Jump to content

Radio adverts playing in background, websites randomly opening in new tabs and general slowdown (possibly)


Recommended Posts

Hi,

 

I was hoping someone might be able to help me, I'm working on a relatively new laptop which about 2 weeks ago started occasionally playing adverts in the background, this happened even when there was no browser open at the time. At about the same time I would occasionally have new tabs randomly popping open in my browser. I also believe there has been considerable slow down in these last two weeks (although this may be me just me being paranoid due to the other issues).

 

The strange thing is that the radio adverts and tabs popping open have stopped in the last couple of days. But I am still exteremly concerned about using the machine for any sensitive material (banking etc.) until I'm sure that it's clean.

 

I have pasted the DDS results below. Any help would be greatly appreciated.

Please let me know if you require a copy of the 'Attach' report as well.

 

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by Paul at 14:07:59 on 2014-02-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8097.4907 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Paul\Anti-Virus\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Paul\Anti-Virus\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Paul\Anti-Virus\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\Paul\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Paul\Anti-Virus\AVG2014\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\DRIVERS\o2flash.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
uRun: [spotify Web Helper] "C:\Users\Paul\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [AVG-Secure-Search-Update_1213b] C:\Users\Paul\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=23c79cfbbb3747d2906665ff302b09d2-67b71d32077a9990244bc6d51daadb85d9983b94 /CMPID=1213b
uRun: [AVG-Secure-Search-Update_0214c] C:\Users\Paul\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=23c79cfbbb3747d2906665ff302b09d2-67b71d32077a9990244bc6d51daadb85d9983b94 /CMPID=0214c
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Paul\Anti-Virus\AVG2014\avgui.exe" /TRAYONLY
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{E39971C3-C04B-444B-9F6B-0B0A0F6F6AC3} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe /s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4P1
x64-Run: [WavesSvc] C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
x64-Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM
x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [iAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [intelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [bLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
x64-Run: [AdAwareTray] "C:\Paul\Anti-Virus\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\44s4pe52.default\

FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2014-1-10 36520]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-1-10 677360]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-1-10 28656]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-10 20464]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2014-1-10 22128]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-2-8 46368]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-1-10 241152]
R2 avgwd;AVG WatchDog;C:\Paul\Anti-Virus\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-12-13 1120784]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-12-3 1361856]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-12-3 1148864]
R2 Dell.PowerManager.Service;Dell.PowerManager.Service;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-30 15344]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-1-10 169432]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Paul\Anti-Virus\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-1-10 223816]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-2-8 1772056]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-2-8 3386608]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2014-1-10 176096]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2014-1-10 496400]
R3 gzflt;gzflt;C:\Paul\Anti-Virus\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [2013-7-17 138232]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-1-10 452088]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-10 366576]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-10 785904]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-1-28 25528]
R3 O2FJ2RDR;O2FJ2RDR;C:\Windows\System32\drivers\O2FJ2w7x64.sys [2014-1-10 185760]
R3 ST_Accel;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_Accel.sys [2014-1-10 89312]
R3 usb3Hub;UoIP Hub;C:\Windows\System32\drivers\usb3Hub.sys [2013-1-28 206744]
S2 AVGIDSAgent;AVGIDSAgent;C:\Paul\Anti-Virus\AVG2014\avgidsagent.exe [2014-1-22 3788816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-8-7 199176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-10-30 131968]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-12-3 1342848]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-8-6 68136]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-14 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-1-28 35256]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 InvProtectDrv;InvProtectDrv;C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [2013-7-30 34824]
S3 InvProtectSvc;Invincea Enterprise Service;C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2013-7-30 2947856]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-2-8 273136]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 SboxDrv;SboxDrv;C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [2013-7-30 202248]
S3 SboxSvc;SboxSvc;C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [2013-7-30 124616]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-02-16 22:12:44    --------    d-----w-    C:\Users\Paul\AppData\Local\CrashDumps
2014-02-14 03:01:59    7211520    ----a-w-    C:\Program Files\Internet Explorer\F12Resources.dll
2014-02-13 18:09:55    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-02-08 14:37:39    --------    d-----w-    C:\Users\Paul\AppData\Roaming\LavasoftStatistics
2014-02-08 14:31:07    --------    d-----w-    C:\Users\Paul\AppData\Roaming\Malwarebytes
2014-02-08 14:30:57    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-02-08 14:30:56    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-02-08 14:30:37    --------    d-----w-    C:\Users\Paul\AppData\Local\Programs
2014-02-08 14:20:38    --------    d-----w-    C:\Program Files\Common Files\Lavasoft
2014-02-08 13:12:01    --------    d-----w-    C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-08 13:08:45    --------    d-----w-    C:\Users\Paul\AppData\Local\AVG SafeGuard toolbar
2014-02-08 13:05:56    --------    d-----w-    C:\ProgramData\AVG Security Toolbar
2014-02-08 13:05:54    46368    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-02-08 13:05:19    --------    d-----w-    C:\ProgramData\AVG SafeGuard toolbar
2014-02-08 13:05:19    --------    d-----w-    C:\Program Files (x86)\Common Files\AVG Secure Search
2014-01-26 16:18:23    --------    d-----w-    C:\Users\Paul\AppData\Local\CutePDF Writer
2014-01-26 16:17:56    --------    d-----w-    C:\Program Files (x86)\GPLGS
2014-01-26 16:17:39    87600    ----a-w-    C:\Windows\System32\cpwmon64.dll
2014-01-26 16:17:38    --------    d-----w-    C:\Program Files (x86)\Acro Software
2014-01-26 14:34:06    --------    d-----w-    C:\Program Files (x86)\Bonjour
2014-01-26 14:31:59    --------    d-----w-    C:\Windows\SysWow64\spool
2014-01-26 14:30:01    --------    d-----w-    C:\Program Files (x86)\Common Files\Macrovision Shared
2014-01-25 14:46:11    --------    d-----w-    C:\Users\Paul\AppData\Local\Skype
2014-01-25 14:46:05    --------    d-----r-    C:\Program Files (x86)\Skype
2014-01-25 14:33:06    --------    d-----w-    C:\Windows\Migration
2014-01-25 14:08:44    --------    d-----w-    C:\Windows\SysWow64\Wat
2014-01-25 14:08:44    --------    d-----w-    C:\Windows\System32\Wat
2014-01-25 13:52:46    294912    ----a-w-    C:\Windows\System32\browserchoice.exe
2014-01-25 13:48:57    --------    d-----w-    C:\Windows\PCHEALTH
2014-01-25 13:45:53    --------    d-----w-    C:\Program Files (x86)\Microsoft Visual Studio 8
2014-01-25 13:45:33    --------    d-----w-    C:\Users\Paul\AppData\Local\Microsoft Help
2014-01-25 13:43:07    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2014-01-25 13:43:07    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2014-01-25 13:43:07    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2014-01-25 13:43:07    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2014-01-25 13:43:07    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2014-01-25 13:43:07    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2014-01-25 13:43:07    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2014-01-25 13:39:30    --------    d-----w-    C:\Windows\System32\MRT
2014-01-25 13:01:02    --------    d-----w-    C:\Users\Paul\AppData\Local\Spotify
2014-01-25 13:00:51    --------    d-----w-    C:\Users\Paul\AppData\Roaming\Spotify
2014-01-25 13:00:41    --------    d-----w-    C:\Users\Paul\AppData\Local\Macromedia
2014-01-25 12:59:40    --------    d-----w-    C:\Users\Paul\AppData\Local\Adobe
2014-01-25 12:24:07    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2014-01-25 12:24:07    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2014-01-25 12:24:06    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2014-01-25 12:24:06    530432    ----a-w-    C:\Windows\SysWow64\comctl32.dll
2014-01-25 12:24:02    886784    ----a-w-    C:\Program Files\Common Files\System\wab32.dll
2014-01-25 12:24:02    708608    ----a-w-    C:\Program Files (x86)\Common Files\System\wab32.dll
2014-01-25 12:24:01    142336    ----a-w-    C:\Windows\System32\poqexec.exe
2014-01-25 12:24:01    123904    ----a-w-    C:\Windows\SysWow64\poqexec.exe
2014-01-25 12:22:54    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2014-01-25 12:22:54    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2014-01-25 12:22:45    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2014-01-25 12:22:45    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2014-01-25 12:22:45    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2014-01-25 12:22:45    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2014-01-25 12:22:45    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2014-01-25 12:22:45    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2014-01-24 19:26:15    --------    d-----w-    C:\Users\Paul\AppData\Roaming\AVG2014
2014-01-24 19:25:49    --------    d-----w-    C:\Users\Paul\AppData\Roaming\TuneUp Software
2014-01-24 19:25:30    --------    d--h--w-    C:\$AVG
2014-01-24 19:25:30    --------    d-----w-    C:\ProgramData\AVG2014
2014-01-24 19:25:13    --------    d-----w-    C:\Paul
2014-01-24 19:23:10    --------    d--h--w-    C:\ProgramData\Common Files
2014-01-24 19:23:10    --------    d-----w-    C:\Users\Paul\AppData\Local\MFAData
2014-01-24 19:23:10    --------    d-----w-    C:\Users\Paul\AppData\Local\Avg2014
2014-01-24 19:23:10    --------    d-----w-    C:\ProgramData\MFAData
2014-01-24 19:20:56    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-01-24 19:20:56    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-01-24 19:18:27    --------    d-----w-    C:\Users\Paul\AppData\Local\ATI
2014-01-24 19:17:26    --------    d-----w-    C:\Users\Paul\AppData\Roaming\Intel Corporation
2014-01-24 19:15:58    --------    d-----w-    C:\Users\Paul\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2014-02-13 15:01:46    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-13 15:01:46    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-01-25 14:00:58    30208    ----a-w-    C:\Windows\System32\licmgr10.dll
2014-01-25 14:00:58    1228800    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-01-25 14:00:57    167424    ----a-w-    C:\Windows\System32\iexpress.exe
2014-01-25 14:00:57    143872    ----a-w-    C:\Windows\System32\wextract.exe
2014-01-25 14:00:55    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-01-25 14:00:55    48128    ----a-w-    C:\Windows\System32\imgutil.dll
2014-01-25 14:00:55    13824    ----a-w-    C:\Windows\System32\mshta.exe
2014-01-10 07:37:12    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-10 06:23:04    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-12-06 02:30:08    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:42:42    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:42:20    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:42:18    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:42:16    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:42:08    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2013-11-26 08:16:50    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-11-25 21:47:22    196376    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-11-25 21:47:20    243480    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-25 21:47:20    150808    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
.
============= FINISH: 14:08:10.00 ===============
 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

There are two security systems running with anti-virus components, that is counterproductive. UNinstall one ASAP and keep your preferred program..

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Run FRST one more time:

 

Type the following in the edit box after "Search:".

 

rpcss.dll

 

Click Search button and post the log (Search.txt) it makes to your reply.

 

Kevin

Link to post
Share on other sites

Thanks for your help Kevin.

 

The results of the first log FRST and Addition.txt are part of this reply. I'll post a second reply below with the Search.txt searching for the rpcss.dll

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Paul (administrator) on PAUL-PC on 19-02-2014 15:06:47
Running from C:\Users\Paul\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Paul\Anti-Virus\AVG2014\avgwdsvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Spotify Ltd) C:\Users\Paul\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(AVG Technologies CZ, s.r.o.) C:\Paul\Anti-Virus\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Paul\Anti-Virus\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Paul\Anti-Virus\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Paul\Anti-Virus\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Paul\Anti-Virus\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Paul\Anti-Virus\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [706392 2013-05-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-23] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] - C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [114944 2013-04-18] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-23] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [intelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-02-08] (Intel® Corporation)
HKLM\...\Run: [bLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11733888 2012-12-03] (Motorola Solutions, Inc.)
HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-06-18] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Paul\Anti-Virus\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-09] ()
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1223212686-861896596-2721690173-1000\...\Run: [spotify Web Helper] - C:\Users\Paul\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-25] (Spotify Ltd)
HKU\S-1-5-21-1223212686-861896596-2721690173-1000\...\Run: [AVG-Secure-Search-Update_1213b] - C:\Users\Paul\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=23c79cfbbb3747d2906665ff302b09d2-67b71d32077a9990244bc6d51daadb85d9983b94 /CMPID=1213b
HKU\S-1-5-21-1223212686-861896596-2721690173-1000\...\Run: [AVG-Secure-Search-Update_0214c] - C:\Users\Paul\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=23c79cfbbb3747d2906665ff302b09d2-67b71d32077a9990244bc6d51daadb85d9983b94 /CMPID=0214c
HKU\S-1-5-21-1223212686-861896596-2721690173-1000\...\MountPoints2: {f6c87ecf-8682-11e3-81f3-f01faf4ed7a3} - "E:\WD SmartWare.exe" autoplay=true

