NDF2014-11-16 07:41 - 2013-08-22 06:46 - 00023906 _____ () C:\Windows\setupact.log2014-11-12 12:31 - 2014-03-12 10:10 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Deployment2014-11-12 08:40 - 2014-03-12 06:23 - 00000000 ____D () C:\Windows\system32\MRT2014-11-12 06:18 - 2013-10-07 03:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-11-12 06:17 - 2014-01-06 23:12 - 00000000 ____D () C:\ProgramData\Temp2014-11-12 04:00 - 2014-03-18 05:15 - 00000000 ____D () C:\Users\Joanne\Desktop\BWAC2014-11-11 11:37 - 2014-03-12 11:42 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-11 09:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports2014-11-10 15:35 - 2014-07-15 05:08 - 00001604 _____ () C:\Users\Joanne\Desktop\DivX Movies.lnk2014-11-10 15:35 - 2014-07-15 05:08 - 00001113 _____ () C:\Users\Public\Desktop\DivX Converter.lnk2014-11-10 15:35 - 2014-07-15 05:08 - 00001048 _____ () C:\Users\Public\Desktop\DivX Player.lnk2014-11-10 15:35 - 2014-07-15 05:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX2014-11-10 15:35 - 2014-07-15 05:06 - 00000000 ____D () C:\Program Files (x86)\DivX2014-11-10 15:35 - 2014-07-15 05:04 - 00000000 ____D () C:\ProgramData\DivX2014-11-10 15:33 - 2014-08-24 14:31 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Adobe2014-11-07 16:17 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-11-07 12:11 - 2014-03-12 09:22 - 00000000 ____D () C:\Program Files\WinRAR2014-11-06 16:08 - 2014-03-12 14:21 - 00000000 ____D () C:\Users\Joanne\Desktop\LOB2014-11-05 07:09 - 2014-04-23 07:51 - 00000000 ____D () C:\ProgramData\Oracle2014-10-29 16:55 - 2014-05-02 07:48 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-10-29 16:55 - 2014-05-02 07:48 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-10-29 06:50 - 2013-10-07 03:38 - 00000000 ____D () C:\Program Files (x86)\McAfee2014-10-29 06:50 - 2013-10-07 03:37 - 00000000 ____D () C:\ProgramData\McAfee2014-10-24 15:32 - 2014-07-12 18:38 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Blue Tea Games2014-10-22 13:42 - 2013-08-22 06:44 - 05002664 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-22 13:40 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\WinStore==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-11-21 11:56==================== End Of Log ============================
- November 21, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Ooops - I just missed you. I needed the computer back so I did a restore prior to the critical update and sure enough it worked. I have my 'puter back to being functional. So, do you still want me to run this or should we back up to the start and run all three of the tests you requested? It's unclear if restoring to another point will impact what you sent me. Which do you want me to do?
- November 21, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

The internet seems to think resetting to a restore point will fix this flashing probem - it appears to be a quite widespread problem from a Windows 8 update. I need to get my 'puter back to basic functionality ASAP and I haven't heard from you. Should I try the restore and if it works run another FRST for you and then the other tests you asked for? Or are you close to having some other fix?
- November 19, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

I don't know if this is useful information or not, but I managed to get task manager running so I could look at what processes seemed to be the problem. It's a battle between MBAM and Windows error reporting - at times using up to 75% CPU. It's almost as though MBAM itself was compromised (or is the target of the attack).
