Jump to content

viruses/malware on laptop just acquired

mjjr

By mjjr
in Resolved Malware Removal Logs

 Share

Recommended Posts

mjjr

mjjr

Posted
Posted

hello,

I recently purchased a used Lenovo Y580 laptop where th previous owner did a restore of the win7 OS. I did find a few remnants of folders in the HD related to mac software and win based stuff on another partition. An trial ESET scan showed trojans/viruses in the OS.

 

Issues I presently have:

 

(1) malware,

 

(2) when the laptop boots up, a dual boot window displays very briefly ( about a 1/2sec or less).

For this display issue I went into the 'advance system settings' under Startup and Recovery and clicked on settings to uncheck 'Time to display operating systems' but it was checked and there was no other OS visible. A real nag to see this black blip show up on startup each time,

 

(3) Also I couldnt boot into safe mode at all using the F8 key for win 7.

 

 

Thank you, in advance

 

Attached files:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by hsh at 14:31:04 on 2013-12-18
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.2.2052.18.8094.5743 [GMT -8:00]
.
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyServer = hxxp=127.0.0.1:8555;https=127.0.0.1:8555
uProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
mWinlogon: Userinit = userinit.exe
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ConduitFloatingPlugin_dpajjaohbgbnjlccpoocjgbncmlnijmb] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\hsh\AppData\Local\Temp\CT3309760\plugins\TBVerifier.dll",RunConduitFloatingPlugin dpajjaohbgbnjlccpoocjgbncmlnijmb
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [EnergyUtility] C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
mRun: [EnergyCut] C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: ????? Bluetooth ??(&B)... - <no file>
IE: ????? Bluetooth ??(&B)... - <no file>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{605DEE69-01D8-415D-B34E-F779EF36DB36} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{605DEE69-01D8-415D-B34E-F779EF36DB36}\4554C4553503931373 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{605DEE69-01D8-415D-B34E-F779EF36DB36}\7556C6C6024556160225963686D6F6E646 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{9B9B7CC1-A4F6-46C5-8E93-2329B3BBDD17} : DHCPNameServer = 8.8.8.8
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [synLenovoGestureMgr] C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
x64-Run: [installerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hsh\AppData\Roaming\Mozilla\Firefox\Profiles\hah4ksrd.default\
FF - prefs.js: browser.search.selectedEngine - XXXTOOLBARNAMEXXX Search
FF - prefs.js: browser.startup.homepage - startpage.com
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.mysearchdial.hmpg - true

FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false


FF - user.js: extensions.mysearchdial.id - DC0EA1FA3AC20DF9
FF - user.js: extensions.mysearchdial.instlDay - 16056
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.013:52:44
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd1202
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 2001500293
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0F0AtA0A0CtBtD0D0FzytN0D0Tzu0SyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
FF - user.js: extensions.irmysearch.aflt - irmsd1202
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 2001500293
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0F0AtA0A0CtBtD0D0FzytN0D0Tzu0SyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-11-10 32544]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-12-17 44744]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-12-21 170640]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2010-12-21 50624]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-11-26 906024]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-11-26 555304]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-10 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-11-10 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-18 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-18 701512]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-10 15122208]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-11-10 363800]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-11-10 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-11-10 621096]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2013-11-10 89640]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-11-10 39976]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2013-11-10 173656]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-11-15 111216]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-18 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-10 39200]
R3 rtsuvc;Lenovo EasyCamera;C:\Windows\System32\drivers\rtsuvc.sys [2013-11-10 8208488]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-11-13 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-17 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-19 1255736]
.
=============== File Associations ===============
.
.txt: <filetype is not registered>
.
=============== Created Last 30 ================
.
2013-12-18 22:24:30    --------    d-----w-    C:\Users\hsh\AppData\Roaming\Malwarebytes
2013-12-18 22:24:24    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-18 22:24:23    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-18 22:24:23    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-18 22:11:15    --------    d-----w-    C:\ProgramData\Oracle
2013-12-18 22:10:48    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 22:02:03    --------    d-----w-    C:\Windows\SysWow64\NV
2013-12-18 22:02:03    --------    d-----w-    C:\Windows\System32\NV
2013-12-18 21:52:56    --------    d-----w-    C:\Users\hsh\AppData\Local\NVIDIA Corporation
2013-12-18 21:27:29    --------    d-----w-    C:\Users\hsh\AppData\Local\Macromedia
2013-12-18 21:21:45    --------    d-----w-    C:\Users\hsh\AppData\Local\Adobe
2013-12-18 17:46:44    --------    d-----w-    C:\Windows\pss
2013-12-18 16:46:55    --------    d-----w-    C:\Program Files\ESET
2013-12-18 16:45:19    --------    d-----w-    C:\Users\hsh\AppData\Roaming\EAST Technologies
2013-12-18 07:13:15    --------    d-----w-    C:\Users\hsh\AppData\Local\SwvUpdater
2013-12-18 07:09:30    --------    d-----w-    C:\Users\hsh\AppData\Roaming\HTML Executable
2013-12-18 07:05:28    --------    d-----w-    C:\Users\hsh\AppData\Roaming\ESET
2013-12-18 07:05:28    --------    d-----w-    C:\Users\hsh\AppData\Local\ESET
2013-12-18 06:54:39    250557    ----a-w-    C:\ProgramData\1387348882.bdinstall.bin
2013-12-18 05:48:57    445444    ----a-w-    C:\ProgramData\1387345493.bdinstall.bin
2013-12-18 05:48:10    --------    d-----w-    C:\ProgramData\BDLogging
2013-12-18 05:48:08    511328    ----a-w-    C:\Windows\capicom.dll
2013-12-18 05:45:08    --------    d-----w-    C:\Program Files\Bitdefender
2013-12-18 05:44:52    --------    d-----w-    C:\Users\hsh\AppData\Roaming\QuickScan
2013-12-18 05:44:51    --------    d-----w-    C:\Program Files\Common Files\Bitdefender
2013-12-18 05:35:45    --------    d-----w-    C:\Users\hsh\AppData\Local\assembly
2013-12-18 05:35:03    --------    d-----w-    C:\Users\hsh\AppData\Local\TechSmith
2013-12-18 05:27:21    --------    d-----w-    C:\Users\hsh\AppData\Local\VS Revo Group
2013-12-18 05:27:20    --------    d-----w-    C:\ProgramData\VS Revo Group
2013-12-18 05:25:08    --------    d-----w-    C:\Program Files\CCleaner
2013-12-18 05:12:39    --------    d-----r-    C:\Program Files (x86)\Skype
2013-12-18 03:36:59    --------    d-----w-    C:\ProgramData\QuickSet
2013-12-18 03:36:46    --------    d-----w-    C:\ProgramData\InstallMate
2013-12-18 02:16:25    231376    ------w-    C:\Windows\System32\drivers\truecrypt.sys
2013-12-18 02:16:11    --------    d-----w-    C:\Program Files\TrueCrypt
2013-12-17 23:44:00    --------    d-----w-    C:\Program Files (x86)\JDownloader
2013-12-17 23:41:48    --------    d-----w-    C:\ProgramData\Conduit
2013-12-17 23:41:42    --------    d-----w-    C:\Users\hsh\AppData\Local\NativeMessaging
2013-12-17 23:41:42    --------    d-----w-    C:\Users\hsh\AppData\Local\Conduit
2013-12-17 23:41:41    --------    d-----w-    C:\Users\hsh\AppData\Local\CRE
2013-12-17 23:41:40    --------    d-----w-    C:\Program Files (x86)\Conduit
2013-12-17 22:05:16    --------    d-----w-    C:\Users\hsh\AppData\Local\Mobogenie
2013-12-17 22:05:16    --------    d-----w-    C:\Users\hsh\AppData\Local\cache
2013-12-17 22:04:41    --------    d-----w-    C:\Program Files (x86)\Mobogenie
2013-12-17 21:28:08    --------    d-----w-    C:\Program Files\VideoLAN
2013-12-17 20:58:47    --------    d-----w-    C:\ProgramData\Hotspot Shield
2013-12-17 20:58:22    44744    ----a-w-    C:\Windows\System32\drivers\hssdrv6.sys
2013-12-17 20:58:21    --------    d-----w-    C:\Program Files (x86)\Hotspot Shield
2013-12-17 20:58:19    --------    d-----w-    C:\Users\hsh\AppData\Roaming\Hotspot Shield
2013-12-17 20:45:07    --------    d-----w-    C:\Users\hsh\AppData\Roaming\XnView
2013-12-17 20:44:31    --------    d-----w-    C:\Users\hsh\AppData\Local\ElevatedDiagnostics
2013-12-17 20:36:52    --------    d-----w-    C:\Program Files (x86)\Lenovo
2013-12-17 20:33:11    --------    d-----w-    C:\Program Files (x86)\Common Files\PDF Architect
2013-12-17 20:33:10    --------    d-----w-    C:\Users\hsh\AppData\Roaming\PDF Architect
2013-12-17 20:23:43    --------    d-----w-    C:\Program Files (x86)\XnView
2013-12-17 19:54:35    --------    d-----w-    C:\Users\hsh\AppData\Local\Diagnostics
2013-12-17 17:42:12    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{39AF9D78-D1A4-4270-8C14-404EF8106A1B}\mpengine.dll
2013-12-17 17:38:35    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-17 17:38:35    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-17 17:38:35    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-17 17:38:34    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-16 00:29:38    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-12-01 06:27:51    98816    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-12-01 06:20:18    --------    d-----w-    C:\Users\hsh\AppData\Local\NVIDIA
2013-11-20 18:31:16    2560    ----a-w-    C:\Windows\System32\drivers\zh-TW\wdf01000.sys.mui
2013-11-20 18:31:16    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-11-20 04:00:02    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-20 04:00:02    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-11-20 03:46:16    --------    d-----w-    C:\Windows\SysWow64\zh-CHT
2013-11-20 03:46:12    --------    d-----w-    C:\Windows\zh-TW
2013-11-20 03:46:12    --------    d-----w-    C:\Windows\SysWow64\wbem\zh-TW
2013-11-20 03:46:12    --------    d-----w-    C:\Windows\SysWow64\wbem\zh-HK
2013-11-20 03:46:12    --------    d-----w-    C:\Windows\SysWow64\drivers\zh-TW
2013-11-20 03:46:12    --------    d-----w-    C:\Windows\System32\zh-CHT
2013-11-20 03:46:10    --------    d-----w-    C:\Windows\System32\drivers\zh-TW
2013-11-20 03:46:10    --------    d-----w-    C:\Windows\System32\drivers\zh-HK
2013-11-20 03:46:10    --------    d-----w-    C:\Windows\System32\drivers\UMDF\zh-TW
2013-11-20 03:46:07    --------    d-----w-    C:\Windows\System32\wbem\zh-TW
2013-11-20 03:46:07    --------    d-----w-    C:\Windows\System32\wbem\zh-HK
2013-11-20 03:39:03    5120    ----a-w-    C:\Windows\System32\drivers\zh-TW\tunnel.sys.mui
2013-11-20 03:39:03    3072    ----a-w-    C:\Windows\System32\drivers\zh-TW\tsusbhub.sys.mui
2013-11-20 03:39:03    3072    ----a-w-    C:\Windows\System32\drivers\zh-TW\tsusbflt.sys.mui
2013-11-20 03:39:03    23552    ----a-w-    C:\Windows\System32\drivers\zh-TW\usbport.sys.mui
2013-11-20 03:39:03    11776    ----a-w-    C:\Windows\System32\drivers\zh-TW\usbhub.sys.mui
2013-11-20 03:39:01    4608    ----a-w-    C:\Windows\System32\drivers\zh-TW\rdvgkmd.sys.mui
2013-11-20 03:39:01    2560    ----a-w-    C:\Windows\System32\drivers\zh-TW\rdpwd.sys.mui
2013-11-20 03:37:05    --------    d-----w-    C:\Windows\System32\MRT
2013-11-20 03:33:08    6144    ----a-w-    C:\Windows\System32\drivers\en-US\rdvgkmd.sys.mui
2013-11-20 03:33:08    6144    ----a-w-    C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2013-11-20 03:33:08    4608    ----a-w-    C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2013-11-20 03:33:08    2560    ----a-w-    C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2013-11-20 03:33:08    2560    ----a-w-    C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
2013-11-20 03:33:07    7680    ----a-w-    C:\Windows\System32\drivers\en-US\tunnel.sys.mui
2013-11-20 03:33:07    4096    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbhub.sys.mui
2013-11-20 03:33:07    3072    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-11-20 03:33:07    24576    ----a-w-    C:\Windows\System32\drivers\en-US\usbport.sys.mui
2013-11-20 03:33:06    7168    ----a-w-    C:\Windows\System32\drivers\en-US\battc.sys.mui
2013-11-20 02:52:57    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-11-20 02:52:57    --------    d-----w-    C:\Windows\System32\Wat
2013-11-20 02:23:54    2560    ----a-w-    C:\Windows\System32\drivers\zh-CN\wdf01000.sys.mui
2013-11-20 01:48:30    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-11-20 01:48:30    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-11-20 01:48:30    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-11-20 01:48:30    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-11-20 01:48:29    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-11-20 01:48:29    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-11-20 01:48:29    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-11-20 01:35:52    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-11-20 01:35:52    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-11-20 01:35:52    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-11-20 01:32:15    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-11-20 01:32:04    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-11-20 01:32:04    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-11-20 01:32:03    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-11-20 01:32:03    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-11-20 01:32:03    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-11-20 01:32:03    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-11-20 01:32:03    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
.
==================== Find3M  ====================
.
2013-12-18 21:23:38    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-18 21:23:38    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-20 02:13:32    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-19 11:33:38    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-13 10:51:44    42184    ------w-    C:\Windows\System32\drivers\taphss6.sys
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-11-10 09:03:55    159032    ----a-w-    C:\Windows\System32\atl90.dll
2013-11-10 09:03:35    655872    ----a-w-    C:\Windows\System32\msvcr90.dll
2013-11-10 09:03:35    568832    ----a-w-    C:\Windows\System32\msvcp90.dll
2013-11-10 09:03:35    503808    ----a-w-    C:\Windows\SysWow64\msvcp71.dll
2013-11-10 09:03:35    348160    ----a-w-    C:\Windows\SysWow64\msvcr71.dll
2013-11-07 03:15:26    80328    ----a-w-    C:\Windows\xinstaller.dll
2013-11-07 03:15:26    35272    ----a-w-    C:\Windows\xinstaller.exe
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-23 08:20:08    6669600    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07    3489568    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05    67072    ----a-w-    C:\Windows\System32\nv3dappshextr.dll
2013-10-23 08:20:05    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05    597280    ----a-w-    C:\Windows\SysWow64\oemdspif.dll
2013-10-23 08:20:05    2559776    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-10-23 08:20:05    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:05    1064224    ----a-w-    C:\Windows\System32\nv3dappshext.dll
2013-10-23 08:20:03    3426956    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-18 19:18:56    25272    ----a-w-    C:\Windows\SysWow64\drivers\ComputerZ.sys
2013-10-18 19:18:48    26304    ----a-w-    C:\Windows\SysWow64\drivers\ComputerZ_x64.sys
2013-10-18 01:36:05    1063200    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-10-18 01:36:04    955168    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-10-12 02:32:04    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-12 02:04:36    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-12 01:33:39    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-12 01:33:26    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-10-12 01:15:48    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 02:16:30    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-09-27 23:01:44    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-09-27 23:01:38    29984    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-09-27 23:01:38    28960    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
.
============= FINISH: 14:31:26.23 ===============
 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2013 12:28:38 AM
System Uptime: 12/18/2013 2:18:41 PM (0 hours ago)
.
Motherboard: LENOVO |  | Product Name
Processor: Intel® Core i7-3610QM CPU @ 2.30GHz | U3E1 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 58.9 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 629 GiB total, 622.651 GiB free.
F: is FIXED (NTFS) - 205 GiB total, 204.952 GiB free.
G: is FIXED (NTFS) - 0 GiB total, 0.062 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\VPC2004\0
Manufacturer:
Name:
PNP Device ID: ACPI\VPC2004\0
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: lsnfd
Device ID: ROOT\LEGACY_LSNFD\0000
Manufacturer:
Name: lsnfd
PNP Device ID: ROOT\LEGACY_LSNFD\0000
Service: lsnfd
.
==== System Restore Points ===================
.
RP35: 12/17/2013 11:33:58 PM - Installed EnergyCut
RP36: 12/18/2013 8:46:27 AM - Installed ESET Smart Security
RP38: 12/18/2013 12:41:10 PM - Revo Uninstaller Pro's restore point - Macrium Reflect Professional Edition
RP39: 12/18/2013 12:44:08 PM - Removed Macrium Reflect Professional Edition
RP41: 12/18/2013 1:07:42 PM - Revo Uninstaller Pro's restore point - BatteryBar (remove only)
RP43: 12/18/2013 1:09:15 PM - Revo Uninstaller Pro's restore point - EditPad Pro 7 v.7.2.3
RP45: 12/18/2013 1:10:18 PM - Revo Uninstaller Pro's restore point - Snagit 11
RP47: 12/18/2013 1:11:51 PM - Revo Uninstaller Pro's restore point - Snagit 11
RP49: 12/18/2013 1:13:44 PM - Revo Uninstaller Pro's restore point - WinRAR 5.01 (64-bit)
RP51: 12/18/2013 1:14:41 PM - Revo Uninstaller Pro's restore point - East-Tec Eraser 2012 Version 10.0
RP53: 12/18/2013 1:15:29 PM - Revo Uninstaller Pro's restore point - PDFCreator
RP54: 12/18/2013 1:27:00 PM - Installed NVIDIA PhysX
RP57: 12/18/2013 2:10:26 PM - Installed Java 7 Update 45
RP59: 12/18/2013 2:17:31 PM - Revo Uninstaller Pro's restore point - Revo Uninstaller Pro 3.0.8
.
==== Installed Programs ======================
.
???® PROSet/?? WiFi ??
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
CCleaner
EnergyCut
ESET Smart Security
GeForce Experience NvStream Client Components
Google Chrome
Google Update Helper
Hotspot Shield 3.20
Intel® Control Center
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
Intel® Rapid Storage Technology
Intel® Trusted Connect Service Client
Java 7 Update 45
Java Auto Updater
JDownloader 0.9
JMicron Flash Media Controller Driver
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo EasyCamera
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile ???????
Microsoft .NET Framework 4 Client Profile CHS Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended ???????
Microsoft .NET Framework 4 Extended CHS Language Pack
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Control Panel 331.65
NVIDIA GeForce Experience 1.7
NVIDIA Graphics Driver 331.65
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Optimus 9.3.16
NVIDIA PhysX
NVIDIA ShadowPlay 9.3.16
NVIDIA Update 9.3.16
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.9
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
SHIELD Streaming
Skype Click to Call
Skype™ 6.11
Software Version Updater
Synaptics Pointing Device Driver
TrueCrypt
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VLC media player 2.1.2
XnView 2.12
.
==== Event Viewer Messages From Past Week ========
.
12/18/2013 9:56:12 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
12/18/2013 9:56:11 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/18/2013 9:56:11 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/18/2013 9:56:07 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/18/2013 9:56:07 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/18/2013 9:56:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/18/2013 9:55:51 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/18/2013 9:55:47 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache ehdrv HssDRV6 lsnfd NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt vwififlt Wanarpv6 WfpLwf
12/18/2013 9:55:44 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/18/2013 9:55:44 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12/18/2013 9:55:44 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
12/18/2013 9:55:44 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12/18/2013 9:55:44 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12/18/2013 9:55:44 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
12/18/2013 9:55:44 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/18/2013 9:55:44 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12/18/2013 9:55:44 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
12/18/2013 9:55:44 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12/18/2013 9:49:44 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
12/18/2013 2:20:32 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/18/2013 2:19:49 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  lsnfd
12/17/2013 11:08:32 PM, Error: Service Control Manager [7030]  - The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
12/17/2013 10:41:06 PM, Error: Service Control Manager [7031]  - The Update BrowseSmart service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/17/2013 10:41:00 PM, Error: Service Control Manager [7031]  - The Util BrowseSmart service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/17/2013 10:13:18 PM, Error: Service Control Manager [7023]  - The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error:  %%-2147196306
12/17/2013 10:02:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
12/17/2013 10:02:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SafeBox service.
.
==== End Of File ===========================
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Is the proxy server known to you and trusted?