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={318538B2-02C0-4E1A-9D97-57002073D647}&mid=23c79cfbbb3747d2906665ff302b09d2-67b71d32077a9990244bc6d51daadb85d9983b94〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-08 13:12:02&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\44s4pe52.default

FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\44s4pe52.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\44s4pe52.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: IMDB  Search - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\44s4pe52.default\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi [2014-02-16]
FF Extension: Adblock Plus - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\44s4pe52.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-15]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 [2014-02-08]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Paul\Anti-Virus\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Paul\Anti-Virus\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
R2 Dell.PowerManager.Service; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-06-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [223816 2013-01-10] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1772056 2014-02-08] (AVG Secure Search)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36520 2012-09-14] (Advanced Micro Devices, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-02-08] (AVG Technologies)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-04-22] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2161368 2013-06-25] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro )
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2013-03-27] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)
R4 gzflt; \??\C:\Paul\Anti-Virus\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [X]
S3 XHCIPort; system32\DRIVERS\XHCIPort.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-19 15:06 - 2014-02-19 15:06 - 00016730 _____ () C:\Users\Paul\Desktop\FRST.txt
2014-02-19 15:06 - 2014-02-19 15:06 - 00000000 ____D () C:\FRST
2014-02-19 15:01 - 2014-02-19 15:01 - 02153472 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-02-19 15:00 - 2014-02-19 15:00 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2014-02-19 14:08 - 2014-02-19 14:08 - 00027993 _____ () C:\Users\Paul\Desktop\dds.txt
2014-02-19 14:08 - 2014-02-19 14:08 - 00008543 _____ () C:\Users\Paul\Desktop\attach.txt
2014-02-19 14:04 - 2014-02-19 14:04 - 00688992 ____R (Swearware) C:\Users\Paul\Desktop\dds.scr
2014-02-19 14:03 - 2014-02-19 14:04 - 00688992 _____ (Swearware) C:\Users\Paul\Downloads\dds.scr
2014-02-18 14:54 - 2014-02-18 14:54 - 00002012 _____ () C:\Users\Public\Desktop\Intel® WiDi.lnk
2014-02-18 14:52 - 2014-02-18 14:54 - 00026355 _____ () C:\Users\Paul\AppData\Local\WiDiSetupLog.20140218.145231.wdl
2014-02-18 14:13 - 2014-02-18 14:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-02-16 22:12 - 2014-02-16 22:12 - 00000000 ____D () C:\Users\Paul\AppData\Local\CrashDumps
2014-02-16 15:54 - 2014-02-16 15:54 - 00000000 ____D () C:\Users\Paul\Documents\Dell WebCam Central
2014-02-16 15:54 - 2014-02-16 15:54 - 00000000 ____D () C:\ProgramData\Creative
2014-02-16 11:13 - 2014-02-16 11:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-14 03:02 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 03:02 - 2014-02-06 10:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 03:02 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-14 03:02 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 03:02 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-14 03:02 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-14 03:02 - 2013-12-21 09:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 03:02 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-14 03:01 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 03:01 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 03:01 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 03:01 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 03:01 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 03:01 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 03:01 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 03:01 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 03:01 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 03:01 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 03:01 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-14 03:01 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 03:01 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 03:01 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-14 03:01 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-14 03:01 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-14 03:01 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 03:01 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-14 03:01 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-14 03:01 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 03:01 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-14 03:01 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-14 03:01 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-14 03:01 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 03:01 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 03:01 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-14 03:01 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-14 03:01 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-14 03:01 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 03:01 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-14 03:01 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 03:01 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-14 03:01 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 21:04 - 2014-02-13 21:04 - 05058758 _____ () C:\Users\Paul\Downloads\Swirl_Flower_Vector_1_by_T_2_M.eps
2014-02-13 18:09 - 2013-12-31 23:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 18:09 - 2013-12-31 23:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 18:09 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 18:09 - 2013-12-24 22:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 18:09 - 2013-12-06 02:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 18:09 - 2013-12-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 18:09 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 18:09 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 18:09 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 18:09 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 18:09 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 18:09 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 18:09 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 18:09 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 18:09 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 18:09 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 18:09 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 18:09 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 18:09 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 18:09 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 18:09 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 18:09 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 18:09 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 18:09 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 18:09 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 18:09 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 18:09 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 18:09 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-08 14:37 - 2014-02-08 14:37 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\LavasoftStatistics
2014-02-08 14:31 - 2014-02-08 14:31 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Malwarebytes
2014-02-08 14:30 - 2014-02-08 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 14:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-08 14:29 - 2014-02-08 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 14:19 - 2014-02-08 14:19 - 01727624 _____ () C:\Users\Paul\Downloads\Adaware_Installer.exe
2014-02-08 14:19 - 2014-02-08 14:19 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-08 13:12 - 2014-02-09 20:55 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-08 13:08 - 2014-02-08 13:12 - 00000000 ____D () C:\Users\Paul\AppData\Local\AVG SafeGuard toolbar
2014-02-08 13:05 - 2014-02-08 13:12 - 00003743 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-02-08 13:05 - 2014-02-08 13:05 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-02-08 13:05 - 2014-02-08 13:05 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-02-08 13:05 - 2014-02-08 13:05 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-01-29 13:50 - 2014-01-29 13:50 - 01977432 _____ () C:\Users\Paul\Downloads\winrar-x64-501.exe
2014-01-29 13:50 - 2014-01-29 13:50 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\WinRAR
