baldyj Posted May 23, 2014 ID:833490 Share Posted May 23, 2014 Hello, MBAM and SpyBot scans of my system return with no problems found; nonetheless, SearchAssist continues to annoy. Any help would be appreciated! Here, I'll post the results of my Farbar scan. Due to the excessive length of the FRST and Addition logs, I'll have to post them in pieces. I'll post the FRST log here, therefore. [FRST.txt log, PART 1 OF 3:] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014Ran by J (administrator) on ADOLF on 23-05-2014 08:54:10Running from C:\Users\J\DesktopPlatform: Windows 8.1 (Update 1) (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe(Sendori) C:\Program Files (x86)\PureLeads\plsapp.exe(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(AMD) C:\Windows\System32\atieclxx.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(sendori) C:\Program Files (x86)\PureLeads\PureLeads.Service.exe(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Windows\splwow64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [ACSW15EN] => C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe [1135304 2012-12-17] (ACD Systems)HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)HKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)HKU\S-1-5-21-3521255599-543702034-1577723873-1001\...\Run: [CAHeadless] => c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-15] (Adobe Systems Incorporated)HKU\S-1-5-21-3521255599-543702034-1577723873-1001\...\RunOnce: [VLCPlayer] - cmd /A /C rd /S /Q "C:\Users\J\AppData\Local\VLCPlayer"HKU\S-1-5-21-3521255599-543702034-1577723873-1001\...\MountPoints2: {30e561c4-9980-11e3-beca-902b34e22353} - "J:\LaunchU3.exe" -aSSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)GroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1006\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1005\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1004\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {68765B4E-2BE1-4DD1-BC44-6BDE604C9B2A} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)Winsock: Catalog9-x64 01 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)Winsock: Catalog9-x64 02 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)Winsock: Catalog9-x64 03 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)Winsock: Catalog9-x64 04 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)Winsock: Catalog9-x64 15 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox Chrome: =======CHR HomePage: about:TabsCHR RestoreOnStartup: "https://mail.google.com/mail/u/0/#inbox"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-19]CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-19]CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-19]CHR Extension: (ZenMate) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-03-24]CHR Extension: (The Camelizer - Amazon Price Tracker) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2013-01-27]CHR Extension: (Hola Better Internet) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-03-31]CHR Extension: (Fast Search for eBay) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjajclaocdighkjplbekkofpmdbcjghf [2013-01-27]CHR Extension: (InvisibleHand) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2013-01-06]CHR Extension: (Boomerang for Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2013-06-25]CHR Extension: (Amazon Price Tracker - Keepa.com) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2013-01-27]CHR Extension: (Google Wallet) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR Extension: (Adblock Pro) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2013-12-22]CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-19]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)R2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-24] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-23] (Malwarebytes Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-24] (Microsoft Corporation)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-23 08:54 - 2014-05-23 08:54 - 00020349 _____ () C:\Users\J\Desktop\FRST.txt2014-05-23 08:54 - 2014-05-23 08:54 - 00000000 ____D () C:\FRST2014-05-23 08:49 - 2014-05-23 08:49 - 02067456 _____ (Farbar) C:\Users\J\Desktop\FRST64.exe2014-05-22 18:57 - 2014-05-22 18:57 - 01641542 _____ () C:\Users\J\Desktop\20140508_073507_372_000013.flv2014-05-21 19:42 - 2014-05-21 19:42 - 00634116 _____ () C:\Users\J\Desktop\points.pptx2014-05-21 17:57 - 2014-05-21 18:00 - 00000000 ____D () C:\Users\J\Desktop\Grade_Appeal2014-05-21 17:57 - 2014-05-21 17:57 - 01701183 _____ () C:\Users\J\Desktop\Grade_Appeal.zip2014-05-21 08:22 - 2014-05-21 08:22 - 09248166 _____ () C:\Users\J\Desktop\Amtrak Route Atlas.psd2014-05-17 21:41 - 2014-05-21 10:09 - 00000000 ____D () C:\Users\J\Desktop\Shirt2014-05-14 10:24 - 2014-05-22 20:30 - 00006082 _____ () C:\WINDOWS\PFRO.log2014-05-14 09:51 - 2014-05-14 09:51 - 02289421 _____ () C:\Users\J\Desktop\choo-choo-test3.mp42014-05-14 09:48 - 2014-05-14 09:48 - 00004535 _____ () C:\Users\J\AppData\Roaming\CamStudio.cfg2014-05-14 09:48 - 2014-05-14 09:48 - 00000408 _____ () C:\Users\J\AppData\Roaming\CamShapes.ini2014-05-14 09:48 - 2014-05-14 09:48 - 00000408 _____ () C:\Users\J\AppData\Roaming\CamLayout.ini2014-05-14 09:48 - 2014-05-14 09:48 - 00000046 _____ () C:\Users\J\AppData\Roaming\Camdata.ini2014-05-14 09:46 - 2014-05-14 09:48 - 00000000 ____D () C:\Users\J\Documents\My CamStudio Temp Files2014-05-14 09:45 - 2014-05-14 09:45 - 00000096 _____ () C:\Users\J\AppData\Roaming\version2.xml2014-05-14 09:44 - 2014-05-14 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.72014-05-14 09:44 - 2014-05-14 09:44 - 00000000 ____D () C:\Program Files\CamStudio 2.72014-05-14 09:33 - 2014-05-14 09:34 - 02285515 _____ () C:\Users\J\Desktop\choo-choo-test2.mp42014-05-14 09:20 - 2014-05-14 09:22 - 00000000 ____D () C:\Users\J\Desktop\video_text2014-05-14 09:20 - 2014-05-14 09:20 - 02286845 _____ () C:\Users\J\Desktop\choo-choo-test.mp42014-05-14 08:29 - 2014-05-05 22:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-05-14 08:29 - 2014-05-05 21:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-05-14 08:29 - 2014-05-05 21:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-05-14 08:29 - 2014-05-05 20:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-05-14 08:29 - 2014-04-11 04:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll2014-05-14 08:29 - 2014-04-11 04:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-05-14 08:29 - 2014-04-11 02:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll2014-05-14 08:29 - 2014-04-11 00:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2014-05-14 08:29 - 2014-04-10 23:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-05-14 08:29 - 2014-04-10 23:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2014-05-14 08:29 - 2014-04-10 21:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll2014-05-14 08:29 - 2014-04-10 21:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-05-14 08:29 - 2014-04-10 21:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-05-14 08:29 - 2014-04-10 21:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2014-05-14 08:29 - 2014-04-10 21:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-05-14 08:29 - 2014-04-10 21:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2014-05-14 08:29 - 2014-04-10 21:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-05-14 08:29 - 2014-04-10 21:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2014-05-14 08:29 - 2014-04-10 21:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2014-05-14 08:29 - 2014-04-10 21:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-05-14 08:29 - 2014-04-10 20:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-05-14 08:29 - 2014-04-10 20:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll2014-05-14 08:29 - 2014-04-10 20:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2014-05-14 08:29 - 2014-04-10 20:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-05-14 08:29 - 2014-04-10 20:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-05-14 08:29 - 2014-04-10 20:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-05-14 08:29 - 2014-04-10 20:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2014-05-14 08:29 - 2014-04-10 20:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll2014-05-14 08:29 - 2014-04-10 20:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-05-14 08:29 - 2014-04-10 20:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll2014-05-14 08:29 - 2014-04-10 20:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-05-14 08:29 - 2014-03-23 20:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys2014-05-14 08:29 - 2014-03-23 20:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys2014-05-14 08:29 - 2014-03-23 20:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys2014-05-14 08:29 - 2014-03-13 01:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe2014-05-14 08:29 - 2014-03-13 00:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe2014-05-14 08:27 - 2014-04-08 16:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll2014-05-14 08:27 - 2014-04-08 16:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll2014-05-14 08:27 - 2014-04-08 12:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll2014-05-14 08:27 - 2014-04-08 12:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll2014-05-14 08:27 - 2014-03-27 03:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-05-14 08:27 - 2014-03-27 01:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-05-11 20:05 - 2014-05-11 20:05 - 00000000 ____D () C:\ProgramData\PureLeads2014-05-11 20:05 - 2014-05-11 20:05 - 00000000 ____D () C:\PROGRAM12014-05-11 20:05 - 2014-05-11 20:05 - 00000000 ____D () C:\Program Files (x86)\PureLeads2014-05-11 20:05 - 2014-01-23 17:12 - 00354592 _____ (Sendori) C:\WINDOWS\SysWOW64\plsapp.dll2014-05-11 20:05 - 2013-11-13 21:41 - 00439296 _____ (Sendori) C:\WINDOWS\system32\plsapp64.dll2014-05-11 20:04 - 2014-05-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader2014-05-08 16:34 - 2014-05-20 14:34 - 00003176 _____ () C:\WINDOWS\setupact.log2014-05-08 16:34 - 2014-05-08 16:34 - 00000000 _____ () C:\WINDOWS\setuperr.log2014-05-07 18:26 - 2014-05-20 18:59 - 00000000 ____D () C:\Users\J\Desktop\~combined_rubrics-papers2014-05-07 13:33 - 2014-05-07 13:33 - 00000000 ____D () C:\Users\J\AppData\Local\Foxit Reader2014-05-07 07:20 - 2014-05-07 07:36 - 00000000 ____D () C:\Users\J\Desktop\Up Series Paper Download May 7, 2014 720 AM2014-05-06 18:14 - 2014-05-06 21:11 - 00000000 ____D () C:\Users\J\AppData\Roaming\ImgBurn2014-05-06 17:51 - 2014-05-06 17:51 - 00001851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk2014-05-06 17:51 - 2014-05-06 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn2014-05-06 17:51 - 2014-05-06 17:51 - 00000000 ____D () C:\Program Files (x86)\ImgBurn2014-05-03 22:48 - 2014-05-23 08:35 - 01386684 _____ () C:\WINDOWS\WindowsUpdate.log2014-05-03 12:22 - 2014-05-03 12:22 - 00000000 ____D () C:\WINDOWS\SysWOW64\%SystemDrive%2014-05-02 06:25 - 2014-05-02 06:25 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb2014-05-02 06:24 - 2014-05-02 06:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb2014-05-01 22:44 - 2014-05-01 22:44 - 00000000 ____D () C:\Users\Adrienne\AppData\Roaming\Foxit Software2014-05-01 17:30 - 2014-05-02 07:43 - 10144179 _____ () C:\Users\Adrienne\Desktop\Carl's ABCedario final.pptx2014-05-01 15:15 - 2014-05-04 15:39 - 00000000 ___RD () C:\Users\Adrienne\OneDrive2014-04-30 16:51 - 2014-04-30 16:51 - 02346942 _____ () C:\Users\August\Downloads\TechnicLauncher.exe2014-04-29 09:35 - 2014-04-29 09:35 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll2014-04-29 09:35 - 2014-04-29 09:35 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll2014-04-29 09:29 - 2014-04-29 09:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe2014-04-29 09:29 - 2014-04-29 09:29 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll2014-04-29 09:29 - 2014-04-29 09:29 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll2014-04-29 09:29 - 2014-04-29 09:29 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll2014-04-29 09:29 - 2014-04-29 09:29 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll2014-04-29 09:28 - 2014-04-29 09:28 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2014-04-29 09:28 - 2014-04-29 09:28 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe2014-04-29 09:28 - 2014-04-29 09:28 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe2014-04-29 09:28 - 2014-04-29 09:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll2014-04-29 09:27 - 2014-04-29 09:27 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll2014-04-29 09:27 - 2014-04-29 09:27 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll2014-04-29 09:08 - 2014-02-22 09:41 - 02142976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2014-04-29 09:08 - 2014-02-22 06:15 - 04192768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-04-29 09:08 - 2014-02-22 05:30 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll2014-04-29 09:08 - 2014-02-22 05:00 - 05784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-04-29 09:08 - 2014-02-22 04:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll2014-04-29 09:08 - 2014-02-22 04:54 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-04-29 09:08 - 2014-02-22 04:36 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-04-29 09:08 - 2014-02-22 04:00 - 02043904 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-04-29 09:08 - 2014-02-22 03:39 - 13551104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-04-29 09:08 - 2014-02-22 03:33 - 11745792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-04-29 09:08 - 2014-02-22 03:33 - 01967104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-04-29 09:08 - 2014-02-22 03:11 - 02262016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-04-29 09:08 - 2014-02-22 02:49 - 01400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-04-29 09:08 - 2014-02-22 02:32 - 01789440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-04-29 09:08 - 2014-02-22 02:27 - 01143808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-04-29 09:08 - 2014-02-07 19:08 - 00139600 _____ () C:\WINDOWS\system32\systemsf.ebd2014-04-29 09:07 - 2014-02-22 08:52 - 00251504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powrprof.dll2014-04-29 09:07 - 2014-02-22 08:38 - 01077944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll2014-04-29 09:07 - 2014-02-22 08:25 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL2014-04-29 09:07 - 2014-02-22 08:18 - 00029912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserAccountBroker.exe2014-04-29 