 

uProxyServer = hxxp=127.0.0.1:8555;https=127.0.0.1:8555
uProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Let me see those logs..

Link to post
Share on other sites
mjjr

mjjr

Posted
  • Author
Posted

I do not recognize that proxy server. I connect straight thru our router connected to our home modem.

 

Ive done the first task of Download AdwCleaner by Xplode from here: http://www.bleepingc...oad/adwcleaner/ and saved to your Desktop.

did the scan and cleaning.

 

here is the logfile report: After reboot, I couldnt connect to the internet - firefox - proxy server refusing connections.

So I had to save the logfile onto a flash drive and upload ia my mac.

 

------

 

# AdwCleaner v3.015 - Report created 18/12/2013 at 16:38:39
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : hsh - MJJRS
# Running from : C:\Users\hsh\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : hshld
[x] Not Deleted : hsstrayservice
[x] Not Deleted : hsswd

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Users\hsh\AppData\Local\Conduit
Folder Deleted : C:\Users\hsh\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\hsh\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\hsh\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\hsh\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\hsh\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\hsh\AppData\Roaming\hotspot shield
File Deleted : C:\END
File Deleted : C:\Users\hsh\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
File Deleted : C:\Users\hsh\AppData\Roaming\Mozilla\Firefox\Profiles\hah4ksrd.default\user.js
File Deleted : C:\Users\hsh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309760
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_dpajjaohbgbnjlccpoocjgbncmlnijmb]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\hotspotshield
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\hsh\AppData\Roaming\Mozilla\Firefox\Profiles\hah4ksrd.default\prefs.js ]

Line Deleted : user_pref("CT3309760_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387324637094,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "XXXTOOLBARNAMEXXX Search");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3309760");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Oople Customized Web Search");
Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd1202");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0F0AtA0A0CtBtD0D0FzytN0D0Tzu0SyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "2001500293");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "0C449D8F0468AC44541462DF8B1325C8");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial.id", "DC0EA1FA3AC20DF9");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16056");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");

Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.013:52:44");

Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");

Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.013:52:44");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.machineId", "G42GGCO+LPJHC16Y77Y7X2/7GSXHFZUNVR6TRBIRKBHDNZJAMSRNGA2Y29RN7T5GPE7DCQOWFCOCZTLB6ZPY5G");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\hsh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9954 octets] - [18/12/2013 16:33:44]
AdwCleaner[s0].txt - [9506 octets] - [18/12/2013 16:38:39]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9566 octets] ##########
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Clear any proxies from your browser settings and see if you can connect....

 

the following are the most common used.

 

Internet Explorer:

Tools Menu -> Internet Options  -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

Firefox:

Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

 

Chrome:

Select -> Tools menu ->  then "Options", then  go to "Change Proxy Settings", then "LAN Settings" , then  take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

 

Safari


Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

Link to post
Share on other sites
mjjr

mjjr

Posted
  • Author
Posted

TY, proxies corrected.

btw, where's the attach link to add the "Addition.txt"?