2014-01-29 13:50 - 2014-01-29 13:50 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-29 13:50 - 2014-01-29 13:50 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-26 16:30 - 2014-01-26 16:30 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-01-26 16:27 - 2014-01-30 19:58 - 00000000 ____D () C:\Users\Paul\Documents\Hanka CV
2014-01-26 16:18 - 2014-01-26 19:40 - 00000000 ____D () C:\Users\Paul\AppData\Local\CutePDF Writer
2014-01-26 16:17 - 2014-01-26 16:17 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-01-26 16:17 - 2014-01-26 16:17 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-01-26 16:17 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\system32\cpwmon64.dll
2014-01-26 16:16 - 2014-01-26 16:16 - 02003672 _____ (Acro Software Inc. ) C:\Users\Paul\Downloads\CuteWriter.exe
2014-01-26 14:34 - 2014-01-26 14:34 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-26 14:31 - 2014-01-26 14:31 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-01-26 14:28 - 2014-01-26 14:28 - 00003230 _____ () C:\Windows\System32\Tasks\{A13BEC07-D927-4325-8A52-8A8F3E7D0C9E}
2014-01-25 17:07 - 2014-01-25 17:07 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-01-25 17:07 - 2014-01-25 17:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-25 14:46 - 2014-02-19 15:03 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2014-01-25 14:46 - 2014-01-25 14:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-25 14:46 - 2014-01-25 14:46 - 00000000 ____D () C:\Users\Paul\AppData\Local\Skype
2014-01-25 14:46 - 2014-01-25 14:46 - 00000000 ____D () C:\ProgramData\Skype
2014-01-25 14:44 - 2014-01-25 14:44 - 01659552 _____ (Skype Technologies S.A.) C:\Users\Paul\Downloads\SkypeSetup.exe
2014-01-25 14:03 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-01-25 14:01 - 2014-01-25 14:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-25 14:01 - 2014-01-25 14:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-25 14:01 - 2014-01-25 14:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-25 14:01 - 2014-01-25 14:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-25 14:01 - 2014-01-25 14:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-25 14:01 - 2014-01-25 14:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-25 14:00 - 2014-01-25 14:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-25 14:00 - 2014-01-25 14:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-25 14:00 - 2014-01-25 14:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-25 14:00 - 2014-01-25 14:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-25 13:59 - 2014-01-25 14:03 - 00009014 _____ () C:\Windows\IE11_main.log
2014-01-25 13:52 - 2010-02-23 08:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-01-25 13:49 - 2014-01-25 17:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-01-25 13:49 - 2014-01-25 13:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-01-25 13:48 - 2014-01-25 13:48 - 00000000 ____D () C:\Windows\PCHEALTH
2014-01-25 13:45 - 2014-01-26 14:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-25 13:45 - 2014-01-26 14:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-01-25 13:45 - 2014-01-25 13:45 - 00000000 __RHD () C:\MSOCache
2014-01-25 13:45 - 2014-01-25 13:45 - 00000000 ____D () C:\Users\Paul\AppData\Local\Microsoft Help
2014-01-25 13:45 - 2014-01-25 13:45 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-01-25 13:45 - 2014-01-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-01-25 13:43 - 2012-07-26 03:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-01-25 13:43 - 2012-07-26 03:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-01-25 13:43 - 2012-07-26 03:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-01-25 13:43 - 2012-07-26 03:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-01-25 13:43 - 2012-07-26 03:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-01-25 13:43 - 2012-07-26 02:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-01-25 13:43 - 2012-07-26 02:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-01-25 13:43 - 2012-06-02 14:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-01-25 13:39 - 2014-02-16 22:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-25 13:39 - 2014-02-16 22:55 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-25 13:01 - 2014-02-08 13:26 - 00000000 ____D () C:\Users\Paul\AppData\Local\Spotify
2014-01-25 13:01 - 2014-01-25 13:01 - 00001750 _____ () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-01-25 13:00 - 2014-02-16 22:54 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Spotify
2014-01-25 13:00 - 2014-01-25 13:00 - 00127080 _____ (Spotify Ltd) C:\Users\Paul\Downloads\SpotifySetup.exe
2014-01-25 13:00 - 2014-01-25 13:00 - 00000000 ____D () C:\Users\Paul\AppData\Local\Macromedia
2014-01-25 12:59 - 2014-01-31 19:44 - 00000000 ____D () C:\Users\Paul\AppData\Local\Adobe
2014-01-25 12:24 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-01-25 12:24 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-01-25 12:24 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-01-25 12:24 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-01-25 12:24 - 2011-04-09 06:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-01-25 12:24 - 2011-04-09 05:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-01-25 12:23 - 2013-11-27 01:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-25 12:23 - 2013-11-27 01:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-25 12:23 - 2013-11-27 01:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-25 12:23 - 2013-11-27 01:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-25 12:23 - 2013-11-27 01:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-25 12:23 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-25 12:23 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-25 12:23 - 2013-11-23 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-25 12:23 - 2013-11-23 17:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-25 12:23 - 2013-11-12 02:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-25 12:23 - 2013-11-12 02:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-01-25 12:23 - 2013-10-19 02:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-25 12:23 - 2013-10-19 01:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-01-25 12:23 - 2013-10-12 02:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-25 12:23 - 2013-10-12 02:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-25 12:23 - 2013-10-12 02:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-01-25 12:23 - 2013-10-12 02:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-01-25 12:23 - 2013-10-12 01:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-25 12:23 - 2013-10-12 01:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-25 12:23 - 2013-10-12 01:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-01-25 12:23 - 2013-10-12 01:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-01-25 12:23 - 2013-10-05 20:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-01-25 12:23 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-01-25 12:23 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-01-25 12:23 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-01-25 12:23 - 2013-10-04 02:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-01-25 12:23 - 2013-10-04 02:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-25 12:23 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-01-25 12:23 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-01-25 12:23 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-01-25 12:23 - 2013-10-04 01:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-01-25 12:23 - 2013-10-03 02:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-01-25 12:23 - 2013-10-03 02:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-01-25 12:23 - 2013-09-28 01:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-01-25 12:23 - 2013-09-25 02:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-01-25 12:23 - 2013-09-25 02:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-01-25 12:23 - 2013-09-25 02:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-01-25 12:23 - 2013-09-25 02:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-01-25 12:23 - 2013-09-25 02:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-01-25 12:23 - 2013-09-25 02:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-01-25 12:23 - 2013-09-25 02:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-01-25 12:23 - 2013-09-25 02:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-01-25 12:23 - 2013-09-25 01:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-01-25 12:23 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-01-25 12:23 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-01-25 12:23 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-01-25 12:23 - 2013-09-25 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-01-25 12:23 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-01-25 12:23 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-01-25 12:23 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-01-25 12:23 