09:07 - 2014-02-22 08:04 - 00317584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll2014-04-29 09:07 - 2014-02-22 05:16 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clrhost.dll2014-04-29 09:07 - 2014-02-22 05:09 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe2014-04-29 09:07 - 2014-02-22 05:07 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll2014-04-29 09:07 - 2014-02-22 04:03 - 02544128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll2014-04-29 09:07 - 2014-02-22 03:36 - 01392640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe2014-04-29 09:07 - 2014-02-22 03:36 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WLanConn.dll2014-04-29 09:07 - 2014-02-22 03:32 - 01162752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll2014-04-29 09:07 - 2014-02-22 03:14 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll2014-04-29 09:07 - 2014-02-22 03:02 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll2014-04-29 09:07 - 2014-02-22 03:00 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll2014-04-29 09:07 - 2014-02-22 02:43 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll2014-04-29 09:07 - 2014-02-22 02:42 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WlanMM.dll2014-04-29 09:07 - 2014-02-22 02:39 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe2014-04-29 09:07 - 2014-02-22 02:38 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl2014-04-29 09:07 - 2014-02-02 07:33 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll2014-04-29 09:07 - 2014-01-29 01:44 - 01369736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll2014-04-29 09:07 - 2013-11-27 03:20 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\finger.exe2014-04-29 09:07 - 2013-11-27 02:56 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll2014-04-29 09:06 - 2014-02-22 08:42 - 01017936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2014-04-29 09:06 - 2014-02-22 08:42 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll2014-04-29 09:06 - 2014-02-22 08:38 - 00089848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll2014-04-29 09:06 - 2014-02-22 08:18 - 00477744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll2014-04-29 09:06 - 2014-02-22 08:18 - 00089848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe2014-04-29 09:06 - 2014-02-22 08:04 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll2014-04-29 09:06 - 2014-02-22 08:04 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll2014-04-29 09:06 - 2014-02-22 05:25 - 00008192 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-ntuser-private-l1-1-1.dll2014-04-29 09:06 - 2014-02-22 05:25 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-ntuser-private-l1-1-0.dll2014-04-29 09:06 - 2014-02-22 05:24 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SSShim.dll2014-04-29 09:06 - 2014-02-22 05:24 - 00005632 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-session-winsta-l1-1-0.dll2014-04-29 09:06 - 2014-02-22 05:24 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-networking-wcmapi-l1-1-0.dll2014-04-29 09:06 - 2014-02-22 05:24 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-kernel32-package-l1-1-1.dll2014-04-29 09:06 - 2014-02-22 05:13 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll2014-04-29 09:06 - 2014-02-22 05:11 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll2014-04-29 09:06 - 2014-02-22 05:06 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll2014-04-29 09:06 - 2014-02-22 05:05 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll2014-04-29 09:06 - 2014-02-22 04:59 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ocsetapi.dll2014-04-29 09:06 - 2014-02-22 04:53 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PkgMgr.exe2014-04-29 09:06 - 2014-02-22 04:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll2014-04-29 09:06 - 2014-02-22 04:14 - 02165760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll2014-04-29 09:06 - 2014-02-22 04:13 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll2014-04-29 09:06 - 2014-02-22 04:12 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwizeng.dll2014-04-29 09:06 - 2014-02-22 04:02 - 08946688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll2014-04-29 09:06 - 2014-02-22 03:36 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll2014-04-29 09:06 - 2014-02-22 03:31 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll2014-04-29 09:06 - 2014-02-22 03:28 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll2014-04-29 09:06 - 2014-02-22 03:26 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe2014-04-29 09:06 - 2014-02-22 03:19 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll2014-04-29 09:06 - 2014-02-22 03:16 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxshared.dll2014-04-29 09:06 - 2014-02-22 03:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll2014-04-29 09:06 - 2014-02-22 02:55 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slpts.dll2014-04-29 09:06 - 2014-02-22 02:54 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll2014-04-29 09:06 - 2014-02-22 02:51 - 01258496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RacEngn.dll2014-04-29 09:06 - 2014-02-22 02:47 - 00517120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe2014-04-29 09:06 - 2014-02-22 02:45 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll2014-04-29 09:06 - 2014-02-22 02:44 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll2014-04-29 09:06 - 2014-02-22 02:43 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll2014-04-29 09:06 - 2014-02-22 02:42 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll2014-04-29 09:06 - 2014-02-22 02:40 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll2014-04-29 09:06 - 2014-02-22 02:38 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll2014-04-29 09:06 - 2014-02-22 02:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll2014-04-29 09:06 - 2014-02-22 02:33 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll2014-04-29 09:06 - 2014-02-22 02:21 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll2014-04-29 09:06 - 2014-02-22 02:20 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll2014-04-29 09:06 - 2014-02-22 02:17 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll2014-04-29 09:06 - 2014-02-22 02:01 - 00978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll2014-04-29 09:06 - 2014-02-07 19:08 - 00100197 _____ () C:\WINDOWS\SysWOW64\RacRules.xml2014-04-29 09:06 - 2014-02-01 00:00 - 00011109 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms2014-04-29 09:06 - 2014-02-01 00:00 - 00007762 _____ () C:\WINDOWS\SysWOW64\connectedsearch-suggestions.searchconnector-ms2014-04-29 09:06 - 2014-02-01 00:00 - 00007130 _____ () C:\WINDOWS\SysWOW64\connectedsearch-zeroinput.searchconnector-ms2014-04-29 09:06 - 2014-01-31 05:11 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll2014-04-29 09:06 - 2014-01-31 03:35 - 03085824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll2014-04-29 09:06 - 2014-01-31 03:04 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll2014-04-29 09:06 - 2014-01-31 02:24 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll2014-04-29 09:06 - 2014-01-17 11:04 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll2014-04-29 09:06 - 2013-11-07 21:47 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv2014-04-29 09:05 - 2014-02-22 08:04 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll2014-04-29 09:05 - 2014-02-22 04:09 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll2014-04-29 09:04 - 2014-02-22 08:42 - 00422968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2014-04-29 09:04 - 2014-02-22 08:42 - 00410568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2014-04-29 09:04 - 2014-02-22 08:42 - 00369288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2014-04-29 09:04 - 2014-02-22 08:42 - 00137344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2014-04-29 09:04 - 2014-02-22 08:42 - 00098072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll [END of FRST.txt log, PART 1 OF 3] Link to post Share on other sites More sharing options...
