Jump to content

Search the Community

Showing results for tags 'Trojan.FakeMS.ED'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 6 results

  1. MBAM is now reporting mp3Tag as a virus, Trojan.FakeMS.ED. The attached program files, one of the installer, the other of the exe in program files, are zipped with the password being "mbam" (in lower case): virustotal scan of the exe in C:\ProgramFiles(x86)\mp3Tag--https://www.virustotal.com/en/file/76a99a8a007271ad04ece9294f072075a55472b6b1690734a036f4c0c2d1deb7/analysis/ Rescanning of the exe in program files today gives MBAM as the only one reporting it as a positive: https://www.virustotal.com/en/file/76a99a8a007271ad04ece9294f072075a55472b6b1690734a036f4c0c2d1deb7/analysis/1414446816/ Scanning of the installer (which I may have renamed, I don't remember), Mp3tag_v2.65.exe, gives no positives in virustotal's old scan, from 10 hours ago: https://www.virustotal.com/en/file/d52a6e3a37b35188215f1307f1b6a8545256dd45b8bc4b3ae2fc57b54dde0adb/analysis/ Rescanning the installer by virustotal gives MBAM as the only one reporting a positive: https://www.virustotal.com/en/file/d52a6e3a37b35188215f1307f1b6a8545256dd45b8bc4b3ae2fc57b54dde0adb/analysis/1414449014/ The files are digitally signed by Florian Heidenreich on Oct 18, 2014, at 5:03:42 AM for the exe and at 5:03:52 AM for the installer exe. Neither file shows any modification according to Windows. So, either the file has magically changed without Windows knowing about it, or MBAM did something in its definitions to add it as a risk. I am assuming that the program is not doing anything it shouldn't do, i.e., that it hasn't been malicious all this time with MBAM being the first one to discover it. What is exceedingly peculiar is that I cannot find the original MBAM log reporting it as a positive when it was in ProgramFiles(x86). MBAM kept bugging me via systray for at least 30 minutes, but I was busy gathering information to report a false positive to Sophos, since its virus removal tool had suddenly decided that ipresetall.exe was a trojan,*** so I was ignoring MBAM for a while. Before restoring the file from quarantine, I went to an external drive to find the original installer, and put that in my downloads folder, which is the only place that I could find MBAM reporting either the installer or the program file, despite MBAM having been bugging me for at least half an hour about the exe in program files. I then scanned the installer file and, upon finding that virustotal thought it was safe, went ahead and restored the item from MBAM's quarantine. After it quarantines the file, MBAM cannot then find it itself: there are a couple of dozen entries like this in the protection log: Detection, 10/27/2014 4:16:02 PM, SYSTEM, HAL9000B, Protection, Malware Protection, File, Trojan.FakeMS.ED, c:\program files (x86)\mp3tag\mp3tag.exe, Quarantine Failed, 2, The system cannot find the file specified. , [cde61efba9d33ef8cad1d00856ab4ab6] [***You might take a look at ipresetall, since a number of vendors are starting to report it as a postive. Virustotal reports that 12 of 54 find it a threat, whereas Norton was the only one for a long time to think that it was evil. I finally got Norton to whitelist it a couple of months ago. If more vendors are finding it to be evil, you might very well also in the near future, unless you already have it whitelisted. See https://www.virustotal.com/en/file/485e79900bd33ae201f685834a7999d588e6909d7031b73dc344e8b783cbf871/analysis/; the file is available via a link on http://www.eightforums.com/network-sharing/18945-error-when-resetting-tcp-ip-stack.html.]
  2. I believe I have a false positive detection. The file is the installer for Microsoft Data Engine (MSDE) Version 1.0, included with the installer for Magic eDeveloper. The detection just started with the last database update and the file has been on my computer for about six years without any modifications or previous detections. Here is the VirusTotal report: https://www.virustotal.com/en/file/b5f9f3467b9b9a5c84c7900d10d9d02aa4c3ee98b89d1b2ec0b06152957e20ba/analysis/1433793359/ I've attached the file. If you need it, I can send you the log file as a private message since it's got my full name. MSDEx86.zip
  3. I have Pdf995 installed on my computer. Malwarebytes is identifying \pdf995\res\drivedir\pdfmon95.dll as Trojan.FakeMS.ED malware.
  4. AMD FX-8320 3.52 processor 8GB RAM 64-bit Windows 7 Home Premium. AMD R9 270 video card Have Malwarebytes Anti-Malware Premium which started blocking malicious websites 10/25/14. Malwarebytes was logging: Outbound, C:\Windows\SysWOW64\dllhost.exe fff5ee.com, 57150, Outbound, C:\Windows\SysWOW64\dllhost.exe searchnet.blinkxcore.com, 57171, Outbound, C:\Windows\SysWOW64\dllhost.exe Problem progressed to corruption of video driver and now computer will not boot in normal mode as the screen is all blue. Will boot in safe mode with networking. Malwarebytes quarantined the Trojans but the computer still will not boot. Current scan with Malwarebytes says no malicious items were detected but I am not sure I believe it. Please, I need help removing the infection.
  5. Good Morning, Starting yesterday Malwarebytes Premium 2.03.1025 started reporting the following files as containing Trojan.FakeMS.ED: IEMIL_3.CAB and IENT_S6.CAB which are files contained in the installation of Quicken Deluxe 2005. I ran a full scan again after the database was updated and obtained the same results. I ran a full scan of Avast Internet Security which reported no threats. I'm hoping you folks will find these as a false positive as I saw a recent post here with a similiar issue. I'm attaching my zip file containing the 2 files in question plus the application log file from the last scan. Thank you very much in advance for your assistance.