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-12-2013 05
Ran by hsh (administrator) on MJJRS on 18-12-2013 17:53:22
Running from C:\Users\hsh\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: 0804
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\JDownloader\jre\bin\javaw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-16] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [synLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-16] (Synaptics)
HKLM\...\Run: [installerLauncher] - "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [2918656 2011-01-12] (ESET)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [EnergyCut] - C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://cn.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x931462D9F1DDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-cn
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0F0AtA0A0CtBtD0D0FzytN0D0Tzu0SyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2001500293&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0F0AtA0A0CtBtD0D0FzytN0D0Tzu0SyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2001500293&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0F0AtA0A0CtBtD0D0FzytN0D0Tzu0SyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2001500293&ir=
SearchScopes: HKCU - {EFC5FB5C-3179-4C7A-9EF1-CB09C3FF1D87} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309760&CUI=UN28176857679794237&UM=2
BHO: No Name - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -  No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\hsh\AppData\Roaming\Mozilla\Firefox\Profiles\hah4ksrd.default
FF DefaultSearchEngine: Startpage (SSL)
FF SelectedSearchEngine: XXXTOOLBARNAMEXXX Search
FF Homepage: startpage.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\hsh\AppData\Roaming\Mozilla\Firefox\Profiles\hah4ksrd.default\searchplugins\startpage-ssl.xml
FF Extension: BaJa AdBlocker - C:\Users\hsh\AppData\Roaming\Mozilla\Firefox\Profiles\hah4ksrd.default\Extensions\arief.suharsono@gmail.com.xpi
FF Extension: anonymoX - C:\Users\hsh\AppData\Roaming\Mozilla\Firefox\Profiles\hah4ksrd.default\Extensions\client@anonymox.net.xpi
FF Extension: Download Status Bar - C:\Users\hsh\AppData\Roaming\Mozilla\Firefox\Profiles\hah4ksrd.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi
FF Extension: FirefoxAdKiller - C:\Users\hsh\AppData\Roaming\Mozilla\Firefox\Profiles\hah4ksrd.default\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
FF Extension: Adblock Plus - C:\Users\hsh\AppData\Roaming\Mozilla\Firefox\Profiles\hah4ksrd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Download Statusbar - C:\Users\hsh\AppData\Roaming\Mozilla\Firefox\Profiles\hah4ksrd.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======


        ],
        "startup_urls": [

CHR HKLM-x32\...\Chrome\Extension: [dpajjaohbgbnjlccpoocjgbncmlnijmb] - C:\Users\hsh\AppData\Local\CRE\dpajjaohbgbnjlccpoocjgbncmlnijmb.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1086752 2011-12-22] (Broadcom Corporation.)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2011-01-12] (ESET)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [x]
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [x]