baldyj Posted May 23, 2014 Author ID:833493 Share Posted May 23, 2014 [FRST.txt log, PART 2 OF 3:] 2014-04-29 09:04 - 2014-02-22 08:41 - 00033056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2014-04-29 09:04 - 2014-02-22 05:01 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe2014-04-29 09:04 - 2014-02-22 04:50 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\diskpart.exe2014-04-29 09:04 - 2014-02-22 04:47 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmdskmgr.dll2014-04-29 09:04 - 2014-02-22 04:47 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe2014-04-29 09:04 - 2014-02-22 04:44 - 02178048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-04-29 09:04 - 2014-02-22 04:40 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE2014-04-29 09:04 - 2014-02-22 04:25 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll2014-04-29 09:04 - 2014-02-22 04:17 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll2014-04-29 09:04 - 2014-02-22 04:09 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll2014-04-29 09:04 - 2014-02-22 04:01 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll2014-04-29 09:04 - 2014-02-22 03:54 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-04-29 09:04 - 2014-02-22 03:27 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll2014-04-29 09:04 - 2014-02-22 03:00 - 01341440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll2014-04-29 09:04 - 2014-02-22 02:49 - 08874496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll2014-04-29 09:04 - 2014-02-22 02:48 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll2014-04-29 09:04 - 2014-02-22 02:35 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-04-29 09:04 - 2014-02-22 02:29 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll2014-04-29 09:04 - 2014-02-22 02:24 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll2014-04-29 09:03 - 2014-02-22 08:38 - 00336232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll2014-04-29 09:03 - 2014-02-22 08:25 - 00180240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe2014-04-29 09:03 - 2014-02-22 08:18 - 00041320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe2014-04-29 09:03 - 2014-02-22 08:11 - 00490136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll2014-04-29 09:03 - 2014-02-22 08:04 - 01206000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll2014-04-29 09:03 - 2014-02-22 05:24 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe2014-04-29 09:03 - 2014-02-22 05:24 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe2014-04-29 09:03 - 2014-02-22 05:24 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe2014-04-29 09:03 - 2014-02-22 04:33 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll2014-04-29 09:03 - 2014-02-22 04:16 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srchadmin.dll2014-04-29 09:03 - 2014-02-22 04:16 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll2014-04-29 09:03 - 2014-02-22 04:04 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netid.dll2014-04-29 09:03 - 2014-02-22 04:02 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe2014-04-29 09:03 - 2014-02-22 04:01 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll2014-04-29 09:03 - 2014-02-22 04:00 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll2014-04-29 09:03 - 2014-02-22 03:46 - 00528896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll2014-04-29 09:03 - 2014-02-22 03:44 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll2014-04-29 09:03 - 2014-02-22 03:28 - 02643456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll2014-04-29 09:03 - 2014-02-22 03:25 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2014-04-29 09:03 - 2014-02-22 03:25 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbrand.dll2014-04-29 09:03 - 2014-02-22 03:23 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll2014-04-29 09:03 - 2014-02-22 03:22 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsku.dll2014-04-29 09:03 - 2014-02-22 03:19 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\korwbrkr.dll2014-04-29 09:03 - 2014-02-22 03:15 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe2014-04-29 09:03 - 2014-02-22 03:12 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DismApi.dll2014-04-29 09:03 - 2014-02-22 03:07 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll2014-04-29 09:03 - 2014-02-22 03:06 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2014-04-29 09:03 - 2014-02-22 02:58 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll2014-04-29 09:03 - 2014-02-22 02:53 - 00876544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll2014-04-29 09:03 - 2014-02-22 02:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll2014-04-29 09:03 - 2014-02-22 02:48 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll2014-04-29 09:03 - 2014-02-22 02:48 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll2014-04-29 09:03 - 2014-02-22 02:47 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll2014-04-29 09:03 - 2014-02-22 02:45 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe2014-04-29 09:03 - 2014-02-22 02:42 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll2014-04-29 09:03 - 2014-02-22 02:39 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll2014-04-29 09:03 - 2014-02-22 02:37 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll2014-04-29 09:03 - 2014-02-22 02:37 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe2014-04-29 09:03 - 2014-02-22 02:21 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmIndexer.dll2014-04-29 09:03 - 2014-02-22 02:17 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe2014-04-29 09:03 - 2014-02-22 02:03 - 01496576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll2014-04-29 09:03 - 2014-02-22 02:00 - 00514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe2014-04-29 09:03 - 2014-02-22 01:54 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll2014-04-29 09:03 - 2014-02-01 00:00 - 00002255 _____ () C:\WINDOWS\SysWOW64\WimBootCompress.ini2014-04-29 09:03 - 2014-01-31 03:08 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll2014-04-29 09:03 - 2013-12-04 07:53 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll2014-04-29 09:02 - 2014-02-22 08:52 - 01767440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll2014-04-29 09:02 - 2014-02-22 08:51 - 01063976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe2014-04-29 09:02 - 2014-02-22 08:51 - 00140456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll2014-04-29 