  6. MBAM Pro found over 600 instances of Trojan.FakeMS.ED just all of a sudden. I couldn't start any browsers without going into safe mode, they were working so slowly. Farbar scan is below. Thank you so much for your help. I haven't quarantined anything, as it seems there are so many systems files listed it might cripple the computer.Addition.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014Ran by Michael (administrator) on SHAKTIDEVA on 27-07-2014 02:29:33Running from C:\Users\Michael\DesktopPlatform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Safe Mode (with Networking) The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe(Microsoft Corporation) C:\Windows\HelpPane.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-26] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-26] (Lenovo(beijing) Limited)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [NOFOLDEROPTIONS] 0HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [Google Update] => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-15] (Google Inc.)HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [Office Timeline Performance Helper] => C:\Program Files (x86)\Office Timeline\2013\OfficeTimelineStartup.exe [16640 2013-12-19] (OfficeTimeline LLC)HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3192056 2013-11-14] (Disc Soft Ltd)HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [DVSSkypeRecorder] => C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe [1014440 2014-06-23] (DVDVideoSoft Ltd.)HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Policies\Explorer: [DisallowRun] 1HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\MountPoints2: {4618a17e-a9e0-11e3-bee5-b888e3916e9f} - "G:\setup.exe" HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\MountPoints2: {bf5b0ff0-b7ee-11e2-be92-b888e3916e9f} - "G:\ch_drive.exe" HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\MountPoints2: {bf5b1146-b7ee-11e2-be92-b888e3916e9f} - "F:\ch_drive.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\StartUp\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\StartUp\CrashPlan Tray.lnkShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\StartUp\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\EmEditor.lnkShortcutTarget: EmEditor.lnk -> C:\Program Files\EmEditor\emedtray.exe (Emurasoft, Inc.)Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Framework.exe.lnkShortcutTarget: Framework.exe.lnk -> C:\Program Files\Windows Media Player\Framework.exe (No File)Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No FileShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No FileShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No FileShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No FileShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No FileShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)ShellIconOverlayIdentifiers: StorageProviderError -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)ShellIconOverlayIdentifiers: StorageProviderSyncing -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No FileShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)ShellIconOverlayIdentifiers-x32: StorageProviderError -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: StorageProviderSyncing -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30945AC76034CE01SearchScopes: HKLM - {8B0E5150-500E-44CB-95DD-A4EEA715D2C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKLM-x32 - {8B0E5150-500E-44CB-95DD-A4EEA715D2C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKCU - URL http://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP277B50EE-2813-4B72-9792-3285BE2BE209&q={searchTerms}&SSPV=SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}SearchScopes: HKCU - {8B0E5150-500E-44CB-95DD-A4EEA715D2C3} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No FileBHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL No FileBHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)BHO-x32: No Name -> {01F29AE5-D48D-417B-9D00-8A115C23A0EB} -> C:\Users\Michael\AppData\LocalLow\systems ie bho\bho.dll ()BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)BHO-x32: No Name -> {452ADB5B-00BE-469D-A65F-3046146B2ED5} -> No FileBHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileDPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL No FileShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No File [ ]Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: E:\My Documents\Tech Files\Firefox ProfileFF NetworkProxy: "type", 1FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\Michael\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Backup\npuplaypc.dll (Ubisoft)FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF SearchPlugin: E:\My Documents\Tech Files\Firefox Profile\searchplugins\the-pirate-bay.xmlFF Extension: Perapera Chinese - E:\My Documents\Tech Files\Firefox Profile\Extensions\chineseperakun@gmail.com [2013-05-16]FF Extension: Xmarks - E:\My Documents\Tech Files\Firefox Profile\Extensions\foxmarks@kei.com [2014-07-13]FF Extension: Perapera Japanese - E:\My Documents\Tech Files\Firefox Profile\Extensions\peraperakun@gmail.com [2013-05-16]FF Extension: Elite Proxy Switcher - E:\My Documents\Tech Files\Firefox Profile\Extensions\eliteproxyswitcher@my-proxy.com.xpi [2013-05-16]FF Extension: عارض PDF - E:\My Documents\Tech Files\Firefox Profile\Extensions\uriloader@pdf.js.xpi [2014-07-07]FF Extension: Modify Headers - E:\My Documents\Tech Files\Firefox Profile\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2014-05-29]FF Extension: Adblock Plus - E:\My Documents\Tech Files\Firefox Profile\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-23]FF Extension: QuickProxy - E:\My Documents\Tech Files\Firefox Profile\Extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}.xpi [2013-05-16]FF Extension: DownThemAll! - E:\My Documents\Tech Files\Firefox Profile\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-29]FF Extension: UnMHT - E:\My Documents\Tech Files\Firefox Profile\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2014-05-29]FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2014-06-18]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-26]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-07-27]FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2014-07-14]FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-07] (Broadcom Corporation.)S2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]S2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-09] (CrashPlan) [File