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-12-23] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-12-23] (Broadcom Corporation.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2013-11-13] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-11-13] (Anchorfree Inc.)
S3 ComputerZ_x64; \??\E:\Ludashi\ComputerZ_x64.sys [x]
S1 lsnfd; system32\drivers\lsnfd.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-18 17:53 - 2013-12-18 17:53 - 00014962 _____ C:\Users\hsh\Desktop\FRST.txt
2013-12-18 17:53 - 2013-12-18 17:53 - 00000000 ____D C:\FRST
2013-12-18 17:52 - 2013-12-18 17:51 - 02192805 _____ (Farbar) C:\Users\hsh\Desktop\FRST64.exe
2013-12-18 17:51 - 2013-12-18 17:51 - 02192805 _____ (Farbar) C:\Users\hsh\Downloads\FRST64.exe
2013-12-18 16:33 - 2013-12-18 16:38 - 00000000 ____D C:\AdwCleaner
2013-12-18 16:31 - 2013-12-18 16:32 - 01226750 _____ C:\Users\hsh\Desktop\AdwCleaner.exe
2013-12-18 16:26 - 2013-12-18 16:40 - 00000336 _____ C:\Windows\setupact.log
2013-12-18 16:26 - 2013-12-18 16:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-18 14:31 - 2013-12-18 14:31 - 00032901 _____ C:\Users\hsh\Desktop\dds.txt
2013-12-18 14:31 - 2013-12-18 14:31 - 00012171 _____ C:\Users\hsh\Desktop\attach.txt
2013-12-18 14:24 - 2013-12-18 14:24 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-18 14:24 - 2013-12-18 14:24 - 00000000 ____D C:\Users\hsh\AppData\Roaming\Malwarebytes
2013-12-18 14:24 - 2013-12-18 14:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-18 14:24 - 2013-12-18 14:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-18 14:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-18 14:11 - 2013-12-18 14:11 - 00000000 ____D C:\ProgramData\Sun
2013-12-18 14:11 - 2013-12-18 14:11 - 00000000 ____D C:\ProgramData\Oracle
2013-12-18 14:10 - 2013-12-18 14:10 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-18 14:10 - 2013-12-18 14:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-18 14:10 - 2013-12-18 14:10 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-18 14:10 - 2013-12-18 14:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-18 14:10 - 2013-12-18 14:10 - 00000000 ____D C:\ProgramData\McAfee
2013-12-18 14:10 - 2013-12-18 14:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-18 14:09 - 2013-12-18 14:09 - 00915368 _____ (Oracle Corporation) C:\Users\hsh\Downloads\jxpiinstall.exe
2013-12-18 14:02 - 2013-12-18 14:02 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-12-18 14:02 - 2013-12-18 14:02 - 00000000 ____D C:\Windows\system32\NV
2013-12-18 13:53 - 2013-12-18 14:02 - 00001353 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-12-18 13:52 - 2013-12-18 13:52 - 00000000 ____D C:\Users\hsh\AppData\Local\NVIDIA Corporation
2013-12-18 13:39 - 2013-12-18 13:44 - 259454424 _____ (NVIDIA Corporation) C:\Users\hsh\Downloads\331.65-notebook-win8-win7-64bit-international-whql.exe
2013-12-18 13:32 - 2013-12-18 13:32 - 00688992 ____R (Swearware) C:\Users\hsh\Desktop\dds.scr
2013-12-18 13:32 - 2013-12-18 13:32 - 00688992 _____ (Swearware) C:\Users\hsh\Desktop\dds.com
2013-12-18 13:27 - 2013-12-18 13:27 - 00000000 ____D C:\Users\hsh\AppData\Local\Macromedia
2013-12-18 13:27 - 2013-12-18 13:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-18 13:25 - 2013-12-18 13:26 - 27923456 _____ C:\Users\hsh\Downloads\PhysX-9.13.0725-SystemSoftware.msi
2013-12-18 13:21 - 2013-12-18 13:24 - 00000000 ____D C:\Users\hsh\AppData\Local\Adobe
2013-12-18 12:22 - 2013-12-18 12:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\hsh\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-18 09:46 - 2013-12-18 09:56 - 00000000 ____D C:\Windows\pss
2013-12-18 08:46 - 2013-12-18 08:46 - 00000000 ____D C:\ProgramData\ESET
2013-12-18 08:46 - 2013-12-18 08:46 - 00000000 ____D C:\Program Files\ESET
2013-12-18 08:45 - 2013-12-18 13:15 - 00000000 ____D C:\Users\hsh\AppData\Roaming\EAST Technologies
2013-12-17 23:31 - 2013-12-17 23:31 - 00003118 _____ C:\Windows\System32\Tasks\{469FF7F0-E459-4D74-8370-0E052255AA5C}
2013-12-17 23:09 - 2013-12-17 23:09 - 00000000 ____D C:\Users\hsh\AppData\Roaming\HTML Executable
2013-12-17 23:05 - 2013-12-17 23:38 - 00000000 ____D C:\Users\hsh\AppData\Local\ESET
2013-12-17 23:05 - 2013-12-17 23:05 - 00000000 ____D C:\Users\hsh\AppData\Roaming\ESET
2013-12-17 22:54 - 2013-12-17 22:54 - 00250557 _____ C:\ProgramData\1387348882.bdinstall.bin
2013-12-17 22:21 - 2013-12-17 22:21 - 01298328 _____ C:\Users\hsh\Downloads\BatteryBarSetup-3.6.2.exe
2013-12-17 22:01 - 2013-12-17 22:01 - 00000385 _____ C:\Users\hsh\AppData\Roaminguser_gensett.xml
2013-12-17 21:48 - 2013-12-17 21:48 - 00445444 _____ C:\ProgramData\1387345493.bdinstall.bin
2013-12-17 21:48 - 2013-12-17 21:48 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2013-12-17 21:48 - 2013-12-17 21:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-12-17 21:48 - 2013-12-17 21:48 - 00000000 ____D C:\ProgramData\BDLogging
2013-12-17 21:48 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2013-12-17 21:45 - 2013-12-17 22:56 - 00000000 ____D C:\Program Files\Bitdefender
2013-12-17 21:44 - 2013-12-17 22:54 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ____D C:\Users\hsh\AppData\Roaming\QuickScan
2013-12-17 21:35 - 2013-12-18 14:18 - 00000000 ____D C:\Program Files (x86)\TechSmith
2013-12-17 21:35 - 2013-12-17 21:35 - 00000000 ____D C:\Users\hsh\Documents\Snagit
2013-12-17 21:35 - 2013-12-17 21:35 - 00000000 ____D C:\Users\hsh\AppData\Local\TechSmith
2013-12-17 21:27 - 2013-12-17 21:27 - 00000000 ____D C:\Users\hsh\AppData\Local\VS Revo Group
2013-12-17 21:27 - 2013-12-17 21:27 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-12-17 21:25 - 2013-12-17 21:25 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-17 21:25 - 2013-12-17 21:25 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-17 21:25 - 2013-12-17 21:25 - 00000000 ____D C:\Program Files\CCleaner
2013-12-17 21:17 - 2013-12-17 21:17 - 00000000 ____D C:\Users\hsh\Downloads\hjsplit
2013-12-17 21:16 - 2013-12-17 21:16 - 00194885 _____ C:\Users\hsh\Downloads\hjsplit.zip
2013-12-17 21:12 - 2013-12-17 21:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-17 21:12 - 2013-12-17 21:14 - 00000000 ____D C:\ProgramData\Skype
2013-12-17 21:12 - 2013-12-17 21:12 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Users\hsh\AppData\Roaming\Skype
2013-12-17 21:09 - 2013-12-17 21:11 - 04618136 _____ (Piriform Ltd) C:\Users\hsh\Downloads\ccsetup408.exe
2013-12-17 19:36 - 2013-12-17 19:38 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-17 18:16 - 2013-12-17 18:16 - 00231376 ____N (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-12-17 18:16 - 2013-12-17 18:16 - 00000881 _____ C:\Users\Public\Desktop\CT.lnk
2013-12-17 18:16 - 2013-12-17 18:16 - 00000000 ____D C:\Program Files\TrueCrypt
2013-12-17 15:44 - 2013-12-18 16:44 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-12-17 15:44 - 2013-12-17 15:44 - 00002043 _____ C:\Users\hsh\Desktop\JDownloader.lnk
2013-12-17 15:41 - 2013-12-17 15:41 - 00000000 ____D C:\Users\hsh\AppData\Local\CRE
2013-12-17 14:05 - 2013-12-17 14:05 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-17 14:05 - 2013-12-17 14:05 - 00000000 ____D C:\Users\wangzhisong
2013-12-17 14:05 - 2013-12-17 14:05 - 00000000 ____D C:\Users\hsh\AppData\Local\Mobogenie
2013-12-17 14:05 - 2013-12-17 14:05 - 00000000 ____D C:\Users\hsh\AppData\Local\cache
2013-12-17 14:05 - 2013-12-17 14:05 - 00000000 _____ C:\Users\hsh\daemonprocess.txt
2013-12-17 14:04 - 2013-12-17 15:53 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-17 13:28 - 2013-12-17 13:28 - 00000877 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-17 13:28 - 2013-12-17 13:28 - 00000000 ____D C:\Users\hsh\AppData\Roaming\vlc
2013-12-17 13:28 - 2013-12-17 13:28 - 00000000 ____D C:\Program Files\VideoLAN
2013-12-17 13:11 - 2013-12-17 17:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 13:11 - 2013-12-17 13:11 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-17 13:11 - 2013-12-17 13:11 - 00000000 ____D C:\Users\hsh\AppData\Roaming\Mozilla
2013-12-17 13:11 - 2013-12-17 13:11 - 00000000 ____D C:\Users\hsh\AppData\Local\Mozilla
2013-12-17 13:11 - 2013-12-17 13:11 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-17 13:11 - 2013-12-17 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-17 12:58 - 2013-12-18 16:38 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-12-17 12:58 - 2013-12-17 12:58 - 00000000 ____D C:\ProgramData\Hotspot Shield
2013-12-17 12:58 - 2013-11-13 02:49 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2013-12-17 12:45 - 2013-12-17 12:45 - 00000000 ____D C:\Users\hsh\AppData\Roaming\XnView
2013-12-17 12:36 - 2013-12-17 12:36 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-12-17 12:35 - 2013-12-17 12:35 - 03429528 _____ (Lenovo Group                                                ) C:\Users\hsh\Downloads\l1egc02us24.exe
2013-12-17 12:33 - 2013-12-17 12:33 - 00000000 ____D C:\Users\hsh\AppData\Roaming\PDF Architect
2013-12-17 12:23 - 2013-12-17 12:23 - 00001795 _____ C:\Users\hsh\Desktop\XnView.lnk
2013-12-17 12:23 - 2013-12-17 12:23 - 00000000 ____D C:\Program Files (x86)\XnView
2013-12-17 12:14 - 2013-12-17 12:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-17 09:38 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-17 09:38 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-17 09:38 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-17 09:38 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-17 09:37 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-17 09:37 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-17 09:37 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-17 09:37 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-17 09:37 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-17 09:37 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-17 09:37 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-17 09:37 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-17 09:37 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-17 09:37 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-17 09:37 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-17 09:37 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-17 09:37 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-17 09:37 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-17 09:37 - 2013-11-26 00:57 - 00218624 ____N (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-17 09:37 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-17 09:37 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-17 09:37 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-17 09:37 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-17 09:37 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-17 09:37 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-17 09:37 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-17 09:37 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-17 09:37 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-17 09:37 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-17 09:37 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-17 09:37 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-17 09:37 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-17 09:37 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-17 09:37 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-17 09:37 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-15 16:29 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-15 16:29 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-15 16:29 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-15 16:29 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-15 16:29 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-15 16:29 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-15 16:29 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-15 16:29 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-15 16:29 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-15 16:29 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-15 16:29 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-15 16:29 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-15 16:29 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-15 16:29 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-15 16:29 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-15 16:29 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-15 16:29 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-15 16:29 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-15 16:29 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-11-30 22:27 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-11-30 22:27 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-11-30 22:27 - 2012-07-06 12:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2013-11-30 22:27 - 2011-04-27 19:54 - 00080384 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2013-11-30 22:27 - 2011-03-24 19:29 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-30 22:27 - 2011-03-24 19:29 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-30 22:27 - 2011-03-24 19:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-30 22:27 - 2011-03-24 19:29 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-30 22:27 - 2011-03-24 19:29 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-30 22:27 - 2011-03-24 19:29 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-30 22:27 - 2011-03-24 19:28 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-30 22:27 - 2011-03-10 22:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2013-11-30 22:27 - 2011-03-10 22:41 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-11-30 22:27 - 2011-03-10 22:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2013-11-30 22:27 - 2011-03-10 22:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2013-11-30 22:27 - 2011-03-10 22:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2013-11-30 22:27 - 2011-03-10 22:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2013-11-30 22:27 - 2011-03-10 22:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-11-30 22:27 - 2011-03-10 22:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2013-11-30 22:27 - 2011-03-10 21:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-11-30 22:27 - 2011-03-10 21:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2013-11-30 22:27 - 2011-03-10 20:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-11-30 22:20 - 2013-11-30 22:20 - 00000000 ____D C:\Users\hsh\AppData\Local\NVIDIA
2013-11-19 20:00 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-19 20:00 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-19 19:59 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-19 19:59 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-19 19:59 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-19 19:59 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-19 19:59 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-19 19:59 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-19 19:59 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-19 19:59 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-19 19:59 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-19 19:59 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-19 19:59 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-19 19:59 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-19 19:59 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-19 19:59 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-19 19:59 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-19 19:59 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-19 19:59 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-19 19:59 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-19 19:59 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-19 19:59 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-19 19:49 - 2013-12-18 09:08 - 00404640 _____ C:\Windows\system32\prfh0404.dat
2013-11-19 19:49 - 2013-12-18 09:08 - 00118430 _____ C:\Windows\system32\prfc0404.dat
2013-11-19 19:49 - 2013-11-19 19:41 - 00117840 _____ C:\Windows\system32\prfi0404.dat
2013-11-19 19:49 - 2013-11-19 19:41 - 00031548 _____ C:\Windows\system32\prfd0404.dat
2013-11-19 19:46 - 2013-11-19 19:46 - 00000000 ____D C:\Windows\SysWOW64\zh-CHT
2013-11-19 19:46 - 2013-11-19 19:46 - 00000000 ____D C:\Windows\system32\zh-CHT
2013-11-19 19:46 - 2013-11-19 19:46 - 00000000 ____D C:\Windows\system32\Drivers\zh-HK
2013-11-19 19:45 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-19 19:42 - 2013-11-19 19:42 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-19 19:42 - 2013-11-19 19:42 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-19 19:42 - 2013-11-19 19:42 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-19 19:42 - 2013-11-19 19:42 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-19 19:42 - 2013-11-19 19:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-19 19:42 - 2013-11-19 19:42 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-19 19:42 - 2013-11-19 19:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-19 19:37 - 2013-12-17 09:37 - 00000000 ____D C:\Windows\system32\MRT
2013-11-19 19:37 - 2013-12-17 09:35 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-19 18:13 - 2013-11-19 18:13 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-19 17:48 - 2012-07-25 19:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-11-19 17:48 - 2012-07-25 19:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-11-19 17:48 - 2012-07-25 19:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-11-19 17:48 - 2012-07-25 19:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-11-19 17:48 - 2012-07-25 19:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-11-19 17:48 - 2012-07-25 18:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-11-19 17:48 - 2012-07-25 18:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-11-19 17:48 - 2012-06-02 06:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-11-19 17:35 - 2012-02-29 22:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-11-19 17:35 - 2012-02-29 22:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-11-19 17:35 - 2012-02-29 21:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-11-19 17:32 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-19 17:32 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-19 17:32 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-19 17:32 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-19 17:32 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-19 17:32 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-19 17:32 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-19 17:32 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