- November 18, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Here's the FRST log - I tried the others (GMER and TDSSKiller) as well, but evidently they need more running to work - I got an error stating that the subsystem needed to support the image type wasn't present. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014Ran by SYSTEM on MININT-K6P38B6 on 18-11-2014 09:45:05Running from D:\Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: RecoveryThe current controlset is ControlSet001[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-03] ()HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-03] ()HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-07] (AVAST Software)HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [320168 2010-02-03] ()HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,Winlogon\Notify\igfxcui: igfxdev.dll [X]Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))HKU\Default\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatformHKU\Default\...\RunOnce: [RegDXVA1] => C:\Windows\system32\cmd.exe /c reg import "C:\Program Files (x86)\Acer\Acer Media_\SwitchUserVideoKey.reg"HKU\Default User\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatformHKU\Default User\...\RunOnce: [RegDXVA1] => C:\Windows\system32\cmd.exe /c reg import "C:\Program Files (x86)\Acer\Acer Media_\SwitchUserVideoKey.reg"HKU\Joanne\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] ()HKU\Joanne\...\Run: [PCShowServer] => C:\Users\Joanne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1723760 2014-07-28] (NDS Technologies)HKU\Joanne\...\Run: [Owzdics] => regsvr32.exe C:\Users\Joanne\AppData\Local\Owzdics\LGdrvNetwork8.dll <===== ATTENTIONHKU\Joanne\...\Run: [Emvrtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Joanne\AppData\Local\Idgsoft\LGdrvNetwork8.dllHKU\Joanne\...\Run: [VueMinder] => C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe [9164288 2014-11-13] (VueSoft)HKU\Joanne\...\RunOnce: [Application Restart #1] => C:\Users\Joanne\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side (the data entry has 542 more characters).Startup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Calendar Free.lnkShortcutTarget: Efficient Calendar Free.lnk -> C:\Program Files (x86)\Efficient Calendar Free\EfficientCalendarFree.exe (No File)Startup: C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)BootExecute: autocheck autochk * sdnclean64.exe==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] ()S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider)S2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] ()S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-02] (AVAST Software)S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-27] (Lexmark International, Inc.)S2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )S2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)S2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] ()S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-02] ()S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-02] (AVAST Software)S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-02] (AVAST Software)S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-02] ()S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-02] ()S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-10] (Qualcomm Atheros Communications, Inc.)S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-17] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)S2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-18] (Realtek semiconductor corp)S1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-16 15:26 - 2014-11-16 15:26 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Nero_AG2014-11-16 15:12 - 2012-08-29 14:12 - 00073016 _____ (Nero AG) C:\Windows\System32\Drivers\NBVol.sys2014-11-16 15:12 - 2012-08-29 14:08 - 00016696 _____ (Nero AG) C:\Windows\System32\Drivers\NBVolUp.sys2014-11-16 15:04 - 2014-11-16 15:06 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Nero2014-11-16 08:50 - 2014-11-16 08:52 - 00000000 ____D () C:\FRST2014-11-15 16:10 - 2014-11-15 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-11-15 09:01 - 2014-11-15 09:01 - 00005764 _____ () C:\Users\Joanne\Desktop\Rkill.txt2014-11-15 08:31 - 2014-11-15 08:39 - 00000000 ____D () C:\Program Files (x86)\Advanced Fix2014-11-15 08:29 - 2014-11-15 08:29 - 00025164 _____ () C:\Users\Joanne\Desktop\How to Fix icons.dll Error.html2014-11-14 18:36 - 2014-11-14 18:36 - 00000000 ____D () C:\Program Files (x86)\VueSoft2014-11-14 10:10 - 2014-11-14 10:10 - 02194064 _____ (Microsoft Corporation) C:\Users\Joanne\Downloads\DefaultPack.EXE2014-11-13 16:14 - 2014-11-13 16:14 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\ERS Game Studios2014-11-13 12:36 - 2014-11-13 12:36 - 00000000 ____D () C:\Program Files\7-Zip2014-11-12 09:52 - 2014-11-12 09:52 - 00152096 _____ () C:\Users\Joanne\Desktop\Dental Plans Search Results - Dental Plan List _ Dental Plans.htm2014-11-12 05:15 - 2014-10-12 18:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe2014-11-12 05:15 - 2014-10-10 16:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll2014-11-12 05:15 - 2014-10-10 16:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-11-12 05:15 - 2014-10-07 23:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll2014-11-12 05:15 - 2014-10-07 23:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll2014-11-12 