09:02 - 2014-02-22 08:38 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll2014-04-29 09:02 - 2014-02-22 08:38 - 00506120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll2014-04-29 09:02 - 2014-02-22 08:08 - 01474104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2014-04-29 09:02 - 2014-02-22 08:08 - 00079496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll2014-04-29 09:02 - 2014-02-22 08:04 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2014-04-29 09:02 - 2014-02-22 08:04 - 01011280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll2014-04-29 09:02 - 2014-02-22 08:04 - 00650736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll2014-04-29 09:02 - 2014-02-22 08:04 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll2014-04-29 09:02 - 2014-02-22 05:28 - 02428928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll2014-04-29 09:02 - 2014-02-22 05:25 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\f3ahvoas.dll2014-04-29 09:02 - 2014-02-22 05:17 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OobeFldr.dll2014-04-29 09:02 - 2014-02-22 05:16 - 00617472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll2014-04-29 09:02 - 2014-02-22 05:15 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imm32.dll2014-04-29 09:02 - 2014-02-22 04:58 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2014-04-29 09:02 - 2014-02-22 04:57 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll2014-04-29 09:02 - 2014-02-22 04:57 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll2014-04-29 09:02 - 2014-02-22 04:38 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll2014-04-29 09:02 - 2014-02-22 04:33 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll2014-04-29 09:02 - 2014-02-22 04:32 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe2014-04-29 09:02 - 2014-02-22 04:30 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cleanmgr.exe2014-04-29 09:02 - 2014-02-22 04:21 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dfrgui.exe2014-04-29 09:02 - 2014-02-22 04:21 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll2014-04-29 09:02 - 2014-02-22 04:21 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll2014-04-29 09:02 - 2014-02-22 04:18 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2014-04-29 09:02 - 2014-02-22 04:17 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-04-29 09:02 - 2014-02-22 04:14 - 02811392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll2014-04-29 09:02 - 2014-02-22 04:03 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe2014-04-29 09:02 - 2014-02-22 03:55 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-04-29 09:02 - 2014-02-22 03:53 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll2014-04-29 09:02 - 2014-02-22 03:48 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl2014-04-29 09:02 - 2014-02-22 03:41 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll2014-04-29 09:02 - 2014-02-22 03:40 - 02537472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll2014-04-29 09:02 - 2014-02-22 03:40 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-04-29 09:02 - 2014-02-22 03:37 - 02220032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll2014-04-29 09:02 - 2014-02-22 03:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll2014-04-29 09:02 - 2014-02-22 03:29 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll2014-04-29 09:02 - 2014-02-22 03:28 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll2014-04-29 09:02 - 2014-02-22 03:27 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll2014-04-29 09:02 - 2014-02-22 03:26 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll2014-04-29 09:02 - 2014-02-22 03:23 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2014-04-29 09:02 - 2014-02-22 03:23 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll2014-04-29 09:02 - 2014-02-22 03:16 - 11776000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll2014-04-29 09:02 - 2014-02-22 03:08 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll2014-04-29 09:02 - 2014-02-22 03:07 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll2014-04-29 09:02 - 2014-02-22 03:06 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll2014-04-29 09:02 - 2014-02-22 03:04 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll2014-04-29 09:02 - 2014-02-22 02:59 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll2014-04-29 09:02 - 2014-02-22 02:59 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll2014-04-29 09:02 - 2014-02-22 02:43 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll2014-04-29 09:02 - 2014-02-22 02:39 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\provsvc.dll2014-04-29 09:02 - 2014-02-22 02:39 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl2014-04-29 09:02 - 2014-02-22 02:19 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll2014-04-29 09:02 - 2014-01-21 23:50 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll2014-04-29 09:02 - 2014-01-07 18:33 - 00552632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll2014-04-29 09:02 - 2013-12-04 08:19 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll2014-04-29 08:39 - 2014-02-22 10:00 - 00236888 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys2014-04-29 08:39 - 2014-02-22 10:00 - 00151384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys2014-04-29 08:39 - 2014-02-22 09:49 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys2014-04-29 08:39 - 2014-02-22 09:49 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS2014-04-29 08:39 - 2014-02-22 09:49 - 00189784 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS2014-04-29 08:39 - 2014-02-22 09:49 - 00148824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS2014-04-29 08:39 - 2014-02-22 09:49 - 00079192 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys2014-04-29 08:39 - 2014-02-22 09:48 - 01791752 ____C (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll2014-04-29 08:39 - 2014-02-22 09:44 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys2014-04-29 08:39 - 2014-02-22 06:11 - 00272896 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys2014-04-29 08:39 - 2014-02-22 06:07 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\clrhost.dll2014-04-29 08:39 - 2014-02-22 04:55 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrTasks.exe2014-04-29 08:39 - 2014-02-22 04:41 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe2014-04-29 08:39 - 2014-02-22 04:36 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll2014-04-29 08:39 - 2014-02-22 04:18 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll2014-04-29 08:39 - 2014-02-22 03:49 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll2014-04-29 08:39 - 2014-02-22 03:23 - 03494912 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll2014-04-29 08:39 - 2014-02-22 03:23 - 01576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll2014-04-29 08:39 - 2014-02-22 03:14 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll2014-04-29 08:39 - 2014-02-22 03:10 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll2014-04-29 08:39 - 2014-02-22 02:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll2014-04-29 08:39 - 2014-02-22 02:55 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll2014-04-29 08:39 - 2014-02-22 02:55 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll2014-04-29 