2013-12-18 17:53 - 2013-12-18 17:53 - 00014962 _____ C:\Users\hsh\Desktop\FRST.txt
2013-12-18 17:53 - 2013-12-18 17:53 - 00000000 ____D C:\FRST
2013-12-18 17:53 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Default
2013-12-18 17:51 - 2013-12-18 17:52 - 02192805 _____ (Farbar) C:\Users\hsh\Desktop\FRST64.exe
2013-12-18 17:51 - 2013-12-18 17:51 - 02192805 _____ (Farbar) C:\Users\hsh\Downloads\FRST64.exe
2013-12-18 17:48 - 2013-11-10 00:50 - 00000536 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-18 17:48 - 2013-11-09 08:25 - 01290983 _____ C:\Windows\WindowsUpdate.log
2013-12-18 17:42 - 2013-11-10 00:53 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-18 16:47 - 2009-07-13 20:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-18 16:47 - 2009-07-13 20:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-18 16:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-18 16:44 - 2013-12-17 15:44 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-12-18 16:40 - 2013-12-18 16:26 - 00000336 _____ C:\Windows\setupact.log
2013-12-18 16:39 - 2013-11-10 00:53 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-18 16:39 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-18 16:38 - 2013-12-18 16:33 - 00000000 ____D C:\AdwCleaner
2013-12-18 16:38 - 2013-12-17 12:58 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-12-18 16:32 - 2013-12-18 16:31 - 01226750 _____ C:\Users\hsh\Desktop\AdwCleaner.exe
2013-12-18 16:26 - 2013-12-18 16:26 - 00000000 _____ C:\Windows\setuperr.log
2013-12-18 14:31 - 2013-12-18 14:31 - 00032901 _____ C:\Users\hsh\Desktop\dds.txt
2013-12-18 14:31 - 2013-12-18 14:31 - 00012171 _____ C:\Users\hsh\Desktop\attach.txt
2013-12-18 14:24 - 2013-12-18 14:24 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-18 14:24 - 2013-12-18 14:24 - 00000000 ____D C:\Users\hsh\AppData\Roaming\Malwarebytes
2013-12-18 14:24 - 2013-12-18 14:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-18 14:24 - 2013-12-18 14:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-18 14:18 - 2013-12-17 21:35 - 00000000 ____D C:\Program Files (x86)\TechSmith
2013-12-18 14:11 - 2013-12-18 14:11 - 00000000 ____D C:\ProgramData\Sun
2013-12-18 14:11 - 2013-12-18 14:11 - 00000000 ____D C:\ProgramData\Oracle
2013-12-18 14:10 - 2013-12-18 14:10 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-18 14:10 - 2013-12-18 14:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-18 14:10 - 2013-12-18 14:10 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-18 14:10 - 2013-12-18 14:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-18 14:10 - 2013-12-18 14:10 - 00000000 ____D C:\ProgramData\McAfee
2013-12-18 14:10 - 2013-12-18 14:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-18 14:09 - 2013-12-18 14:09 - 00915368 _____ (Oracle Corporation) C:\Users\hsh\Downloads\jxpiinstall.exe
2013-12-18 14:02 - 2013-12-18 14:02 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-12-18 14:02 - 2013-12-18 14:02 - 00000000 ____D C:\Windows\system32\NV
2013-12-18 14:02 - 2013-12-18 13:53 - 00001353 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-12-18 14:02 - 2013-11-10 01:05 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-18 13:52 - 2013-12-18 13:52 - 00000000 ____D C:\Users\hsh\AppData\Local\NVIDIA Corporation
2013-12-18 13:44 - 2013-12-18 13:39 - 259454424 _____ (NVIDIA Corporation) C:\Users\hsh\Downloads\331.65-notebook-win8-win7-64bit-international-whql.exe
2013-12-18 13:32 - 2013-12-18 13:32 - 00688992 ____R (Swearware) C:\Users\hsh\Desktop\dds.scr
2013-12-18 13:32 - 2013-12-18 13:32 - 00688992 _____ (Swearware) C:\Users\hsh\Desktop\dds.com
2013-12-18 13:27 - 2013-12-18 13:27 - 00000000 ____D C:\Users\hsh\AppData\Local\Macromedia
2013-12-18 13:27 - 2013-12-18 13:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-18 13:27 - 2013-11-10 01:04 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-18 13:26 - 2013-12-18 13:25 - 27923456 _____ C:\Users\hsh\Downloads\PhysX-9.13.0725-SystemSoftware.msi
2013-12-18 13:24 - 2013-12-18 13:21 - 00000000 ____D C:\Users\hsh\AppData\Local\Adobe
2013-12-18 13:23 - 2013-11-10 00:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-18 13:23 - 2013-11-10 00:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-18 13:23 - 2013-11-10 00:50 - 00003474 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-18 13:15 - 2013-12-18 08:45 - 00000000 ____D C:\Users\hsh\AppData\Roaming\EAST Technologies
2013-12-18 12:38 - 2013-11-09 08:20 - 00000000 ____D C:\Windows\Panther
2013-12-18 12:22 - 2013-12-18 12:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\hsh\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-18 09:59 - 2013-11-10 00:29 - 00000000 ___RD C:\Users\hsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-18 09:56 - 2013-12-18 09:46 - 00000000 ____D C:\Windows\pss
2013-12-18 09:08 - 2013-11-19 19:49 - 00404640 _____ C:\Windows\system32\prfh0404.dat
2013-12-18 09:08 - 2013-11-19 19:49 - 00118430 _____ C:\Windows\system32\prfc0404.dat
2013-12-18 09:08 - 2011-04-12 06:46 - 00387538 _____ C:\Windows\system32\prfh0804.dat
2013-12-18 09:08 - 2011-04-12 06:46 - 00123344 _____ C:\Windows\system32\prfc0804.dat
2013-12-18 09:08 - 2009-07-13 21:13 - 01777034 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-18 08:46 - 2013-12-18 08:46 - 00000000 ____D C:\ProgramData\ESET
2013-12-18 08:46 - 2013-12-18 08:46 - 00000000 ____D C:\Program Files\ESET
2013-12-17 23:38 - 2013-12-17 23:05 - 00000000 ____D C:\Users\hsh\AppData\Local\ESET
2013-12-17 23:31 - 2013-12-17 23:31 - 00003118 _____ C:\Windows\System32\Tasks\{469FF7F0-E459-4D74-8370-0E052255AA5C}
2013-12-17 23:09 - 2013-12-17 23:09 - 00000000 ____D C:\Users\hsh\AppData\Roaming\HTML Executable
2013-12-17 23:05 - 2013-12-17 23:05 - 00000000 ____D C:\Users\hsh\AppData\Roaming\ESET
2013-12-17 22:56 - 2013-12-17 21:45 - 00000000 ____D C:\Program Files\Bitdefender
2013-12-17 22:54 - 2013-12-17 22:54 - 00250557 _____ C:\ProgramData\1387348882.bdinstall.bin
2013-12-17 22:54 - 2013-12-17 21:44 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-12-17 22:21 - 2013-12-17 22:21 - 01298328 _____ C:\Users\hsh\Downloads\BatteryBarSetup-3.6.2.exe
2013-12-17 22:01 - 2013-12-17 22:01 - 00000385 _____ C:\Users\hsh\AppData\Roaminguser_gensett.xml
2013-12-17 21:48 - 2013-12-17 21:48 - 00445444 _____ C:\ProgramData\1387345493.bdinstall.bin
2013-12-17 21:48 - 2013-12-17 21:48 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2013-12-17 21:48 - 2013-12-17 21:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-12-17 21:48 - 2013-12-17 21:48 - 00000000 ____D C:\ProgramData\BDLogging
2013-12-17 21:48 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-17 21:44 - 2013-12-17 21:44 - 00000000 ____D C:\Users\hsh\AppData\Roaming\QuickScan
2013-12-17 21:35 - 2013-12-17 21:35 - 00000000 ____D C:\Users\hsh\Documents\Snagit
2013-12-17 21:35 - 2013-12-17 21:35 - 00000000 ____D C:\Users\hsh\AppData\Local\TechSmith
2013-12-17 21:29 - 2013-11-10 00:28 - 00000000 ____D C:\Users\hsh
2013-12-17 21:27 - 2013-12-17 21:27 - 00000000 ____D C:\Users\hsh\AppData\Local\VS Revo Group
2013-12-17 21:27 - 2013-12-17 21:27 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-12-17 21:25 - 2013-12-17 21:25 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-17 21:25 - 2013-12-17 21:25 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-17 21:25 - 2013-12-17 21:25 - 00000000 ____D C:\Program Files\CCleaner
2013-12-17 21:17 - 2013-12-17 21:17 - 00000000 ____D C:\Users\hsh\Downloads\hjsplit
2013-12-17 21:16 - 2013-12-17 21:16 - 00194885 _____ C:\Users\hsh\Downloads\hjsplit.zip
2013-12-17 21:14 - 2013-12-17 21:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-17 21:14 - 2013-12-17 21:12 - 00000000 ____D C:\ProgramData\Skype
2013-12-17 21:12 - 2013-12-17 21:12 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-17 21:12 - 2013-12-17 21:12 - 00000000 ____D C:\Users\hsh\AppData\Roaming\Skype
2013-12-17 21:11 - 2013-12-17 21:09 - 04618136 _____ (Piriform Ltd) C:\Users\hsh\Downloads\ccsetup408.exe
2013-12-17 19:38 - 2013-12-17 19:36 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-17 18:16 - 2013-12-17 18:16 - 00231376 ____N (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-12-17 18:16 - 2013-12-17 18:16 - 00000881 _____ C:\Users\Public\Desktop\CT.lnk
2013-12-17 18:16 - 2013-12-17 18:16 - 00000000 ____D C:\Program Files\TrueCrypt
2013-12-17 17:05 - 2013-12-17 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 15:53 - 2013-12-17 14:04 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-17 15:44 - 2013-12-17 15:44 - 00002043 _____ C:\Users\hsh\Desktop\JDownloader.lnk
2013-12-17 15:41 - 2013-12-17 15:41 - 00000000 ____D C:\Users\hsh\AppData\Local\CRE
2013-12-17 14:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-17 14:05 - 2013-12-17 14:05 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-17 14:05 - 2013-12-17 14:05 - 00000000 ____D C:\Users\wangzhisong
2013-12-17 14:05 - 2013-12-17 14:05 - 00000000 ____D C:\Users\hsh\AppData\Local\Mobogenie
2013-12-17 14:05 - 2013-12-17 14:05 - 00000000 ____D C:\Users\hsh\AppData\Local\cache
2013-12-17 14:05 - 2013-12-17 14:05 - 00000000 _____ C:\Users\hsh\daemonprocess.txt