not signed]S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [723192 2013-11-14] (Disc Soft Ltd)S2 HandleService; C:\Users\Michael\AppData\Roaming\Win System\handle.exe [637952 2014-06-10] (Handle) [File not signed]S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-07-10] (Trusteer Ltd.)S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]S2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2014-03-12] (Alcohol Soft Development Team)S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-07-03] (Symantec Corporation)S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2014-03-12] (Disc Soft Ltd)R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2014-03-12] (DT Soft Ltd)S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-14] (Symantec Corporation)S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-14] (Symantec Corporation)S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2013-11-13] (AnchorFree Inc.)S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20140725.001\IDSvia64.sys [525016 2014-07-11] (Symantec Corporation)S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-26] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140726.002\ENG64.SYS [126040 2014-07-25] (Symantec Corporation)S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140726.002\EX64.SYS [2099288 2014-07-25] (Symantec Corporation)R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-02-25] (Intel Corporation)S1 RapportCerberus_69875; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys [631128 2014-07-25] ()S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-07-10] (Trusteer Ltd.)S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [288440 2014-07-10] (Trusteer Ltd.)S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-07-10] (Trusteer Ltd.)S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-07-10] (Trusteer Ltd.)S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-12] (Duplex Secure Ltd.)S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)S0 SymELAM; C:\Windows\System32\drivers\N360x64\1504000.00D\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-14] (Symantec Corporation)S1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)S1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)S1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)R3 vmlitestor; C:\Windows\System32\drivers\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)S1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)S2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-07-25] (Exent Technologies Ltd.)S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)S3 AsyncMac; \SystemRoot\system32\DRIVERS\asyncmac.sys [X]S1 MpKslce7cc813; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AAEEAF7E-4D3E-4ACD-86FD-55A19EB2C93B}\MpKslce7cc813.sys [X]S3 srv2; System32\DRIVERS\srv2.sys [X]S3 USBSTOR; \SystemRoot\System32\drivers\USBSTOR.SYS [X]S3 WSDPrintDevice; \SystemRoot\System32\drivers\WSDPrint.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-27 02:29 - 2014-07-27 02:29 - 00000000 _____ () C:\Users\Michael\Desktop\FRST.txt2014-07-27 02:07 - 2014-07-27 02:08 - 00066691 _____ () C:\Users\Michael\Downloads\Addition.txt2014-07-27 02:06 - 2014-07-27 02:20 - 00079658 _____ () C:\Users\Michael\Downloads\FRST.txt2014-07-27 02:05 - 2014-07-27 02:29 - 00000000 ____D () C:\FRST2014-07-27 02:02 - 2014-07-27 02:03 - 02093568 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe2014-07-27 01:48 - 2014-07-27 01:48 - 00000000 ____D () C:\WINDOWS\pss2014-07-27 01:17 - 2014-07-27 01:17 - 00070186 _____ () C:\Trojan.FakeMS.ED.txt2014-07-26 13:13 - 2014-07-26 13:25 - 307365764 _____ () C:\Users\Michael\Downloads\amike21_(Giorgio_Moroder)-2014-07-26.zip2014-07-26 13:13 - 2014-07-26 13:19 - 98924383 _____ () C:\Users\Michael\Downloads\amike13-2014-07-26.zip2014-07-26 13:07 - 2014-07-26 13:11 - 62472618 _____ () C:\Users\Michael\Downloads\amike18_(SDM_outtakes)-2014-07-26.zip2014-07-26 13:04 - 2014-07-26 13:13 - 204814015 _____ () C:\Users\Michael\Downloads\amike20_(Seeing_Past_Disco)-2014-07-26.zip2014-07-25 12:28 - 2014-07-25 12:28 - 00002589 _____ () C:\Users\Public\Desktop\Romaco Timeout.lnk2014-07-25 12:28 - 2014-07-25 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Romaco Canada2014-07-25 11:51 - 2014-07-25 11:51 - 00002613 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Romaco Timeout.lnk2014-07-25 08:22 - 2014-07-25 08:22 - 00000000 ____D () C:\Users\Michael\AppData\Local\Romaco_Canada2014-07-25 08:20 - 2014-07-25 08:20 - 00000000 ____D () C:\Program Files (x86)\Romaco Canada2014-07-25 08:16 - 2014-07-25 08:16 - 00929416 _____ (CNET Download.com) C:\Users\Michael\Downloads\cbsidlm-cbsi188-Romaco_Timeout-SEO-75325347.exe2014-07-20 00:11 - 2014-07-20 00:11 - 00296288 _____ () C:\WINDOWS\Minidump\072014-2000578-01.dmp2014-07-20 00:11 - 2014-07-20 00:11 - 00000000 ____D () C:\WINDOWS\Minidump2014-07-19 04:58 - 2014-07-19 04:58 - 02999166 _____ () C:\Users\Michael\Downloads\[中医大辞典].txt2014-07-17 18:27 - 2014-07-17 20:41 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk 9.0.1.10-PROPER2014-07-17 18:05 - 2014-07-17 18:05 - 00000000 ____D () C:\Users\Michael\B93251B592094DAB867CAA98D91584CD.TMP2014-07-17 17:51 - 2014-07-17 20:05 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk Pro 8.5.7.302014-07-17 17:45 - 2014-07-17 17:45 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall (2).exe2014-07-17 17:44 - 2014-07-17 17:44 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall (1).exe2014-07-17 17:44 - 2014-07-17 17:44 - 00000000 ___RD () C:\Sandbox2014-07-17 17:42 - 2014-07-25 15:27 - 00001734 _____ () C:\WINDOWS\Sandboxie.ini2014-07-17 17:42 - 2014-07-17 17:37 - 00000919 _____ () C:\Users\Michael\Desktop\Sandboxed Web Browser.lnk2014-07-17 17:38 - 2014-07-17 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie2014-07-17 17:37 - 2014-07-17 17:37 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall.exe2014-07-17 17:37 - 2014-07-17 17:37 - 00000000 ____D () C:\Program Files\Sandboxie2014-07-17 17:33 - 2014-07-17 17:33 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Avanquest2014-07-17 17:33 - 2014-07-17 17:33 - 00000000 ____D () C:\Program Files (x86)\Avanquest2014-07-17 17:32 - 2014-07-17 18:35 - 70974775 _____ () C:\Users\Michael\Downloads\PowerDesk-9.rar2014-07-17 17:28 - 2014-07-17 17:30 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk Pro v7.0.1.32014-07-17 17:27 - 2014-07-17 17:27 - 00026267 _____ () C:\Users\Michael\Downloads\[kickassunblock.net]powerdesk.pro.7.torrent2014-07-17 17:27 - 2014-07-17 17:27 - 