05:15 - 2014-10-07 22:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-11-12 05:15 - 2014-10-07 21:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll2014-11-12 05:15 - 2014-10-07 21:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-11-12 05:15 - 2014-09-26 23:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\System32\ncryptsslp.dll2014-11-12 05:15 - 2014-09-26 21:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll2014-11-12 05:15 - 2014-09-26 19:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll2014-11-12 05:15 - 2014-09-26 19:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\System32\dpapisrv.dll2014-11-12 05:15 - 2014-09-26 19:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-11-12 05:15 - 2014-09-21 20:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll2014-11-12 05:15 - 2014-09-21 19:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys2014-11-12 05:15 - 2014-09-21 19:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys2014-11-12 05:15 - 2014-09-21 18:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys2014-11-12 05:15 - 2014-09-18 16:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll2014-11-12 05:15 - 2014-09-02 14:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\winshfhc.dll2014-11-12 05:15 - 2014-09-02 14:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll2014-11-12 05:14 - 2014-10-09 17:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2014-11-12 05:14 - 2014-10-09 17:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys2014-11-12 05:14 - 2014-10-09 17:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys2014-11-12 05:14 - 2014-10-07 23:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll2014-11-12 05:14 - 2014-10-07 23:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll2014-11-12 05:14 - 2014-10-07 23:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll2014-11-12 05:14 - 2014-10-07 23:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\rfxvmt.dll2014-11-12 05:14 - 2014-10-07 22:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll2014-11-12 05:14 - 2014-10-07 22:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-11-12 05:14 - 2014-10-07 22:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-11-12 05:14 - 2014-10-07 22:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2014-11-12 05:14 - 2014-10-07 22:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll2014-11-12 05:14 - 2014-10-07 21:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll2014-11-12 05:13 - 2014-10-30 21:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2014-11-12 05:13 - 2014-10-30 21:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2014-11-12 05:13 - 2014-10-30 21:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll2014-11-12 05:13 - 2014-10-30 21:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2014-11-12 05:13 - 2014-10-30 21:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec2014-11-12 05:13 - 2014-10-30 20:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2014-11-12 05:13 - 2014-10-30 20:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\hlink.dll2014-11-12 05:13 - 2014-10-30 20:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2014-11-12 05:13 - 2014-10-30 20:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2014-11-12 05:13 - 2014-10-30 20:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe2014-11-12 05:13 - 2014-10-30 20:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2014-11-12 05:13 - 2014-10-30 20:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll2014-11-12 05:13 - 2014-10-30 20:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2014-11-12 05:13 - 2014-10-30 20:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2014-11-12 05:13 - 2014-10-30 20:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx2014-11-12 05:13 - 2014-10-30 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll2014-11-12 05:13 - 2014-10-30 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2014-11-12 05:13 - 2014-10-30 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll2014-11-12 05:13 - 2014-10-30 20:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll2014-11-12 05:13 - 2014-10-30 20:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2014-11-12 05:13 - 2014-10-30 20:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2014-11-12 05:13 - 2014-10-30 20:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2014-11-12 05:13 - 2014-10-30 20:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2014-11-12 05:13 - 2014-10-30 19:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2014-11-12 05:13 - 2014-10-30 19:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2014-11-12 05:13 - 2014-10-30 19:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll2014-11-12 05:13 - 2014-10-30 19:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-11-12 05:13 - 2014-10-30 19:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2014-11-12 05:13 - 2014-10-30 19:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-11-12 05:13 - 2014-10-30 19:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2014-11-12 05:13 - 2014-10-30 19:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2014-11-12 05:13 - 2014-10-30 19:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-11-12 05:13 - 2014-10-30 19:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-11-12 05:13 - 2014-10-30 19:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll2014-11-12 05:13 - 2014-10-30 19:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-11-12 05:13 - 2014-10-30 19:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-11-12 05:13 - 2014-10-30 19:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-11-12 05:13 - 2014-10-30 19:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-11-12 05:13 - 2014-10-30 18:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2014-11-12 05:13 - 2014-10-30 18:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-11-12 05:13 - 2014-10-30 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-11-12 05:13 - 2014-10-30 18:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2014-11-12 05:13 - 2014-10-30 18:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-11-12 05:13 - 2014-10-30 18:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-11-12 05:13 - 2014-10-30 18:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2014-11-12 05:13 - 2014-10-30 18:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2014-11-12 05:13 - 2014-10-30 18:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-11-12 05:13 - 2014-10-30 18:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-11-12 05:13 - 2014-10-30 18:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-11-12 05:13 - 2014-10-30 18:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-11-12 05:13 - 2014-10-30 18:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2014-11-12 05:13 - 2014-10-30 18:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-11-12 05:13 - 2014-10-30 18:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-11-12 05:13 - 2014-10-30 18:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-11-12 05:13 - 2014-10-18 01:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2014-11-12 05:13 - 2014-10-18 00:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll2014-11-12 05:13 - 2014-10-18 00:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll2014-11-12 05:13 - 2014-10-17 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2014-11-12 05:13 - 2014-10-17 22:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wuaext.dll2014-11-12 05:13 - 2014-10-17 22:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2014-11-12 05:13 - 2014-10-17 22:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe2014-11-12 05:13 - 2014-10-17 22:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2014-11-12 05:13 - 2014-10-17 22:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll2014-11-12 05:13 - 2014-10-17 22:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll2014-11-12 05:13 - 2014-10-17 22:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll2014-11-12 05:13 - 2014-10-17 22:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll2014-11-12 05:13 - 2014-10-17 22:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-11-12 05:13 - 2014-10-17 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-11-12 05:13 - 2014-10-17 22:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-11-12 05:13 - 2014-10-17 22:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-11-12 05:13 - 2014-10-16 23:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll2014-11-12 05:13 - 2014-10-16 22:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-11-12 05:12 - 2014-10-30 21:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe2014-11-12 05:12 - 2014-10-30 21:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe2014-11-12 05:12 - 2014-10-30 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe2014-11-12 05:12 - 2014-10-30 21:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll2014-11-12 05:12 - 2014-10-30 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2014-11-12 05:12 - 2014-10-30 21:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2014-11-12 05:12 - 2014-10-30 21:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2014-11-12 05:12 - 2014-10-30 21:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll2014-11-12 05:12 - 2014-10-30 20:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2014-11-12 05:12 - 2014-10-30 20:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2014-11-12 05:12 - 2014-10-30 20:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll2014-11-12 05:12 - 2014-10-30 20:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2014-11-12 05:12 - 2014-10-30 20:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll2014-11-12 05:12 - 2014-10-30 20:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll2014-11-12 05:12 - 2014-10-30 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2014-11-12 05:12 - 2014-10-30 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2014-11-12 05:12 - 2014-10-30 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2014-11-12 05:12 - 2014-10-30 20:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll2014-11-12 05:12 - 2014-10-30 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll2014-11-12 05:12 - 2014-10-30 19:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2014-11-12 05:12 - 2014-10-30 19:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-11-12 05:12 - 2014-10-30 19:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2014-11-12 05:12 - 2014-10-30 19:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2014-11-12 05:12 - 2014-10-30 19:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-11-12 05:12 - 2014-10-30 19:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-11-12 