2013-12-17 13:28 - 2013-12-17 13:28 - 00000877 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-17 13:28 - 2013-12-17 13:28 - 00000000 ____D C:\Users\hsh\AppData\Roaming\vlc
2013-12-17 13:28 - 2013-12-17 13:28 - 00000000 ____D C:\Program Files\VideoLAN
2013-12-17 13:11 - 2013-12-17 13:11 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-17 13:11 - 2013-12-17 13:11 - 00000000 ____D C:\Users\hsh\AppData\Roaming\Mozilla
2013-12-17 13:11 - 2013-12-17 13:11 - 00000000 ____D C:\Users\hsh\AppData\Local\Mozilla
2013-12-17 13:11 - 2013-12-17 13:11 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-17 13:11 - 2013-12-17 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-17 12:58 - 2013-12-17 12:58 - 00000000 ____D C:\ProgramData\Hotspot Shield
2013-12-17 12:45 - 2013-12-17 12:45 - 00000000 ____D C:\Users\hsh\AppData\Roaming\XnView
2013-12-17 12:36 - 2013-12-17 12:36 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-12-17 12:36 - 2013-11-10 00:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-17 12:35 - 2013-12-17 12:35 - 03429528 _____ (Lenovo Group                                                ) C:\Users\hsh\Downloads\l1egc02us24.exe
2013-12-17 12:33 - 2013-12-17 12:33 - 00000000 ____D C:\Users\hsh\AppData\Roaming\PDF Architect
2013-12-17 12:33 - 2013-11-10 19:39 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-17 12:23 - 2013-12-17 12:23 - 00001795 _____ C:\Users\hsh\Desktop\XnView.lnk
2013-12-17 12:23 - 2013-12-17 12:23 - 00000000 ____D C:\Program Files (x86)\XnView
2013-12-17 12:14 - 2013-12-17 12:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-17 09:46 - 2009-07-13 20:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-17 09:37 - 2013-11-19 19:37 - 00000000 ____D C:\Windows\system32\MRT
2013-12-17 09:35 - 2013-11-19 19:37 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 16:22 - 2013-11-10 00:53 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-15 16:22 - 2013-11-10 00:53 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-30 22:22 - 2013-11-10 02:52 - 00003880 ____N C:\Windows\System32\Tasks\User_Feed_Synchronization-{6A3B83C9-7172-4005-94E2-2067C697B81C}
2013-11-30 22:20 - 2013-11-30 22:20 - 00000000 ____D C:\Users\hsh\AppData\Local\NVIDIA
2013-11-26 03:54 - 2013-12-17 09:37 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 02:19 - 2013-12-17 09:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 02:18 - 2013-12-17 09:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 02:11 - 2013-12-17 09:37 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 01:48 - 2013-12-17 09:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 01:46 - 2013-12-17 09:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 01:41 - 2013-12-17 09:37 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 01:29 - 2013-12-17 09:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 01:27 - 2013-12-17 09:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 01:23 - 2013-12-17 09:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 01:21 - 2013-12-17 09:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 01:18 - 2013-12-17 09:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 01:18 - 2013-12-17 09:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 01:16 - 2013-12-17 09:37 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 00:57 - 2013-12-17 09:37 - 00218624 ____N (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 00:38 - 2013-12-17 09:37 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:38 - 2013-12-17 09:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:35 - 2013-12-17 09:37 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 00:32 - 2013-12-17 09:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:28 - 2013-12-17 09:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:16 - 2013-12-17 09:37 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:02 - 2013-12-17 09:37 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-25 23:48 - 2013-12-17 09:37 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-25 23:32 - 2013-12-17 09:37 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-25 23:26 - 2013-12-17 09:37 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-25 23:07 - 2013-12-17 09:37 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-25 22:40 - 2013-12-17 09:37 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-25 22:34 - 2013-12-17 09:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-25 22:34 - 2013-12-17 09:37 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-25 22:33 - 2013-12-17 09:37 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-25 22:27 - 2013-12-17 09:37 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 10:26 - 2013-12-15 16:29 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 09:47 - 2013-12-15 16:29 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-20 10:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-11-20 10:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-11-20 10:21 - 2013-11-10 01:03 - 00000000 ____D C:\Users\Public\Thunder Network
2013-11-19 21:19 - 2013-11-10 18:33 - 00000000 ____D C:\Users\hsh\AppData\Roaming\DrvMgr
2013-11-19 19:51 - 2013-11-10 00:52 - 00058016 _____ C:\Users\hsh\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-19 19:46 - 2013-11-19 19:46 - 00000000 ____D C:\Windows\SysWOW64\zh-CHT
2013-11-19 19:46 - 2013-11-19 19:46 - 00000000 ____D C:\Windows\system32\zh-CHT
2013-11-19 19:46 - 2013-11-19 19:46 - 00000000 ____D C:\Windows\system32\Drivers\zh-HK
2013-11-19 19:46 - 2011-04-12 06:57 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-19 19:46 - 2011-04-12 06:45 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-11-19 19:46 - 2011-04-12 06:45 - 00000000 ____D C:\Windows\SysWOW64\winrm
2013-11-19 19:46 - 2011-04-12 06:45 - 00000000 ____D C:\Windows\SysWOW64\WCN
2013-11-19 19:46 - 2011-04-12 06:45 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2013-11-19 19:46 - 2011-04-12 06:45 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2013-11-19 19:46 - 2011-04-12 06:45 - 00000000 ____D C:\Windows\system32\winrm
2013-11-19 19:46 - 2011-04-12 06:45 - 00000000 ____D C:\Windows\system32\WCN
2013-11-19 19:46 - 2011-04-12 06:45 - 00000000 ____D C:\Windows\system32\slmgr
2013-11-19 19:46 - 2011-04-12 06:45 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2013-11-19 19:46 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-19 19:46 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-11-19 19:46 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-19 19:46 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-11-19 19:46 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-11-19 19:46 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-11-19 19:46 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\oobe
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\MUI
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\migwiz
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Dism
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\com
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-11-19 19:46 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-11-19 19:42 - 2013-11-19 19:42 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-19 19:42 - 2013-11-19 19:42 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-19 19:42 - 2013-11-19 19:42 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-19 19:42 - 2013-11-19 19:42 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-19 19:42 - 2013-11-19 19:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-19 19:42 - 2013-11-19 19:42 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-19 19:42 - 2013-11-19 19:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-19 19:42 - 2013-11-19 19:42 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-19 19:42 - 2013-11-19 19:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-19 19:41 - 2013-11-19 19:49 - 00117840 _____ C:\Windows\system32\prfi0404.dat
2013-11-19 19:41 - 2013-11-19 19:49 - 00031548 _____ C:\Windows\system32\prfd0404.dat
2013-11-19 18:57 - 2013-11-10 00:29 - 00000000 ___RD C:\Users\hsh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-19 18:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-11-19 18:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-11-19 18:47 - 2013-11-10 01:02 - 01253978 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-19 18:13 - 2013-11-19 18:13 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-19 18:13 - 2013-11-19 18:13 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-19 17:24 - 2013-11-10 01:04 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-19 03:33 - 2010-11-20 19:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\hsh\AppData\Local\Temp\BatteryBarSetup-3.6.2.exe
C:\Users\hsh\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\hsh\AppData\Local\Temp\nsdDBA.exe
C:\Users\hsh\AppData\Local\Temp\nsdF2EA.exe
C:\Users\hsh\AppData\Local\Temp\nsi126E.exe
C:\Users\hsh\AppData\Local\Temp\nsiD83C.exe
C:\Users\hsh\AppData\Local\Temp\nsn9292.exe
C:\Users\hsh\AppData\Local\Temp\nsoF80C.exe
C:\Users\hsh\AppData\Local\Temp\nssE12F.exe
C:\Users\hsh\AppData\Local\Temp\Quarantine.exe
C:\Users\hsh\AppData\Local\Temp\SPStub.exe
C:\Users\hsh\AppData\Local\Temp\xReflect.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-17 14:43