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-01-25 12:23 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-01-25 12:23 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-01-25 12:23 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-01-25 12:23 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-01-25 12:23 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-01-25 12:23 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-01-25 12:23 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-01-25 12:23 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-01-25 12:23 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-01-25 12:23 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-01-25 12:23 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-01-25 12:23 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-01-25 12:23 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-01-25 12:23 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-01-25 12:23 - 2013-08-05 02:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-01-25 12:23 - 2013-08-02 02:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-01-25 12:23 - 2013-08-02 02:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-01-25 12:23 - 2013-08-02 02:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 02:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-01-25 12:23 - 2013-08-02 01:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 01:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-01-25 12:23 - 2013-08-02 00:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-01-25 12:23 - 2013-08-02 00:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 00:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 00:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-01-25 12:23 - 2013-08-02 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-01-25 12:23 - 2013-08-01 12:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-01-25 12:23 - 2013-07-26 02:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-01-25 12:23 - 2013-07-26 02:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-01-25 12:23 - 2013-07-26 01:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-01-25 12:23 - 2013-07-26 01:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-01-25 12:23 - 2013-07-25 09:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-01-25 12:23 - 2013-07-25 08:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-01-25 12:23 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-25 12:23 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-25 12:23 - 2013-07-12 10:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-01-25 12:23 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-01-25 12:23 - 2013-07-12 10:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-01-25 12:23 - 2013-07-09 05:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-01-25 12:23 - 2013-07-09 05:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-01-25 12:23 - 2013-07-09 05:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-01-25 12:23 - 2013-07-09 05:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-01-25 12:23 - 2013-07-09 04:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-01-25 12:23 - 2013-07-09 04:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-01-25 12:23 - 2013-07-09 04:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-01-25 12:23 - 2013-07-09 04:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-01-25 12:23 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-25 12:23 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-25 12:23 - 2013-07-04 12:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-01-25 12:23 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-25 12:23 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-25 12:23 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-01-25 12:23 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-01-25 12:23 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-01-25 12:23 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-01-25 12:23 - 2013-06-15 04:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-01-25 12:23 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-01-25 12:23 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-01-25 12:23 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-01-25 12:23 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-01-25 12:23 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-01-25 12:23 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-01-25 12:23 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-01-25 12:23 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-01-25 12:23 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-01-25 12:23 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-01-25 12:23 - 2013-06-04 06:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-01-25 12:23 - 2013-06-04 04:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-01-25 12:22 - 2013-10-12 02:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-01-25 12:22 - 2013-10-12 02:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-01-25 12:22 - 2013-10-12 02:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-01-25 12:22 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-01-25 12:22 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-01-25 12:22 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-01-25 12:22 - 2013-04-09 23:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-01-25 12:22 - 2013-04-02 22:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-01-24 19:26 - 2014-01-24 19:26 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\AVG2014
2014-01-24 19:25 - 2014-02-19 08:57 - 00000808 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-24 19:25 - 2014-01-26 16:29 - 00000000 ____D () C:\Paul
2014-01-24 19:25 - 2014-01-24 19:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-01-24 19:25 - 2014-01-24 19:25 - 00000000 ___HD () C:\$AVG
2014-01-24 19:25 - 2014-01-24 19:25 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\TuneUp Software
2014-01-24 19:23 - 2014-02-19 09:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-01-24 19:23 - 2014-01-25 13:09 - 00000000 ____D () C:\Users\Paul\AppData\Local\Avg2014
2014-01-24 19:23 - 2014-01-24 19:23 - 00000000 ____D () C:\Users\Paul\AppData\Local\MFAData
2014-01-24 19:22 - 2014-01-24 19:23 - 04436944 _____ (AVG Technologies) C:\Users\Paul\Downloads\avg_free_stb_all_2014_4259_cnet.exe
2014-01-24 19:21 - 2014-02-17 08:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-24 19:21 - 2014-02-16 22:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-24 19:21 - 2014-01-24 19:22 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Mozilla
2014-01-24 19:21 - 2014-01-24 19:22 - 00000000 ____D () C:\Users\Paul\AppData\Local\Mozilla
2014-01-24 19:21 - 2014-01-24 19:21 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-24 19:21 - 2012-06-02 22:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-01-24 19:21 - 2012-06-02 22:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-01-24 19:21 - 2012-06-02 22:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-01-24 19:21 - 2012-06-02 22:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-01-24 19:21 - 2012-06-02 22:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-01-24 19:21 - 2012-06-02 22:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-01-24 19:21 - 2012-06-02 22:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-01-24 19:20 - 2014-01-24 19:20 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Macromedia
2014-01-24 19:20 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-01-24 19:20 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-01-24 19:18 - 2014-01-24 19:18 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\ATI
2014-01-24 19:18 - 2014-01-24 19:18 - 00000000 ____D () C:\Users\Paul\AppData\Local\ATI
2014-01-24 19:18 - 2014-01-24 19:18 - 00000000 ____D () C:\ProgramData\ATI
2014-01-24 19:17 - 2014-02-15 10:43 - 00128704 _____ () C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-24 19:17 - 2014-01-24 19:17 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Intel Corporation
2014-01-24 19:16 - 2014-01-31 15:16 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Adobe
2014-01-24 19:16 - 2014-01-25 14:29 - 00001415 _____ () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-24 19:16 - 2014-01-25 14:29 - 00000000 ___RD () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-24 19:16 - 2014-01-25 14:29 - 00000000 ___RD () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-24 19:16 - 2014-01-24 19:16 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Creative
2014-01-24 19:15 - 2014-01-24 19:15 - 00000000 ____D () C:\Users\Paul\AppData\Local\VirtualStore
2014-01-24 19:14 - 2014-01-24 19:16 - 00000000 ____D () C:\Users\Paul
2014-01-24 19:14 - 2014-01-24 19:14 - 00000020 ___SH () C:\Users\Paul\ntuser.ini
2014-01-24 19:14 - 2014-01-24 19:14 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Intel
2014-01-24 19:14 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-24 19:14 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