08:39 - 2014-02-22 02:54 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll2014-04-29 08:39 - 2014-02-22 02:54 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe2014-04-29 08:39 - 2014-02-22 02:45 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe2014-04-29 08:39 - 2014-02-22 02:40 - 02368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll2014-04-29 08:39 - 2014-01-31 03:15 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll2014-04-29 08:39 - 2014-01-29 02:52 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys2014-04-29 08:39 - 2014-01-28 18:17 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll2014-04-29 08:38 - 2014-02-22 10:15 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\system32\powrprof.dll2014-04-29 08:38 - 2014-02-22 09:48 - 02574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL2014-04-29 08:38 - 2014-02-22 09:46 - 01445616 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll2014-04-29 08:38 - 2014-02-22 09:41 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll2014-04-29 08:38 - 2014-02-22 09:41 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll2014-04-29 08:38 - 2014-02-22 09:41 - 00372360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll2014-04-29 08:38 - 2014-02-22 06:22 - 01163264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll2014-04-29 08:38 - 2014-02-22 06:14 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\watchdog.sys2014-04-29 08:38 - 2014-02-22 06:07 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofUtil.dll2014-04-29 08:38 - 2014-02-22 06:00 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe2014-04-29 08:38 - 2014-02-22 05:57 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll2014-04-29 08:38 - 2014-02-22 05:47 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsdyn.dll2014-04-29 08:38 - 2014-02-22 05:47 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll2014-04-29 08:38 - 2014-02-22 05:32 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll2014-04-29 08:38 - 2014-02-22 05:16 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll2014-04-29 08:38 - 2014-02-22 04:59 - 01283584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe2014-04-29 08:38 - 2014-02-22 04:05 - 01757184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe2014-04-29 08:38 - 2014-02-22 04:04 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WLanConn.dll2014-04-29 08:38 - 2014-02-22 04:01 - 01227776 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll2014-04-29 08:38 - 2014-02-22 03:45 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe2014-04-29 08:38 - 2014-02-22 03:45 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe2014-04-29 08:38 - 2014-02-22 03:45 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll2014-04-29 08:38 - 2014-02-22 03:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll2014-04-29 08:38 - 2014-02-22 03:45 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll2014-04-29 08:38 - 2014-02-22 03:44 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\korwbrkr.dll2014-04-29 08:38 - 2014-02-22 03:35 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofTasks.dll2014-04-29 08:38 - 2014-02-22 03:26 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll2014-04-29 08:38 - 2014-02-22 03:24 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll2014-04-29 08:38 - 2014-02-22 03:19 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll2014-04-29 08:38 - 2014-02-22 03:18 - 00619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll2014-04-29 08:38 - 2014-02-22 03:07 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll2014-04-29 08:38 - 2014-02-22 02:59 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe2014-04-29 08:38 - 2014-02-22 02:48 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll2014-04-29 08:38 - 2014-02-22 02:47 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMM.dll2014-04-29 08:38 - 2014-02-22 02:47 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll2014-04-29 08:38 - 2014-02-22 02:31 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll2014-04-29 08:38 - 2014-02-22 02:06 - 01640960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll2014-04-29 08:38 - 2014-02-22 02:01 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe2014-04-29 08:38 - 2014-02-02 08:48 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll2014-04-29 08:38 - 2014-02-01 00:00 - 00002255 _____ () C:\WINDOWS\system32\WimBootCompress.ini2014-04-29 08:38 - 2014-01-29 02:53 - 01653352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll2014-04-29 08:38 - 2014-01-27 13:53 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll2014-04-29 08:37 - 2014-02-22 10:59 - 01519520 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2014-04-29 08:37 - 2014-02-22 10:59 - 01290688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2014-04-29 08:37 - 2014-02-22 10:59 - 00289752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll2014-04-29 08:37 - 2014-02-22 10:15 - 01929608 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll2014-04-29 08:37 - 2014-02-22 10:15 - 00188464 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe2014-04-29 08:37 - 2014-02-22 10:02 - 00083120 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhost.exe2014-04-29 08:37 - 2014-02-22 10:02 - 00080048 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostex.exe2014-04-29 08:37 - 2014-02-22 09:59 - 00027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe2014-04-29 08:37 - 2014-02-22 09:53 - 03394384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll2014-04-29 08:37 - 2014-02-22 09:50 - 00645104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll2014-04-29 08:37 - 2014-02-22 09:50 - 00032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserAccountBroker.exe2014-04-29 08:37 - 2014-02-22 09:49 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys2014-04-29 08:37 - 2014-02-22 09:43 - 00142576 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe2014-04-29 08:37 - 2014-02-22 06:08 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncui.dll2014-04-29 08:37 - 2014-02-22 06:03 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll2014-04-29 08:37 - 2014-02-22 05:08 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll2014-04-29 08:37 - 2014-02-22 05:03 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll2014-04-29 08:37 - 2014-02-22 04:58 - 00610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll2014-04-29 08:37 - 2014-02-22 04:56 - 02862592 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll2014-04-29 08:37 - 2014-02-22 04:56 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll2014-04-29 08:37 - 2014-02-22 04:41 - 02566656 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll2014-04-29 08:37 - 2014-02-22 04:29 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe2014-04-29 08:37 - 2014-02-22 04:14 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe2014-04-29 08:37 - 2014-02-22 04:08 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll2014-04-29 08:37 - 2014-02-22 03:57 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll2014-04-29 08:37 - 2014-02-22 03:35 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll2014-04-29 08:37 - 2014-02-22 03:26 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll2014-04-29 08:37 - 2014-02-22 03:23 - 