==================== End Of Log ============================

Link to post
Share on other sites
mjjr

mjjr

Posted
  • Author
Posted

ok, Ive tried several times to upload the "addition.txt" using both the basic loader and advanced loader. each time I keep getting an error: upload failed.

Ive tried this in both firefox and chrome browsers.

Also, chrome browsers still shows  "conduit" as the search when "startpage" was set as the default home page.

Link to post
Share on other sites
mjjr

mjjr

Posted
  • Author
Posted

Farbar Service Scanner Version: 05-12-2013
Ran by hsh (administrator) on 18-12-2013 at 18:15:36
Running from "C:\Users\hsh\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Not sure what you zipped up but it certainly don`t look like addition.txt log file... Do the following:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs, let me know what issues/concerns remain....

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites
mjjr

mjjr

Posted
  • Author
Posted

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-12-2013
Ran by hsh at 2013-12-19 14:46:42 Run:1
Running from C:\Users\hsh\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0F0AtA0A0CtBtD0D0FzytN0D0Tzu0SyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2001500293&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0F0AtA0A0CtBtD0D0FzytN0D0Tzu0SyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2001500293&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0F0AtA0A0CtBtD0D0FzytN0D0Tzu0SyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2001500293&ir=
SearchScopes: HKCU - {EFC5FB5C-3179-4C7A-9EF1-CB09C3FF1D87} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309760&CUI=UN28176857679794237&UM=2
BHO: No Name - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -  No File
FF SelectedSearchEngine: XXXTOOLBARNAMEXXX Search
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [x]
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [x]
C:\Program Files (x86)\Hotspot Shield
C:\ProgramData\Hotspot Shield
C:\Users\hsh\AppData\Local\Temp\BatteryBarSetup-3.6.2.exe
C:\Users\hsh\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\hsh\AppData\Local\Temp\nsdDBA.exe
C:\Users\hsh\AppData\Local\Temp\nsdF2EA.exe
C:\Users\hsh\AppData\Local\Temp\nsi126E.exe
C:\Users\hsh\AppData\Local\Temp\nsiD83C.exe
C:\Users\hsh\AppData\Local\Temp\nsn9292.exe
C:\Users\hsh\AppData\Local\Temp\nsoF80C.exe
C:\Users\hsh\AppData\Local\Temp\nssE12F.exe
C:\Users\hsh\AppData\Local\Temp\Quarantine.exe
C:\Users\hsh\AppData\Local\Temp\SPStub.exe
C:\Users\hsh\AppData\Local\Temp\xReflect.exe
End



*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFC5FB5C-3179-4C7A-9EF1-CB09C3FF1D87} => Key deleted successfully.
HKCR\CLSID\{EFC5FB5C-3179-4C7A-9EF1-CB09C3FF1D87} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} => Key deleted successfully.
HKCR\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} => Key not found.
Firefox SelectedSearchEngine deleted successfully.
hshld => Service deleted successfully.
HssTrayService => Service deleted successfully.
HssWd => Service deleted successfully.
C:\Program Files (x86)\Hotspot Shield => Moved successfully.
C:\ProgramData\Hotspot Shield => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\BatteryBarSetup-3.6.2.exe => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\nsdDBA.exe => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\nsdF2EA.exe => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\nsi126E.exe => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\nsiD83C.exe => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\nsn9292.exe => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\nsoF80C.exe => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\nssE12F.exe => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\SPStub.exe => Moved successfully.
C:\Users\hsh\AppData\Local\Temp\xReflect.exe => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

  • The file will be randomly named
  • Reboot to safe mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
     
    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats
     
    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence
     
    drwebscan.JPG
     
  • Once the scan has finished click open report
     
    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

 

This log will be excessive,  Attach it to your next reply…

Link to post
Share on other sites
mjjr

mjjr

Posted
  • Author
Posted

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
ESET Smart Security 4.2   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.170  
 Mozilla Firefox (26.0)
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.