2014-02-19 15:06 - 2014-02-19 15:06 - 00016730 _____ () C:\Users\Paul\Desktop\FRST.txt
2014-02-19 15:06 - 2014-02-19 15:06 - 00000000 ____D () C:\FRST
2014-02-19 15:06 - 2009-07-14 04:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 15:06 - 2009-07-14 04:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 15:03 - 2014-01-25 14:46 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2014-02-19 15:01 - 2014-02-19 15:01 - 02153472 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-02-19 15:00 - 2014-02-19 15:00 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2014-02-19 14:09 - 2014-01-10 06:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 14:08 - 2014-02-19 14:08 - 00027993 _____ () C:\Users\Paul\Desktop\dds.txt
2014-02-19 14:08 - 2014-02-19 14:08 - 00008543 _____ () C:\Users\Paul\Desktop\attach.txt
2014-02-19 14:05 - 2014-01-10 07:57 - 01870000 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 14:04 - 2014-02-19 14:04 - 00688992 ____R (Swearware) C:\Users\Paul\Desktop\dds.scr
2014-02-19 14:04 - 2014-02-19 14:03 - 00688992 _____ (Swearware) C:\Users\Paul\Downloads\dds.scr
2014-02-19 11:47 - 2014-01-10 06:11 - 00000000 ____D () C:\ProgramData\Intel
2014-02-19 11:45 - 2009-07-14 05:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-19 11:41 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-19 11:41 - 2009-07-14 04:51 - 00208479 _____ () C:\Windows\setupact.log
2014-02-19 11:41 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Registration
2014-02-19 09:00 - 2014-01-24 19:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-19 08:57 - 2014-01-24 19:25 - 00000808 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-18 14:54 - 2014-02-18 14:54 - 00002012 _____ () C:\Users\Public\Desktop\Intel® WiDi.lnk
2014-02-18 14:54 - 2014-02-18 14:52 - 00026355 _____ () C:\Users\Paul\AppData\Local\WiDiSetupLog.20140218.145231.wdl
2014-02-18 14:54 - 2014-01-10 06:27 - 00003864 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2
2014-02-18 14:54 - 2014-01-10 06:27 - 00003616 _____ () C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon
2014-02-18 14:53 - 2014-01-10 06:25 - 00000000 ____D () C:\Program Files\Intel Corporation
2014-02-18 14:13 - 2014-02-18 14:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-02-17 08:01 - 2009-07-14 04:45 - 02419544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-17 08:00 - 2014-01-24 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 22:57 - 2014-01-25 13:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 22:55 - 2014-01-25 13:39 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 22:55 - 2014-01-24 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 22:54 - 2014-01-25 13:00 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Spotify
2014-02-16 22:12 - 2014-02-16 22:12 - 00000000 ____D () C:\Users\Paul\AppData\Local\CrashDumps
2014-02-16 15:54 - 2014-02-16 15:54 - 00000000 ____D () C:\Users\Paul\Documents\Dell WebCam Central
2014-02-16 15:54 - 2014-02-16 15:54 - 00000000 ____D () C:\ProgramData\Creative
2014-02-16 11:13 - 2014-02-16 11:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-15 10:43 - 2014-01-24 19:17 - 00128704 _____ () C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 04:02 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 03:05 - 2011-02-10 14:33 - 00767916 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-13 21:04 - 2014-02-13 21:04 - 05058758 _____ () C:\Users\Paul\Downloads\Swirl_Flower_Vector_1_by_T_2_M.eps
2014-02-13 15:01 - 2014-01-10 06:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-13 15:01 - 2014-01-10 06:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-13 15:01 - 2014-01-10 06:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-09 20:55 - 2014-02-08 13:12 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-08 14:37 - 2014-02-08 14:37 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\LavasoftStatistics
2014-02-08 14:31 - 2014-02-08 14:31 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Malwarebytes
2014-02-08 14:30 - 2014-02-08 14:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 14:29 - 2014-02-08 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-08 14:19 - 2014-02-08 14:19 - 01727624 _____ () C:\Users\Paul\Downloads\Adaware_Installer.exe
2014-02-08 14:19 - 2014-02-08 14:19 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-08 13:26 - 2014-01-25 13:01 - 00000000 ____D () C:\Users\Paul\AppData\Local\Spotify
2014-02-08 13:12 - 2014-02-08 13:08 - 00000000 ____D () C:\Users\Paul\AppData\Local\AVG SafeGuard toolbar
2014-02-08 13:12 - 2014-02-08 13:05 - 00003743 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-02-08 13:05 - 2014-02-08 13:05 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-02-08 13:05 - 2014-02-08 13:05 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-02-08 13:05 - 2014-02-08 13:05 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-02-06 12:16 - 2014-02-14 03:01 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:30 - 2014-02-14 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:30 - 2014-02-14 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 - 2014-02-14 03:01 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 11:07 - 2014-02-14 03:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:06 - 2014-02-14 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-14 03:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:56 - 2014-02-14 03:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:52 - 2014-02-14 03:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:49 - 2014-02-14 03:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:48 - 2014-02-14 03:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:48 - 2014-02-14 03:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:38 - 2014-02-14 03:01 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 10:32 - 2014-02-14 03:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:20 - 2014-02-14 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 10:17 - 2014-02-14 03:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:11 - 2014-02-14 03:01 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:01 - 2014-02-14 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 10:00 - 2014-02-14 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 09:57 - 2014-02-14 03:01 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 09:57 - 2014-02-14 03:01 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 09:52 - 2014-02-14 03:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 09:52 - 2014-02-14 03:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 09:50 - 2014-02-14 03:01 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 09:49 - 2014-02-14 03:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 09:47 - 2014-02-14 03:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 09:46 - 2014-02-14 03:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 09:25 - 2014-02-14 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 09:25 - 2014-02-14 03:01 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 09:24 - 2014-02-14 03:01 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:22 - 2014-02-14 03:01 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:13 - 2014-02-14 03:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 09:09 - 2014-02-14 03:01 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 09:03 - 2014-02-14 03:01 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 08:55 - 2014-02-14 03:01 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 08:41 - 2014-02-14 03:01 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 08:40 - 2014-02-14 03:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 08:36 - 2014-02-14 03:01 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 08:34 - 2014-02-14 03:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-31 19:44 - 2014-01-25 12:59 - 00000000 ____D () C:\Users\Paul\AppData\Local\Adobe