00628224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll2014-04-29 08:37 - 2014-02-22 03:21 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll2014-04-29 08:37 - 2014-02-22 03:11 - 02395136 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll2014-04-29 08:37 - 2014-02-22 02:52 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll2014-04-29 08:37 - 2014-02-22 02:51 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll2014-04-29 08:37 - 2014-02-22 02:49 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll2014-04-29 08:37 - 2014-02-22 02:44 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll2014-04-29 08:37 - 2014-02-22 02:44 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl2014-04-29 08:37 - 2014-02-22 02:43 - 00469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe2014-04-29 08:37 - 2014-02-22 02:43 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll2014-04-29 08:37 - 2014-02-22 02:40 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll2014-04-29 08:37 - 2014-01-31 03:55 - 03596800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll2014-04-29 08:37 - 2014-01-27 05:45 - 00050053 _____ () C:\WINDOWS\system32\srms.dat2014-04-29 08:37 - 2014-01-17 11:24 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll2014-04-29 08:37 - 2013-11-27 03:47 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\finger.exe2014-04-29 08:37 - 2013-11-27 03:10 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll2014-04-29 08:36 - 2014-02-22 10:15 - 00071888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys2014-04-29 08:36 - 2014-02-22 10:02 - 00170952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll2014-04-29 08:36 - 2014-02-22 10:00 - 00590168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys2014-04-29 08:36 - 2014-02-22 09:55 - 01435304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll2014-04-29 08:36 - 2014-02-22 09:55 - 00244848 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll2014-04-29 08:36 - 2014-02-22 09:55 - 00162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe2014-04-29 08:36 - 2014-02-22 09:55 - 00131168 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe2014-04-29 08:36 - 2014-02-22 09:50 - 00258784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe2014-04-29 08:36 - 2014-02-22 06:20 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll2014-04-29 08:36 - 2014-02-22 05:57 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll2014-04-29 08:36 - 2014-02-22 05:54 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll2014-04-29 08:36 - 2014-02-22 05:50 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll2014-04-29 08:36 - 2014-02-22 05:46 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2014-04-29 08:36 - 2014-02-22 05:46 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll2014-04-29 08:36 - 2014-02-22 05:45 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll2014-04-29 08:36 - 2014-02-22 05:22 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll2014-04-29 08:36 - 2014-02-22 05:17 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2014-04-29 08:36 - 2014-02-22 05:17 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe2014-04-29 08:36 - 2014-02-22 05:16 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe2014-04-29 08:36 - 2014-02-22 05:16 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx2014-04-29 08:36 - 2014-02-22 05:07 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\scavengeui.dll2014-04-29 08:36 - 2014-02-22 04:55 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\srrstr.dll2014-04-29 08:36 - 2014-02-22 04:51 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll2014-04-29 08:36 - 2014-02-22 04:27 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll2014-04-29 08:36 - 2014-02-22 04:20 - 01152512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl2014-04-29 08:36 - 2014-02-22 04:13 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe2014-04-29 08:36 - 2014-02-22 03:54 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll2014-04-29 08:36 - 2014-02-22 03:51 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll2014-04-29 08:36 - 2014-02-22 03:48 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2014-04-29 08:36 - 2014-02-22 03:47 - 01192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll2014-04-29 08:36 - 2014-02-22 03:25 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll2014-04-29 08:36 - 2014-02-22 03:11 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll2014-04-29 08:36 - 2014-02-22 03:04 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\slpts.dll2014-04-29 08:36 - 2014-02-22 02:54 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe2014-04-29 08:36 - 2014-02-22 02:54 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll2014-04-29 08:36 - 2014-02-22 02:52 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll2014-04-29 08:36 - 2014-02-22 02:49 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll2014-04-29 08:36 - 2014-02-22 02:35 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll2014-04-29 08:36 - 2014-02-22 02:34 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll2014-04-29 08:36 - 2014-02-22 02:22 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll2014-04-29 08:36 - 2014-02-22 02:22 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll2014-04-29 08:36 - 2014-02-22 02:20 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll2014-04-29 08:36 - 2014-02-22 02:18 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll2014-04-29 08:36 - 2014-02-01 00:00 - 00011109 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms2014-04-29 08:36 - 2014-02-01 00:00 - 00007762 _____ () C:\WINDOWS\system32\connectedsearch-suggestions.searchconnector-ms2014-04-29 08:36 - 2014-02-01 00:00 - 00007130 _____ () C:\WINDOWS\system32\connectedsearch-zeroinput.searchconnector-ms2014-04-29 08:35 - 2014-02-22 10:00 - 00249688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys2014-04-29 08:35 - 2014-02-22 09:59 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll2014-04-29 08:35 - 2014-02-22 09:50 - 02588168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe2014-04-29 08:35 - 2014-02-22 09:50 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe2014-04-29 08:35 - 2014-02-22 09:50 - 00054816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys2014-04-29 08:35 - 2014-02-22 09:44 - 00924504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys2014-04-29 08:35 - 2014-02-22 06:09 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys2014-04-29 08:35 - 2014-02-22 06:04 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll2014-04-29 08:35 - 2014-02-22 05:48 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ocsetapi.dll2014-04-29 08:35 - 2014-02-22 05:41 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PkgMgr.exe2014-04-29 08:35 - 2014-02-22 05:29 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe2014-04-29 08:35 - 2014-02-22 05:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\recimg.exe2014-04-29 08:35 - 2014-02-22 05:25 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll2014-04-29 08:35 - 2014-02-22 05:05 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RASMM.dll2014-04-29 08:35 - 2014-02-22 05:05 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll2014-04-29 08:35 - 2014-02-22 05:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2014-04-29 