00013583 _____ () C:\Users\Michael\Downloads\[kickassunblock.net]a.powerdesk.pro.v7.0.1.3.with.keygen.torrent2014-07-17 17:26 - 2014-07-17 17:27 - 20964928 _____ (Copernic, a division of N. Harris Copernic Systems) C:\Users\Michael\Downloads\copernicdesktopsearch.exe2014-07-17 17:16 - 2014-07-17 18:18 - 71328399 _____ () C:\Users\Michael\Downloads\PowerDesk 9 Final.exe2014-07-17 17:09 - 2013-01-17 20:35 - 00002456 _____ () C:\Program Files\hklm avan2.reg2014-07-17 17:09 - 2013-01-17 20:33 - 00003430 _____ () C:\Program Files\hkcu avan1.reg2014-07-17 17:08 - 2014-07-17 17:15 - 00000813 _____ () C:\Users\Michael\Desktop\PDExploNXP.exe.lnk2014-07-17 17:06 - 2014-07-17 17:18 - 00000000 ____D () C:\Program Files\avan2014-07-17 16:45 - 2014-07-17 17:05 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk 9 Final2014-07-17 16:43 - 2014-07-17 16:45 - 00000000 ____D () C:\Users\Michael\Downloads\Best of Starvation Bundle2014-07-17 15:52 - 2014-07-17 16:00 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\qBittorrent2014-07-17 15:52 - 2014-07-17 15:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\qBittorrent2014-07-17 15:51 - 2014-07-17 15:51 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent2014-07-17 15:51 - 2014-07-17 15:51 - 00000000 ____D () C:\Program Files (x86)\qBittorrent2014-07-17 15:46 - 2014-07-17 15:47 - 10509452 _____ (The qBittorrent project) C:\Users\Michael\Downloads\qbittorrent_3.1.9.2_setup.exe2014-07-17 15:38 - 2014-07-17 15:39 - 01859152 _____ (BitTorrent Inc.) C:\Users\Michael\Downloads\uTorrent (2).exe2014-07-17 13:25 - 2014-07-17 13:25 - 00000000 ____D () C:\Program Files\Realtek2014-07-17 13:25 - 2013-07-23 15:40 - 02103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll2014-07-17 13:24 - 2013-08-27 20:37 - 03613528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys2014-07-17 13:24 - 2013-08-27 19:23 - 00638209 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT2014-07-17 13:24 - 2013-08-27 17:07 - 05680680 _____ () C:\WINDOWS\system32\Drivers\rtvienna.dat2014-07-17 13:24 - 2013-08-27 15:25 - 00147672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll2014-07-17 13:24 - 2013-08-27 14:08 - 32358400 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat2014-07-17 13:24 - 2013-08-26 14:29 - 02585816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll2014-07-17 13:24 - 2013-08-20 20:17 - 02809048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll2014-07-17 13:24 - 2013-08-06 09:47 - 00947248 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll2014-07-17 13:24 - 2013-08-02 20:16 - 01005784 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll2014-07-17 13:24 - 2013-07-26 14:05 - 00617176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll2014-07-17 13:24 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl2014-07-17 13:24 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll2014-07-17 13:24 - 2012-11-14 11:41 - 00378000 _____ (Realtek Semiconductor) C:\WINDOWS\system32\RtkGuiCompLib.dll2014-07-17 13:24 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll2014-07-17 13:24 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll2014-07-17 13:24 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll2014-07-17 13:24 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll2014-07-17 13:24 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll2014-07-17 13:24 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll2014-07-17 13:24 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll2014-07-17 13:24 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll2014-07-17 13:24 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll2014-07-17 13:24 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll2014-07-17 13:24 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll2014-07-17 13:24 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll2014-07-17 13:24 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll2014-07-17 13:24 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll2014-07-17 13:24 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll2014-07-17 13:24 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll2014-07-17 13:24 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll2014-07-17 13:23 - 2013-08-14 16:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll2014-07-17 13:23 - 2013-07-23 15:39 - 14048512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll2014-07-17 13:23 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll2014-07-17 13:23 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll2014-07-17 13:23 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll2014-07-17 13:23 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll2014-07-17 13:23 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll2014-07-17 13:22 - 2013-08-14 16:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll2014-07-17 13:22 - 2013-08-07 17:41 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll2014-07-17 13:22 - 2013-08-06 04:56 - 06219096 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll2014-07-17 13:22 - 2013-08-06 04:56 - 01908568 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll2014-07-17 13:22 - 2013-08-06 04:56 - 00312152 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll2014-07-17 13:22 - 2013-08-06 04:56 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll2014-07-17 13:22 - 2013-08-05 18:11 - 02743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll2014-07-17 13:22 - 2013-07-24 10:07 - 02032896 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll2014-07-17 13:22 - 2013-07-23 15:39 - 01916672 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll2014-07-17 13:22 - 2013-07-23 15:39 - 00922880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll2014-07-17 13:22 - 2013-06-05 21:42 - 00208072 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll2014-07-17 13:22 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll2014-07-17 13:22 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll2014-07-17 13:22 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll2014-07-17 13:20 - 2013-08-08 19:57 - 02080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll2014-07-17 11:24 - 2014-07-17 11:34 - 333229760 _____ (Lenovo Group Limited ) C:\Users\Michael\Downloads\audio129w81.exe2014-07-17 11:24 - 2014-07-17 11:24 - 02024376 _____ (Easeware ) C:\Users\Michael\Downloads\Lenovo_Downloader_for_5_0pau05w8.exe2014-07-17 11:23 - 2014-07-17 11:23 - 02024376 _____ (Easeware ) C:\Users\Michael\Downloads\Lenovo_Downloader_for_0pau05w8.exe2014-07-16 