05:12 - 2014-10-30 19:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-11-12 05:12 - 2014-10-30 19:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-11-12 05:12 - 2014-10-30 19:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-11-12 05:12 - 2014-10-30 19:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-11-12 05:12 - 2014-10-30 19:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-11-12 05:12 - 2014-10-30 19:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2014-11-12 05:12 - 2014-10-30 19:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2014-11-12 05:12 - 2014-10-30 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-11-12 05:12 - 2014-10-30 18:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2014-11-12 05:12 - 2014-10-30 18:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-11-12 05:12 - 2014-10-30 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-11-12 05:12 - 2014-10-30 18:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2014-11-12 05:12 - 2014-10-30 18:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2014-11-12 05:10 - 2014-10-22 21:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll2014-11-12 05:10 - 2014-10-22 21:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-11-12 05:10 - 2014-10-06 22:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll2014-11-12 05:10 - 2014-10-06 22:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll2014-11-12 05:10 - 2014-10-06 22:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll2014-11-12 05:10 - 2014-10-06 22:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe2014-11-12 05:10 - 2014-10-06 22:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll2014-11-12 05:10 - 2014-10-06 19:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-11-12 05:10 - 2014-10-06 19:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-12 05:10 - 2014-10-06 19:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-11-12 05:10 - 2014-10-06 19:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2014-11-12 05:10 - 2014-10-06 17:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll2014-11-12 05:10 - 2014-10-06 17:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll2014-11-12 05:10 - 2014-09-09 22:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys2014-11-12 05:10 - 2014-09-07 19:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2014-11-12 05:10 - 2014-09-07 19:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2014-11-12 05:10 - 2014-09-07 14:08 - 00389176 _____ () C:\Windows\System32\ApnDatabase.xml2014-11-12 05:10 - 2014-09-04 14:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll2014-11-12 05:10 - 2014-09-04 14:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll2014-11-12 05:10 - 2014-09-03 19:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll2014-11-12 05:10 - 2014-09-03 18:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll2014-11-12 05:10 - 2014-09-03 17:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll2014-11-12 05:10 - 2014-09-03 16:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll2014-11-12 05:10 - 2014-08-30 16:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS2014-11-12 05:10 - 2014-08-30 16:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll2014-11-12 05:10 - 2014-08-30 14:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-11-12 05:10 - 2014-08-30 14:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\System32\FXSCOMEX.dll2014-11-12 05:10 - 2014-08-30 13:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\System32\FXSAPI.dll2014-11-12 05:10 - 2014-08-30 13:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll2014-11-12 05:10 - 2014-08-30 12:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll2014-11-12 05:10 - 2014-08-30 12:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll2014-11-12 05:10 - 2014-08-27 18:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2014-11-12 05:10 - 2014-08-27 16:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll2014-11-12 05:10 - 2014-08-27 16:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll2014-11-12 05:10 - 2014-08-22 21:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll2014-11-12 05:10 - 2014-08-22 21:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll2014-11-12 05:10 - 2014-08-22 21:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll2014-11-12 05:10 - 2014-08-22 21:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-11-12 05:10 - 2014-08-22 20:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers.dll2014-11-12 05:10 - 2014-08-01 16:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\System32\untfs.dll2014-11-12 05:10 - 2014-08-01 16:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll2014-11-11 07:36 - 2014-11-13 16:17 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Owzdics2014-11-11 07:36 - 2014-11-13 16:17 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Idgsoft2014-11-10 16:44 - 2014-11-10 16:44 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-11-10 15:37 - 2014-11-10 15:37 - 00001827 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-11-10 15:37 - 2014-11-10 15:37 - 00000000 ____D () C:\ProgramData\Apple Computer2014-11-10 15:37 - 2014-11-10 15:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-11-10 13:52 - 2014-11-10 13:52 - 00000000 ____D () C:\Users\Joanne\Documents\ProcAlyzer Dumps2014-11-10 13:45 - 2014-03-12 10:34 - 00001805 ____R () C:\Windows\System32\Drivers\etc\hosts.20141110-134549.backup2014-11-10 08:18 - 2014-11-10 13:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-11-10 08:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe2014-11-10 08:17 - 2014-11-10 15:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-11-07 13:38 - 2014-11-07 13:45 - 00000000 ____D () C:\AdwCleaner2014-11-07 13:24 - 2014-11-07 13:24 - 00000000 ____D () C:\Windows\ERUNT2014-11-05 07:07 - 2014-11-05 07:07 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-11-05 07:07 - 2014-11-05 07:07 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-11-04 10:38 - 2014-11-04 10:38 - 01376768 _____ () C:\Users\Joanne\Downloads\7z920-x64.msi2014-11-02 16:21 - 2014-11-02 16:21 - 00102758 _____ () C:\Users\Joanne\Desktop\Avaya moving lab operations to Thornton; services group headed to Highlands Ranch - Denver Business Journal.html2014-11-02 16:04 - 2014-11-02 16:04 - 00100010 _____ () C:\Users\Joanne\Desktop\Avaya Inc. to relocate to Thornton, DigitalGlobe moves to Westminster - The Denver Post.htm2014-10-30 10:28 - 2014-10-30 10:28 - 00067682 _____ () C:\Users\Joanne\Desktop\Flexible Jobs How to Find Success - Not Scams.htm2014-10-22 13:48 - 2014-10-22 13:48 - 00000000 ____D () C:\Program Files\McAfee2014-10-19 10:34 - 2014-10-19 10:34 - 06513608 _____ ( ) C:\Users\Joanne\Downloads\Sublime Text 2.0.2 x64 Setup.exe2014-10-19 10:34 - 2014-10-19 10:34 - 00000000 ____D () C:\Program Files\Sublime Text 2==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-18 09:39 - 2014-01-06 22:42 - 02056037 _____ () C:\Windows\WindowsUpdate.log2014-11-18 09:39 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru2014-11-18 09:39 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-17 05:52 - 2014-04-14 07:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys2014-11-17 05:52 - 2014-03-11 13:31 - 00000000 __RDO () C:\Users\Joanne\SkyDrive2014-11-17 05:26 - 2014-03-11 13:27 - 00000000 ____D () C:\users\Joanne2014-11-17 05:02 - 2013-10-07 03:31 - 00863592 _____ () C:\Windows\System32\PerfStringBackup.INI2014-11-16 16:59 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\BBI2014-11-16 16:37 - 2014-03-12 11:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-16 15:30 - 2014-01-06 23:12 - 00000000 ____D () C:\ProgramData\Temp2014-11-16 15:12 - 2013-10-07 03:40 - 00000000 ____D () C:\Program Files (x86)\Nero2014-11-16 11:53 - 2014-03-12 14:52 - 00000000 ___RD () C:\Users\Joanne\Desktop\UsefulTools2014-11-16 09:33 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache2014-11-16 09:27 - 2014-03-11 13:34 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-459074797-2405321923-3278989467-10012014-11-16 08:50 - 2014-03-12 08:37 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\uTorrent2014-11-16 08:39 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\NDF2014-11-16 08:13 - 2014-03-11 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-11-16 08:13 - 2013-10-07 03:25 - 00103794 _____ () C:\Windows\PFRO.log2014-11-16 07:51 - 2014-03-13 13:20 - 00000000 ____D () C:\Program Files (x86)\Amnesia2014-11-16 07:41 - 2013-08-22 06:46 - 00023906 _____ () C:\Windows\setupact.log2014-11-14 19:07 - 2014-03-11 17:54 - 00033018 _____ () C:\Windows\System32\lvcoinst.log2014-11-14 18:36 - 2014-08-19 17:42 - 00001907 _____ () C:\Users\Public\Desktop\VueMinder Ultimate.lnk2014-11-14 18:32 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness2014-11-13 12:19 - 2014-03-11 13:29 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Packages2014-11-13 08:11 - 2014-03-18 05:15 - 00000000 ____D () C:\Users\Joanne\Desktop\BWAC2014-11-13 07:13 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\Offline Web Pages2014-11-12 14:43 - 2014-03-11 17:21 - 00000000 ____D () C:\ProgramData\Lx_cats2014-11-12 12:31 - 2014-03-12 10:10 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Deployment2014-11-12 09:48 - 2013-08-22 06:44 - 05002664 _____ () C:\Windows\System32\FNTCACHE.DAT2014-11-12 09:46 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-11-12 09:46 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-11-12 09:46 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp2014-11-12 08:40 - 2014-03-12 06:23 - 00000000 ____D () C:\Windows\System32\MRT2014-11-12 08:40 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ToastData2014-11-12 08:40 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel2014-11-12 08:38 - 2014-03-12 06:23 - 103374192 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2014-11-11 11:37 - 2014-03-12 11:42 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-11 09:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\LiveKernelReports2014-11-10 15:35 - 2014-07-15 05:08 - 00001604 _____ () C:\Users\Joanne\Desktop\DivX Movies.lnk2014-11-10 15:35 - 2014-07-15 05:08 - 00001113 _____ () C:\Users\Public\Desktop\DivX Converter.lnk2014-11-10 15:35 - 2014-07-15 05:08 - 00001048 _____ () C:\Users\Public\Desktop\DivX Player.lnk2014-11-10 15:35 - 2014-07-15 05:06 - 00000000 ____D () C:\Program Files (x86)\DivX2014-11-10 15:35 - 2014-07-15 05:04 - 00000000 ____D () C:\ProgramData\DivX2014-11-10 15:33 - 2014-08-24 14:31 - 00000000 ____D () C:\Users\Joanne\AppData\Local\Adobe2014-11-07 12:11 - 2014-03-12 09:22 - 00000000 ____D () C:\Program Files\WinRAR2014-11-06 16:08 - 2014-03-12 14:21 - 00000000 ____D () C:\Users\Joanne\Desktop\LOB2014-11-05 07:09 - 2014-04-23 07:51 - 00000000 ____D () C:\ProgramData\Oracle2014-10-29 16:55 - 2014-05-02 07:48 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-10-29 16:55 - 2014-05-02 07:48 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-10-29 06:50 - 2013-10-07 03:38 - 00000000 ____D () C:\Program Files (x86)\McAfee2014-10-29 06:50 - 2013-10-07 03:37 - 00000000 ____D () C:\ProgramData\McAfee2014-10-24 15:32 - 2014-07-12 18:38 - 00000000 ____D () C:\Users\Joanne\AppData\Roaming\Blue Tea Games2014-10-22 13:40 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\WinStore2014-10-22 13:40 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\MediaViewer2014-10-22 13:40 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\FileManager2014-10-22 13:40 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Camera2014-10-21 02:45 - 2014-03-12 10:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe[2014-09-14 20:29] - [2014-08-22 23:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEAC:\Windows\SysWOW64\explorer.exe[2014-09-14 20:29] - [2014-08-22 23:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595C:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll[2014-11-12 05:15] - [2014-09-21 20:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6CC:\Windows\SysWOW64\User32.dll[2014-11-12 05:15] - [2014-09-18 16:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1BC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2014-09-14 20:29] - [2014-06-18 18:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB==================== Restore Points =========================Restore point made on: 2014-11-08 16:20:41Restore point made on: 2014-11-12 08:37:25Restore point made on: 2014-11-13 12:35:41Restore point made on: 2014-11-14 18:35:34Restore point made on: 2014-11-14 22:20:22Restore point made on: 2014-11-16 15:11:45==================== Memory info =========================== Percentage of memory in use: 9%Total physical RAM: 10043.08 MBAvailable physical RAM: 9096.32 MBTotal Pagefile: 10043.08 MBAvailable Pagefile: 9125.86 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.88 MB==================== Drives ================================Drive c: (Local Disk) (Fixed) (Total:914.75 GB) (Free:759.29 GB) NTFSDrive d: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.23 GB) FATDrive f: (Recovery) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFSDrive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 107C8CDB)Partition: GPT Partition Type.========================================================Disk: 1 (Size: 246 MB) (Disk ID: 1BFA02B9)Partition 1: (Active) - (Size=246 MB) - (Type=06)LastRegBack: 2014-11-12 03:07==================== End Of Log ============================
- November 18, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo replied to MsJoJo's topic in Resolved Malware Removal Logs

Hello Marius, Thanks for helping me out! Unfortunately, we have a bit of a problem now. Whatever was runing repeatedly and causing errors and browser flashing has now hijacked my 'puter big time. All I get after startup is an endless rapidly repeating cycle of blue screen and desktop. Here's what I tried: 1) restart with early virus detection off (same problem) 2) restart with auto-fix (got a message it couldn't be repaired with auto-fix) 3) restart in safe mode (same problem) I was going to try using a restore point, but I figured you wouldn't want that kind of change right now. So, it appears I'll need to do something with the command line at startup to have a useable 'puter to do as you requested. At least I hope it's that simple.
- November 17, 2014
- 34 replies
windows tmp.exe errors and malicious web blocking

MsJoJo posted a topic in Resolved Malware Removal Logs

Well, I got hit somehow - despite having Avast and Malwarebytes professional. 1) At startup I get: Svr32 (RegLGdrvNetwork8.dll failed to load) 2) Then I get repeated errors for missing temp exe files in ProgramData/Microsoft/Secure/Icons/temp/tmpSomeNumber.exe However, Avast also repeatedly catches a virus in them and quarantines the tmp.exe files. The viruses found in them have been: Win32:Malware-gen Win32:Evo-gen[susp] Win32:Dropper-gen[Drp] FileRepMalware Something keeps generating new infected tmp.exe files there I guess - they all have different numbers. 3) Malwarebytes goes in cycles with rapid notices about malicious web sites blocked: the IP address varies, but it's always outgoing and it's generally port 6881 (although I do sometimes see a different port) - the process reported is always windows explorer. 4) The most obvious symptom of this is a constantly flickering browser (firefox), but sometimes game windows are halted. My PC is also running very slowly - especially when opening games. The longer the PC runs, the worse it gets - restarting a few times during the day has seemed to help keep the browser the least annoying. Wow - back to re-booting the PC several times a day - that's a backward step in time for sure! Neither Avast nor Malwarebytes finds anything in system scans. I also purchased SpyBot and scanned, but it didn't find anything either. That pretty much assured me it was time for some specific help. The requested FRST.txt and Addition.txt files are attached. Please help! FRST.txt Addition.txt
- November 16, 2014
- 34 replies

Events

Profiles

Forums

Everything posted by MsJoJo

Important Information