2014-01-31 15:16 - 2014-01-24 19:16 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Adobe
2014-01-30 19:58 - 2014-01-26 16:27 - 00000000 ____D () C:\Users\Paul\Documents\Hanka CV
2014-01-29 13:50 - 2014-01-29 13:50 - 01977432 _____ () C:\Users\Paul\Downloads\winrar-x64-501.exe
2014-01-29 13:50 - 2014-01-29 13:50 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\WinRAR
2014-01-29 13:50 - 2014-01-29 13:50 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-29 13:50 - 2014-01-29 13:50 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-26 19:40 - 2014-01-26 16:18 - 00000000 ____D () C:\Users\Paul\AppData\Local\CutePDF Writer
2014-01-26 16:30 - 2014-01-26 16:30 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-01-26 16:29 - 2014-01-24 19:25 - 00000000 ____D () C:\Paul
2014-01-26 16:19 - 2014-01-10 06:32 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-26 16:17 - 2014-01-26 16:17 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-01-26 16:17 - 2014-01-26 16:17 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-01-26 16:16 - 2014-01-26 16:16 - 02003672 _____ (Acro Software Inc. ) C:\Users\Paul\Downloads\CuteWriter.exe
2014-01-26 14:34 - 2014-01-26 14:34 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-26 14:33 - 2014-01-10 06:31 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-26 14:31 - 2014-01-26 14:31 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-01-26 14:29 - 2014-01-25 13:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-26 14:28 - 2014-01-26 14:28 - 00003230 _____ () C:\Windows\System32\Tasks\{A13BEC07-D927-4325-8A52-8A8F3E7D0C9E}
2014-01-26 14:26 - 2014-01-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-01-26 14:22 - 2009-07-14 02:34 - 00000510 _____ () C:\Windows\win.ini
2014-01-25 17:10 - 2014-01-25 13:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-01-25 17:07 - 2014-01-25 17:07 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-01-25 17:07 - 2014-01-25 17:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-25 14:46 - 2014-01-25 14:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-25 14:46 - 2014-01-25 14:46 - 00000000 ____D () C:\Users\Paul\AppData\Local\Skype
2014-01-25 14:46 - 2014-01-25 14:46 - 00000000 ____D () C:\ProgramData\Skype
2014-01-25 14:44 - 2014-01-25 14:44 - 01659552 _____ (Skype Technologies S.A.) C:\Users\Paul\Downloads\SkypeSetup.exe
2014-01-25 14:29 - 2014-01-24 19:16 - 00001415 _____ () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-25 14:29 - 2014-01-24 19:16 - 00000000 ___RD () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 14:29 - 2014-01-24 19:16 - 00000000 ___RD () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-25 14:08 - 2010-11-21 07:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-01-25 14:08 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-01-25 14:08 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-01-25 14:08 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-25 14:08 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-01-25 14:03 - 2014-01-25 13:59 - 00009014 _____ () C:\Windows\IE11_main.log
2014-01-25 14:01 - 2014-01-25 14:01 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-25 14:01 - 2014-01-25 14:01 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-25 14:01 - 2014-01-25 14:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-25 14:01 - 2014-01-25 14:01 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-25 14:01 - 2014-01-25 14:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-25 14:01 - 2014-01-25 14:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-25 14:01 - 2014-01-25 14:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-25 14:01 - 2014-01-25 14:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-25 14:00 - 2014-01-25 14:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-25 14:00 - 2014-01-25 14:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-25 14:00 - 2014-01-25 14:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-25 14:00 - 2014-01-25 14:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-25 14:00 - 2014-01-25 14:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-25 13:49 - 2014-01-25 13:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-01-25 13:49 - 2010-11-21 07:17 - 00000000 ____D () C:\Windows\ShellNew
2014-01-25 13:49 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-01-25 13:48 - 2014-01-25 13:48 - 00000000 ____D () C:\Windows\PCHEALTH
2014-01-25 13:48 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-25 13:45 - 2014-01-25 13:45 - 00000000 __RHD () C:\MSOCache
2014-01-25 13:45 - 2014-01-25 13:45 - 00000000 ____D () C:\Users\Paul\AppData\Local\Microsoft Help
2014-01-25 13:45 - 2014-01-25 13:45 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-01-25 13:45 - 2014-01-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-01-25 13:09 - 2014-01-24 19:23 - 00000000 ____D () C:\Users\Paul\AppData\Local\Avg2014
2014-01-25 13:01 - 2014-01-25 13:01 - 00001750 _____ () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-01-25 13:00 - 2014-01-25 13:00 - 00127080 _____ (Spotify Ltd) C:\Users\Paul\Downloads\SpotifySetup.exe
2014-01-25 13:00 - 2014-01-25 13:00 - 00000000 ____D () C:\Users\Paul\AppData\Local\Macromedia
2014-01-24 19:32 - 2014-01-10 06:32 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-24 19:32 - 2011-02-10 14:25 - 00000000 ____D () C:\dell
2014-01-24 19:32 - 2010-11-21 03:47 - 00171612 _____ () C:\Windows\PFRO.log
2014-01-24 19:26 - 2014-01-24 19:26 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\AVG2014
2014-01-24 19:26 - 2014-01-24 19:25 - 00000000 ____D () C:\ProgramData\AVG2014
2014-01-24 19:25 - 2014-01-24 19:25 - 00000000 ___HD () C:\$AVG
2014-01-24 19:25 - 2014-01-24 19:25 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\TuneUp Software
2014-01-24 19:23 - 2014-01-24 19:23 - 00000000 ____D () C:\Users\Paul\AppData\Local\MFAData
2014-01-24 19:23 - 2014-01-24 19:22 - 04436944 _____ (AVG Technologies) C:\Users\Paul\Downloads\avg_free_stb_all_2014_4259_cnet.exe
2014-01-24 19:22 - 2014-01-24 19:21 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Mozilla
2014-01-24 19:22 - 2014-01-24 19:21 - 00000000 ____D () C:\Users\Paul\AppData\Local\Mozilla
2014-01-24 19:21 - 2014-01-24 19:21 - 00000000 ____D () C:\ProgramData\Mozilla
2014-01-24 19:20 - 2014-01-24 19:20 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Macromedia
2014-01-24 19:18 - 2014-01-24 19:18 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\ATI
2014-01-24 19:18 - 2014-01-24 19:18 - 00000000 ____D () C:\Users\Paul\AppData\Local\ATI
2014-01-24 19:18 - 2014-01-24 19:18 - 00000000 ____D () C:\ProgramData\ATI
2014-01-24 19:17 - 2014-01-24 19:17 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Intel Corporation
2014-01-24 19:16 - 2014-01-24 19:16 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Creative
2014-01-24 19:16 - 2014-01-24 19:14 - 00000000 ____D () C:\Users\Paul
2014-01-24 19:16 - 2014-01-10 06:13 - 00000000 ____D () C:\ProgramData\Dell
2014-01-24 19:15 - 2014-01-24 19:15 - 00000000 ____D () C:\Users\Paul\AppData\Local\VirtualStore
2014-01-24 19:14 - 2014-01-24 19:14 - 00000020 ___SH () C:\Users\Paul\ntuser.ini
2014-01-24 19:14 - 2014-01-24 19:14 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Intel