15:43 - 2014-07-16 15:54 - 00000610 _____ () C:\Users\Michael\Desktop\002.part.met.bak2014-07-16 15:43 - 2014-07-16 15:54 - 00000610 _____ () C:\Users\Michael\Desktop\002.part.met2014-07-16 15:43 - 2014-07-16 15:43 - 00000000 _____ () C:\Users\Michael\Desktop\002.part2014-07-16 13:11 - 2014-07-16 13:11 - 00394227 _____ () C:\Users\Michael\Downloads\valussichapter.zip2014-07-15 21:40 - 2014-07-15 21:40 - 00146183 _____ () C:\Users\Michael\Downloads\YouTube-Unblocker-056.crx2014-07-15 12:26 - 2014-07-15 12:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless2014-07-15 12:26 - 2014-07-15 12:26 - 00000000 ____D () C:\Program Files (x86)\Cisco2014-07-15 12:25 - 2014-07-15 12:25 - 00011420 _____ () C:\WINDOWS\DPINST.LOG2014-07-15 12:25 - 2014-07-15 12:25 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp2014-07-15 12:17 - 2014-07-15 12:22 - 95240144 _____ (Intel® Corporation) C:\Users\Michael\Downloads\Wireless_16.11.0_e164.exe2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SystemRequirementsLab2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab2014-07-15 11:41 - 2014-07-26 23:57 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-15 11:40 - 2014-07-17 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-15 11:40 - 2014-07-15 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-15 11:40 - 2014-07-15 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-15 11:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-07-15 11:40 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-07-15 11:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-07-15 11:05 - 2014-07-15 11:06 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Michael\Downloads\mbam-clean-2.1.1.1001.exe2014-07-15 08:46 - 2014-07-15 08:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-15 08:45 - 2014-07-15 08:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe2014-07-15 08:43 - 2014-07-27 01:35 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps2014-07-14 23:54 - 2014-07-14 23:54 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton 3602014-07-14 23:20 - 2014-07-14 23:53 - 00003206 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration2014-07-14 23:20 - 2014-07-14 23:53 - 00002350 _____ () C:\Users\Public\Desktop\Norton 360.lnk2014-07-14 23:20 - 2014-07-14 23:20 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS2014-07-14 23:20 - 2014-07-14 23:20 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT2014-07-14 23:20 - 2014-07-14 23:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared2014-07-14 23:18 - 2014-07-14 23:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602014-07-14 23:18 - 2014-07-14 23:53 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360x642014-07-14 23:18 - 2014-07-14 23:20 - 00000000 ____D () C:\ProgramData\Norton2014-07-14 23:18 - 2014-07-14 23:18 - 00000000 ____D () C:\Program Files (x86)\Norton 3602014-07-14 22:44 - 2014-07-14 22:44 - 00000000 ____D () C:\Users\Michael\Downloads\Norton (All versions) 20142014-07-12 16:51 - 2014-07-15 12:00 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\VOPackage2014-07-12 16:45 - 2014-07-27 01:06 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Win System2014-07-12 16:44 - 2014-07-23 21:22 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Security Systems2014-07-12 16:43 - 2014-07-12 16:44 - 23313752 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Desktop\FreeVideoCallRecorderForSkype.exe2014-07-12 16:43 - 2014-07-12 16:44 - 00288344 _____ ( ) C:\Users\Michael\Desktop\VOPackage.exe2014-07-11 00:04 - 2014-07-11 00:04 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe2014-07-11 00:04 - 2014-07-11 00:04 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-10 14:44 - 2014-07-11 16:08 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\baidu2014-07-10 14:44 - 2014-07-10 14:44 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\BaiduYunGuanjia2014-07-10 14:19 - 2014-07-10 14:23 - 39627458 _____ () C:\Users\Michael\Downloads\The_Book_of_Changes236.rar2014-07-10 14:18 - 2014-07-10 14:21 - 32019927 _____ () C:\Users\Michael\Downloads\others710.rar2014-07-10 09:13 - 2014-07-10 09:13 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Downloads\tdsskiller.exe2014-07-10 02:05 - 2014-07-17 13:26 - 00002655 _____ () C:\WINDOWS\setupact.log2014-07-10 02:05 - 2014-07-10 02:05 - 00000000 _____ () C:\WINDOWS\setuperr.log2014-07-10 02:04 - 2014-07-26 22:59 - 00043872 _____ () C:\WINDOWS\PFRO.log2014-07-10 02:02 - 2014-07-10 02:02 - 00000616 _____ () C:\Users\Michael\Desktop\JRT.txt2014-07-10 00:27 - 2014-07-10 00:27 - 04872677 _____ () C:\Users\Michael\Downloads\mbam-chameleon-3.1.4.0.zip2014-07-10 00:07 - 2014-07-10 00:07 - 00304620 _____ () C:\Users\Michael\Downloads\RefMan (RIS) Export.ens2014-07-09 20:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll2014-07-09 20:32 - 2014-07-10 01:58 - 00000000 ____D () C:\AdwCleaner2014-07-09 20:26 - 2014-07-09 20:26 - 01348263 _____ () C:\Users\Michael\Downloads\adwcleaner_3.215.exe2014-07-09 18:18 - 2014-07-09 18:18 - 00000000 ____D () C:\WINDOWS\ERUNT2014-07-09 18:17 - 2014-07-09 18:17 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe2014-07-08 15:50 - 2014-07-11 17:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-08 15:49 - 2014-07-11 17:15 - 00000000 ____D () C:\Users\Michael\Desktop\mbar2014-07-08 15:48 - 2014-07-08 15:48 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Michael\Downloads\mbar-1.07.0.1012.exe2014-07-07 10:12 - 2014-07-07 10:13 - 29183200 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-x64-V5.13.exe2014-07-07 10:10 - 2014-07-07 10:10 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds.scr2014-07-07 10:10 - 2014-07-07 10:10 - 00380416 _____ () C:\Users\Michael\Downloads\znpuyv3z.exe2014-07-07 10:10 - 2014-07-07 10:10 - 00050688 _____ (Atribune.org) C:\Users\Michael\Downloads\ATF-Cleaner.exe2014-07-04 15:26 - 2014-07-04 15:26 - 01530368 _____ () C:\Users\Michael\Downloads\PMPH Terms List (updated 2010-5-18) use CTRL+F to search.xls2014-07-04 15:26 - 2014-07-04 15:26 - 00980480 _____ () C:\Users\Michael\Downloads\WFAS Terms List .xls2014-07-04 15:26 - 2014-07-04 15:26 - 00980480 _____ () C:\Users\Michael\Downloads\WFAS Terms List (1).xls2014-07-03 18:39 - 2014-07-03 18:39 - 00001093 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-07-03 18:39 - 2014-07-03 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2014-07-03 17:48 - 2014-07-03 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft2014-07-03 17:48 - 2014-07-03 17:48 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft2014-07-03 17:46 - 2014-07-03 17:48 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft2014-07-02 17:18 - 2014-07-02 17:18 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{4751B92F-130E-4C36-8A72-C4BF431E1D31}2014-07-02 17:15 - 2014-07-02 17:15 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{12933184-2889-493C-BEDC-A6BF45316B23}2014-07-02 17:09 - 2014-07-02 17:19 - 00001024 _____ () C:\Get_Info4.DAT2014-07-02 17:09 - 2014-07-02 17:09 - 00000000 _____ () C:\WINDOWS\SysWOW64\Ifsmg04.sys2014-07-02 17:09 - 2014-07-02 17:09 - 00000000 _____ () C:\WINDOWS\Rapidl04.dll2014-07-02 17:07 - 2014-07-02 17:07 - 00286720 _____ (Indigo Rose Corporation) C:\WINDOWS\iun503.exe2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\UpdatusUser\Desktop\Encyclopaedia of TCM.lnk2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\Michael\Desktop\Encyclopaedia of TCM.lnk2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\fbwuser\Desktop\Encyclopaedia of TCM.lnk2014-07-02 17:07 - 2014-07-02 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\knowledge2014-07-02 17:07 - 2014-07-02 17:07 - 00000000 ____D () C:\Program Files (x86)\knowledge2014-07-02 17:07 - 2003-02-24 04:18 - 00061440 ____R () C:\WINDOWS\SysWOW64\shdocz04.dll2014-06-28 17:45 - 2014-06-28 17:45 - 00000000 ____D () C:\Users\Michael\AppData\Local\PunkBuster ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-27 02:29 - 2014-07-27 02:29 - 00000000 _____ () C:\Users\Michael\Desktop\FRST.txt2014-07-27 02:29 - 2014-07-27 02:05 - 00000000 ____D () C:\FRST2014-07-27 02:20 - 2014-07-27 02:06 - 00079658 _____ () C:\Users\Michael\Downloads\FRST.txt2014-07-27 02:15 - 2013-04-17 14:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\uTorrent2014-07-27 02:08 - 2014-07-27 02:07 - 00066691 _____ () C:\Users\Michael\Downloads\Addition.txt2014-07-27 02:03 - 2014-07-27 02:02 - 02093568 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe2014-07-27 01:50 - 2014-03-11 15:58 - 01075282 _____ () C:\WINDOWS\WindowsUpdate.log2014-07-27 01:50 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-07-27 01:50 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-07-27 01:48 - 2014-07-27 01:48 - 00000000 ____D () C:\WINDOWS\pss2014-07-27 01:48 - 2014-03-11 16:05 - 00000000 ____D () C:\Users\Michael2014-07-27 01:48 - 2013-04-15 22:34 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-07-27 01:43 - 2013-05-16 14:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-07-27 01:35 - 2014-07-15 08:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps2014-07-27 01:34 - 2013-04-15 22:34 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-07-27 01:17 - 2014-07-27 01:17 - 00070186 _____ () C:\Trojan.FakeMS.ED.txt2014-07-27 01:06 - 2014-07-12 16:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Win System2014-07-27 01:01 - 2014-03-11 16:54 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1A1867E5-09CF-4DB9-B144-73F8B0ABBEC4}2014-07-27 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-07-27 00:53 - 2013-04-16 15:01 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3264983995-1323812112-139882667-1002UA.job2014-07-26 23:57 - 2014-07-15 11:41 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-26 23:02 - 2013-06-26 15:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox2014-07-26 22:59 - 2014-07-10 02:04 - 00043872 _____ () C:\WINDOWS\PFRO.log2014-07-26 22:53 - 2013-04-16 15:01 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3264983995-1323812112-139882667-1002Core.job2014-07-26 22:49 - 2013-04-16 12:06 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype2014-07-26 13:35 - 2014-03-11 23:47 - 00000035 _____ () C:\WINDOWS\phonetic.ini2014-07-26 13:25 - 2014-07-26 13:13 - 307365764 _____ () C:\Users\Michael\Downloads\amike21_(Giorgio_Moroder)-2014-07-26.zip2014-07-26 13:19 - 2014-07-26 13:13 - 98924383 _____ () C:\Users\Michael\Downloads\amike13-2014-07-26.zip2014-07-26 13:13 - 2014-07-26 13:04 - 204814015 _____ () C:\Users\Michael\Downloads\amike20_(Seeing_Past_Disco)-2014-07-26.zip2014-07-26 13:11 - 2014-07-26 13:07 - 62472618 _____ () C:\Users\Michael\Downloads\amike18_(SDM_outtakes)-2014-07-26.zip2014-07-26 12:04 - 2013-04-17 18:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe2014-07-25 18:01 - 2013-04-18 11:49 - 00000000 ____D () C:\Program Files (x86)\HYDC30Client2014-07-25 17:48 - 2013-04-15 22:28 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3264983995-1323812112-139882667-10022014-07-25 15:27 - 2014-07-17 17:42 - 00001734 _____ () C:\WINDOWS\Sandboxie.ini2014-07-25 15:19 - 2013-08-23 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection2014-07-25 15:18 - 2013-04-17 14:02 - 00247296 ___SH () C:\Users\Michael\Desktop\Thumbs.db2014-07-25 14:56 - 2013-06-26 16:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-07-25 12:28 - 2014-07-25 12:28 - 00002589 _____ () C:\Users\Public\Desktop\Romaco Timeout.lnk2014-07-25 12:28 - 2014-07-25 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Romaco Canada2014-07-25 11:51 - 2014-07-25 11:51 - 00002613 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Romaco Timeout.lnk2014-07-25 08:22 - 2014-07-25 08:22 - 00000000 ____D () C:\Users\Michael\AppData\Local\Romaco_Canada2014-07-25 08:20 - 2014-07-25 08:20 - 00000000 ____D () C:\Program Files (x86)\Romaco Canada2014-07-25 08:18 - 2013-07-18 23:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\Downloaded Installations2014-07-25 08:16 - 2014-07-25 08:16 - 00929416 _____ (CNET Download.com) C:\Users\Michael\Downloads\cbsidlm-cbsi188-Romaco_Timeout-SEO-75325347.exe2014-07-24 17:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-07-24 11:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-07-23 21:22 - 2014-07-12 16:44 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Security Systems2014-07-22 19:14 - 2013-04-17 15:24 - 00466432 ___SH () C:\Users\Michael\Downloads\Thumbs.db2014-07-20 00:11 - 2014-07-20 00:11 - 00296288 _____ () C:\WINDOWS\Minidump\072014-2000578-01.dmp2014-07-20 00:11 - 2014-07-20 00:11 - 00000000 ____D () C:\WINDOWS\Minidump2014-07-19 05:02 - 2012-10-19 12:42 - 00000000 ___DC () C:\Sinology Texts2014-07-19 04:58 - 2014-07-19 04:58 - 02999166 _____ () C:\Users\Michael\Downloads\[中医大辞典].txt2014-07-19 03:41 - 2013-11-14 09:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-07-18 12:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Resources2014-07-17 20:43 - 2013-01-17 12:16 - 00000000 ____D () C:\Program Files (x86)\PowerDesk2014-07-17 20:41 - 2014-07-17 18:27 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk 9.0.1.10-PROPER2014-07-17 20:05 - 2014-07-17 17:51 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk Pro 8.5.7.302014-07-17 18:59 - 2014-07-15 11:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-17 18:35 - 2014-07-17 17:32 - 70974775 _____ () C:\Users\Michael\Downloads\PowerDesk-9.rar2014-07-17 18:18 - 2014-07-17 17:16 - 71328399 _____ () C:\Users\Michael\Downloads\PowerDesk 9 Final.exe2014-07-17 18:05 - 2014-07-17 18:05 - 00000000 ____D () C:\Users\Michael\B93251B592094DAB867CAA98D91584CD.TMP2014-07-17 17:45 - 2014-07-17 17:45 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall (2).exe2014-07-17 17:44 - 2014-07-17 17:44 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall (1).exe2014-07-17 17:44 - 2014-07-17 17:44 - 00000000 ___RD () C:\Sandbox2014-07-17 17:38 - 2014-07-17 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie2014-07-17 17:37 - 2014-07-17 17:42 - 00000919 _____ () C:\Users\Michael\Desktop\Sandboxed Web Browser.lnk2014-07-17 17:37 - 2014-07-17 17:37 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall.exe2014-07-17 17:37 - 2014-07-17 17:37 - 00000000 ____D () C:\Program Files\Sandboxie2014-07-17 17:33 - 2014-07-17 17:33 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Avanquest2014-07-17 17:33 - 2014-07-17 17:33 - 00000000 ____D () C:\Program Files (x86)\Avanquest2014-07-17 17:30 - 2014-07-17 17:28 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk Pro v7.0.1.32014-07-17 17:27 - 2014-07-17 17:27 - 00026267 _____ () C:\Users\Michael\Downloads\[kickassunblock.net]powerdesk.pro.7.torrent2014-07-17 17:27 - 2014-07-17 17:27 - 00013583 _____ () C:\Users\Michael\Downloads\[kickassunblock.net]a.powerdesk.pro.v7.0.1.3.with.keygen.torrent2014-07-17 17:27 - 2014-07-17 17:26 - 20964928 _____ (Copernic, a division of N. Harris Copernic Systems) C:\Users\Michael\Downloads\copernicdesktopsearch.exe2014-07-17 17:18 - 2014-07-17 17:06 - 00000000 ____D () C:\Program Files\avan2014-07-17 17:15 - 2014-07-17 17:08 - 00000813 _____ () C:\Users\Michael\Desktop\PDExploNXP.exe.lnk2014-07-17 17:05 - 2014-07-17 16:45 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk 9 Final2014-07-17 16:45 - 2014-07-17 16:43 - 00000000 ____D () C:\Users\Michael\Downloads\Best of Starvation Bundle2014-07-17 16:00 - 2014-07-17 15:52 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\qBittorrent2014-07-17 15:53 - 2013-04-18 01:25 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\BITS2014-07-17 15:52 - 2014-07-17 15:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\qBittorrent2014-07-17 15:51 - 2014-07-17 15:51 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent2014-07-17 15:51 - 2014-07-17 15:51 - 00000000 ____D () C:\Program Files (x86)\qBittorrent2014-07-17 15:47 - 2014-07-17 15:46 - 10509452 _____ (The qBittorrent project) C:\Users\Michael\Downloads\qbittorrent_3.1.9.2_setup.exe2014-07-17 15:39 - 2014-07-17 15:38 - 01859152 _____ (BitTorrent Inc.) C:\Users\Michael\Downloads\uTorrent (2).exe2014-07-17 13:27 - 2012-10-26 01:31 - 00000000 ___HD () C:\Program Files (x86)\Temp2014-07-17 13:26 - 2014-07-10 02:05 - 00002655 _____ () C:\WINDOWS\setupact.log2014-07-17 13:25 - 2014-07-17 13:25 - 00000000 ____D () C:\Program Files\Realtek2014-07-17 13:25 - 2014-03-11 15:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM2014-07-17 11:34 - 2014-07-17 11:24 - 333229760 _____ (Lenovo Group Limited ) C:\Users\Michael\Downloads\audio129w81.exe2014-07-17 11:24 - 2014-07-17 11:24 - 02024376 _____ (Easeware ) C:\Users\Michael\Downloads\Lenovo_Downloader_for_5_0pau05w8.exe2014-07-17 11:23 - 2014-07-17 11:23 - 02024376 _____ (Easeware ) C:\Users\Michael\Downloads\Lenovo_Downloader_for_0pau05w8.exe2014-07-17 10:43 - 2013-04-17 16:12 - 00000000 ____D () C:\Program Files (x86)\EndNote X42014-07-16 17:20 - 2014-03-13 21:28 - 00000000 ____D () C:\Users\Michael\AppData\Local\Deployment2014-07-16 15:54 - 2014-07-16 15:43 - 00000610 _____ () C:\Users\Michael\Desktop\002.part.met.bak2014-07-16 15:54 - 2014-07-16 15:43 - 00000610 _____ () C:\Users\Michael\Desktop\002.part.met2014-07-16 15:43 - 2014-07-16 15:43 - 00000000 _____ () C:\Users\Michael\Desktop\002.part2014-07-16 13:11 - 2014-07-16 13:11 - 00394227 _____ () C:\Users\Michael\Downloads\valussichapter.zip2014-07-15 21:40 - 2014-07-15 21:40 - 00146183 _____ () C:\Users\Michael\Downloads\YouTube-Unblocker-056.crx2014-07-15 12:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2014-07-15 12:27 - 2012-10-26 01:19 - 00000000 ____D () C:\ProgramData\Intel2014-07-15 12:27 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated2014-07-15 12:26 - 2014-07-15 12:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless2014-07-15 12:26 - 2014-07-15 12:26 - 00000000 ____D () C:\Program Files (x86)\Cisco2014-07-15 12:26 - 2012-10-26 01:32 - 00000000 ____D () C:\ProgramData\Intel.sav2014-07-15 12:26 - 2012-10-26 01:18 - 00000000 ____D () C:\Program Files\Common Files\Intel2014-07-15 12:26 - 2012-10-26 01:16 - 00000000 ____D () C:\Program Files (x86)\Intel2014-07-15 12:25 - 2014-07-15 12:25 - 00011420 _____ () C:\WINDOWS\DPINST.LOG2014-07-15 12:25 - 2014-07-15 12:25 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp2014-07-15 12:25 - 2014-03-11 15:57 - 00000000 ____D () C:\Program Files\Intel2014-07-15 12:23 - 2013-04-30 15:07 - 00000000 ____D () C:\ProgramData\Package Cache2014-07-15 12:22 - 2014-07-15 12:17 - 95240144 _____ (Intel® Corporation) C:\Users\Michael\Downloads\Wireless_16.11.0_e164.exe2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SystemRequirementsLab2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab2014-07-15 12:00 - 2014-07-12 16:51 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\VOPackage2014-07-15 11:40 - 2014-07-15 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-15 11:40 - 2014-07-15 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-15 11:14 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP2014-07-15 11:06 - 2014-07-15 11:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Michael\Downloads\mbam-clean-2.1.1.1001.exe2014-07-15 08:46 - 2014-07-15 08:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-07-15 08:46 - 2014-07-15 08:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe2014-07-14 23:54 - 2014-07-14 23:54 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton 3602014-07-14 23:53 - 2014-07-14 23:20 - 00003206 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration2014-07-14 23:53 - 2014-07-14 23:20 - 00002350 _____ () C:\Users\Public\Desktop\Norton 360.lnk2014-07-14 23:53 - 2014-07-14 23:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602014-07-14 23:53 - 2014-07-14 23:18 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360x642014-07-14 23:20 - 2014-07-14 23:20 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS2014-07-14 23:20 - 2014-07-14 23:20 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT2014-07-14 23:20 - 2014-07-14 23:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared2014-07-14 23:20 - 2014-07-14 23:18 - 00000000 ____D () C:\ProgramData\Norton2014-07-14 23:18 - 2014-07-14 23:18 - 00000000 ____D () C:\Program Files (x86)\Norton 3602014-07-14 22:44 - 2014-07-14 22:44 - 00000000 ____D () C:\Users\Michael\Downloads\Norton (All versions) 20142014-07-13 00:08 - 2013-04-19 15:29 - 00007607 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg2014-07-12 16:44 - 2014-07-12 16:43 - 23313752 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Desktop\FreeVideoCallRecorderForSkype.exe2014-07-12 16:44 - 2014-07-12 16:43 - 00288344 _____ ( ) C:\Users\Michael\Desktop\VOPackage.exe2014-07-11 17:15 - 2014-07-08 15:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-11 17:15 - 2014-07-08 15:49 - 00000000 ____D () C:\Users\Michael\Desktop\mbar2014-07-11 16:08 - 2014-07-10 14:44 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\baidu2014-07-11 04:38 - 2014-03-12 14:48 - 00000000 ____D () C:\Users\Michael\Downloads\Daemontools.Ultra2014-07-11 04:37 - 2014-03-12 15:23 - 00000000 ____D () C:\Users\Michael\Downloads\Alcohol 120% 2.0.2.58302014-07-11 04:37 - 2013-04-28 15:10 - 00000000 ____D () C:\Users\Michael\Downloads\DAEMON Tools Pro Advanced v5.2.0. 0348 Crack [mindcrasher]2014-07-11 00:04 - 2014-07-11 00:04 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe2014-07-11 00:04 - 2014-07-11 00:04 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-10 19:23 - 2013-04-30 11:36 - 00358616 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKE64.sys2014-07-10 19:23 - 2013-04-30 11:36 - 00288440 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportHades64.sys2014-07-10 14:44 - 2014-07-10 14:44 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\BaiduYunGuanjia2014-07-10 14:23 - 2014-07-10 14:19 - 39627458 _____ () C:\Users\Michael\Downloads\The_Book_of_Changes236.rar2014-07-10 14:21 - 2014-07-10 14:18 - 32019927 _____ () C:\Users\Michael\Downloads\others710.rar2014-07-10 09:13 - 2014-07-10 09:13 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Downloads\tdsskiller.exe2014-07-10 02:05 - 2014-07-10 02:05 - 00000000 _____ () C:\WINDOWS\setuperr.log2014-07-10 02:02 - 2014-07-10 02:02 - 00000616 _____ () C:\Users\Michael\Desktop\JRT.txt2014-07-10 01:58 - 2014-07-09 20:32 - 00000000 ____D () C:\AdwCleaner2014-07-10 00:27 - 2014-07-10 00:27 - 04872677 _____ () C:\Users\Michael\Downloads\mbam-chameleon-3.1.4.0.zip2014-07-10 00:07 - 2014-07-10 00:07 - 00304620 _____ () C:\Users\Michael\Downloads\RefMan (RIS) Export.ens2014-07-09 20:26 - 2014-07-09 20:26 - 01348263 _____ () C:\Users\Michael\Downloads\adwcleaner_3.215.exe2014-07-09 18:18 - 2014-07-09 18:18 - 00000000 ____D () C:\WINDOWS\ERUNT2014-07-09 18:17 - 2014-07-09 18:17 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe2014-07-09 18:13 - 2014-04-04 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-09 18:13 - 2014-04-04 21:12 - 00000000 ____D () C:\Program Files\CCleaner2014-07-09 10:29 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-07-08 19:43 - 2013-05-16 14:58 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater2014-07-08 15:48 - 2014-07-08 15:48 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Michael\Downloads\mbar-1.07.0.1012.exe2014-07-07 10:13 - 2014-07-07 10:12 - 29183200 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-x64-V5.13.exe2014-07-07 10:10 - 2014-07-07 10:10 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds.scr2014-07-07 10:10 - 2014-07-07 10:10 - 00380416 _____ () C:\Users\Michael\Downloads\znpuyv3z.exe2014-07-07 10:10 - 2014-07-07 10:10 - 00050688 _____ (Atribune.org) C:\Users\Michael\Downloads\ATF-Cleaner.exe2014-07-04 15:26 - 2014-07-04 15:26 - 01530368 _____ () C:\Users\Michael\Downloads\PMPH Terms List (updated 2010-5-18) use CTRL+F to search.xls2014-07-04 15:26 - 2014-07-04 15:26 - 00980480 _____ () C:\Users\Michael\Downloads\WFAS Terms List .xls2014-07-04 15:26 - 2014-07-04 15:26 - 00980480 _____ () C:\Users\Michael\Downloads\WFAS Terms List (1).xls2014-07-04 14:44 - 2013-05-06 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc2014-07-03 18:39 - 2014-07-03 18:39 - 00001093 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-07-03 18:39 - 2014-07-03 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2014-07-03 17:48 - 2014-07-03 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft2014-07-03 17:48 - 2014-07-03 17:48 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft2014-07-03 17:48 - 2014-07-03 17:46 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft2014-07-02 17:19 - 2014-07-02 17:09 - 00001024 _____ () C:\Get_Info4.DAT2014-07-02 17:18 - 2014-07-02 17:18 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{4751B92F-130E-4C36-8A72-C4BF431E1D31}2014-07-02 17:15 - 2014-07-02 17:15 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{12933184-2889-493C-BEDC-A6BF45316B23}2014-07-02 17:14 - 2014-03-11 23:42 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale2014-07-02 17:10 - 2013-04-15 22:22 - 00000000 ____D () C:\Users\Michael\AppData\Local\VirtualStore2014-07-02 17:09 - 2014-07-02 17:09 - 00000000 _____ () C:\WINDOWS\SysWOW64\Ifsmg04.sys2014-07-02 17:09 - 2014-07-02 17:09 - 00000000 _____ () C:\WINDOWS\Rapidl04.dll2014-07-02 17:07 - 2014-07-02 17:07 - 00286720 _____ (Indigo Rose Corporation) C:\WINDOWS\iun503.exe2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\UpdatusUser\Desktop\Encyclopaedia of TCM.lnk2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\Michael\Desktop\Encyclopaedia of TCM.lnk2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\fbwuser\Desktop\Encyclopaedia of TCM.lnk2014-07-02 17:07 - 2014-07-02 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\knowledge2014-07-02 17:07 - 2014-07-02 17:07 - 00000000 ____D () C:\Program Files (x86)\knowledge2014-07-02 17:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\System2014-06-28 17:45 - 2014-06-28 17:45 - 00000000 ____D () C:\Users\Michael\AppData\Local\PunkBuster Some content of TEMP:====================C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprqasen.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION! LastRegBack: 2014-07-26 23:14 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.