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 12:55

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Results of Search.txt

 

Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by Paul at 2014-02-19 15:13:46
Running from C:\Users\Paul\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-21 03:24] - [2010-11-21 03:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\System32\rpcss.dll
[2010-11-21 03:24] - [2010-11-21 03:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

====== End Of Search ======

Link to post
Share on other sites

mmm those logs are clean, ok we continue...

 

Run the following in the order given and post the produced logs....

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

 

Please Update and run a Full scan

 

Make sure that everything is checked, and click Remove Selected on any found items. Post that log..

 

Next,

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Kevin....
Link to post
Share on other sites

Kevin, thanks again, I appreciate the help.

 

I've pasted the following logs below:

AdwCleaner[s0].txt

JRT.txt

Malwarebytes log

RogueKiller log

 

Like I said previously, the issues haven't occurred for the past couple of days. I don't want to take up anymore of your time unecessarily, especially if these logs don't appear to show any discrepancies. So if you agree I'll wait till there's a sign of the problem occurring again before I report back.

 

Thanks again for all your help.

 

Paul

 

 

 

AdwCleaner[s0].txt

 

# AdwCleaner v3.019 - Report created 19/02/2014 at 19:41:29
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Paul - PAUL-PC
# Running from : C:\Users\Paul\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Paul\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Paul\AppData\LocalLow\AVG SafeGuard toolbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\44s4pe52.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5584 octets] - [19/02/2014 19:37:29]
AdwCleaner[s0].txt - [5392 octets] - [19/02/2014 19:41:29]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5452 octets] ##########
 

 

 

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by Paul on 19/02/2014 at 19:48:37.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\44s4pe52.default\prefs.js


Emptied folder: C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\44s4pe52.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/02/2014 at 19:53:49.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Malwarebytes log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Paul :: PAUL-PC [administrator]

19/02/2014 19:56:45
mbam-log-2014-02-19 (19-56-45).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 337428
Time elapsed: 25 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

RogueKiller log

 

RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Scan -- Date : 02/19/2014 20:26:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Paul\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=23c79cfbbb3747d2906665ff302b09d2-67b71d32077a9990244bc6d51daadb85d9983b94 /CMPID=1213b [x][x]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0214c (C:\Users\Paul\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=23c79cfbbb3747d2906665ff302b09d2-67b71d32077a9990244bc6d51daadb85d9983b94 /CMPID=0214c [x][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1223212686-861896596-2721690173-1000\[...]\Run : AVG-Secure-Search-Update_1213b (C:\Users\Paul\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=23c79cfbbb3747d2906665ff302b09d2-67b71d32077a9990244bc6d51daadb85d9983b94 /CMPID=1213b [x][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1223212686-861896596-2721690173-1000\[...]\Run : AVG-Secure-Search-Update_0214c (C:\Users\Paul\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=23c79cfbbb3747d2906665ff302b09d2-67b71d32077a9990244bc6d51daadb85d9983b94 /CMPID=0214c [x][x]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST500LM0 ST500LM000-1EJ16 SCSI Disk Device +++++
--- User ---
[MBR] ed004c3d2888dabb3172ea87a06bb6f1
[bSP] 69d51087683e808d28659083c3508624 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 8942 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 18395136 | Size: 467957 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x18] The program issued a command but the command length is incorrect. )

Finished : << RKreport[0]_S_02192014_202625.txt >>

Link to post
Share on other sites

Yep logs are OK, no obvious malware or infection..  The initial issue you mention has been very active recently and the fault has always been the same, a patched rpcss.dll file. That is why I asked for a search after the FRST scans.

 

Before we decide to call this done i`d like to see a log from an online AV scan, this will be very thorough so will also take several hours to complete..... Let me know what you think, maybe run it overnight? 

 

I give instructions as follows...

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Kevin.... ;)

Link to post
Share on other sites

Kevin, I've just had a chance to run the Eset Online Scanner with a single threat found, I copied the log below.

 

C:\Users\Paul\Downloads\CuteWriter.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

 

 

So it looks like, apart from that file, the laptop is all clean?

 

Thanks very much for your help on this.

 

Paul

Link to post
Share on other sites

Yep all logs are clean.. Do the following:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, you can delete that log if successful, we do not need to see it

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


  •  

       


  • Remove disinfection tools

     

     



 

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any tools logs remaining on your Desktop or downloads folder can be deleted...

 

Let me know if those steps complete, if no remaining issues/concerns are we ok to close out...

 

Kevin..

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.