08:35 - 2014-02-22 04:39 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe2014-04-29 08:35 - 2014-02-22 04:34 - 11742720 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll2014-04-29 08:35 - 2014-02-22 04:25 - 01428480 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe2014-04-29 08:35 - 2014-02-22 04:13 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll2014-04-29 08:35 - 2014-02-22 04:06 - 02943488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll2014-04-29 08:35 - 2014-02-22 04:04 - 00935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll2014-04-29 08:35 - 2014-02-22 04:01 - 02648064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll2014-04-29 08:35 - 2014-02-22 03:52 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe2014-04-29 08:35 - 2014-02-22 03:48 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll2014-04-29 08:35 - 2014-02-22 03:10 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll2014-04-29 08:35 - 2014-02-22 03:02 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll2014-04-29 08:35 - 2014-02-22 02:59 - 01621504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RacEngn.dll2014-04-29 08:35 - 2014-02-22 02:48 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll2014-04-29 08:35 - 2014-02-22 02:45 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll2014-04-29 08:35 - 2014-02-22 02:43 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Renewal.dll2014-04-29 08:35 - 2014-02-22 02:33 - 00609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll2014-04-29 08:35 - 2014-02-22 02:30 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll2014-04-29 08:35 - 2014-02-22 02:24 - 02760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll2014-04-29 08:35 - 2014-02-07 19:08 - 00100197 _____ () C:\WINDOWS\system32\RacRules.xml2014-04-29 08:35 - 2014-01-31 05:59 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll2014-04-29 08:35 - 2014-01-31 02:18 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll2014-04-29 08:35 - 2014-01-28 18:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll2014-04-29 08:35 - 2014-01-28 18:18 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll2014-04-29 08:35 - 2014-01-07 19:30 - 00745328 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll2014-04-29 08:35 - 2013-11-07 22:04 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv2014-04-29 08:34 - 2014-02-22 09:55 - 00105864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll2014-04-29 08:34 - 2014-02-22 09:43 - 01727760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2014-04-29 08:34 - 2014-02-22 09:41 - 01215832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll2014-04-29 08:34 - 2014-02-22 09:41 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll2014-04-29 08:34 - 2014-02-22 09:41 - 00800552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll2014-04-29 08:34 - 2014-02-22 09:41 - 00609456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll2014-04-29 08:34 - 2014-02-22 09:41 - 00391008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll2014-04-29 08:34 - 2014-02-22 09:41 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll2014-04-29 08:34 - 2014-02-22 09:41 - 00028416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe2014-04-29 08:34 - 2014-02-22 09:40 - 01118552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys2014-04-29 08:34 - 2014-02-22 06:17 - 00008192 ____H (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-ntuser-private-l1-1-1.dll2014-04-29 08:34 - 2014-02-22 06:17 - 00005632 ____H (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-session-winsta-l1-1-0.dll2014-04-29 08:34 - 2014-02-22 06:17 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-ntuser-private-l1-1-0.dll2014-04-29 08:34 - 2014-02-22 06:17 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-kernel32-package-l1-1-1.dll2014-04-29 08:34 - 2014-02-22 06:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys2014-04-29 08:34 - 2014-02-22 06:08 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx2014-04-29 08:34 - 2014-02-22 06:08 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll2014-04-29 08:34 - 2014-02-22 06:06 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll2014-04-29 08:34 - 2014-02-22 06:00 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll2014-04-29 08:34 - 2014-02-22 04:52 - 02288640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll2014-04-29 08:34 - 2014-02-22 04:52 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll2014-04-29 08:34 - 2014-02-22 04:47 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll2014-04-29 08:34 - 2014-02-22 04:37 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll2014-04-29 08:34 - 2014-02-22 03:59 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll2014-04-29 08:34 - 2014-02-22 03:59 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll2014-04-29 08:34 - 2014-02-22 03:43 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll2014-04-29 08:34 - 2014-02-22 03:22 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll2014-04-29 08:34 - 2014-02-22 03:01 - 13933568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll2014-04-29 08:34 - 2014-02-22 02:51 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll2014-04-29 08:34 - 2014-02-22 02:51 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll2014-04-29 08:34 - 2014-02-22 02:04 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll2014-04-29 08:34 - 2014-01-31 03:10 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll2014-04-29 08:33 - 2014-02-22 10:59 - 00209160 _____ (Microsoft Corporation) C:\WINDOWS\system32\imm32.dll2014-04-29 08:33 - 2014-02-22 09:50 - 00761792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll2014-04-29 08:33 - 2014-02-22 06:20 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-power-events.dll2014-04-29 08:33 - 2014-02-22 06:14 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys2014-04-29 08:33 - 2014-02-22 05:44 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-04-29 08:33 - 2014-02-22 05:00 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-04-29 08:33 - 2014-02-22 04:31 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-04-29 08:33 - 2014-02-22 04:27 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll2014-04-29 08:33 - 2014-02-22 04:12 - 00797696 _____ (Microsoft Corporation) C:\WINDOWS\system32\PurchaseWindowsLicense.dll2014-04-29 08:33 - 2014-02-22 04:09 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-04-29 08:33 - 2014-02-22 02:36 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll2014-04-29 08:32 - 2014-02-22 09:44 - 00424280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll2014-04-29 08:32 - 2014-02-22 06:17 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\f3ahvoas.dll2014-04-29 08:32 - 2014-02-22 04:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll2014-04-29 08:32 - 2014-02-22 04:41 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll2014-04-29 08:32 - 2014-02-22 04:28 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-04-29 08:32 - 2014-02-22 02:44 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\provsvc.dll2014-04-29 08:32 - 2014-02-22 02:38 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-04-29 08:32 - 2014-02-22 02:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll2014-04-29 08:32 - 2014-01-29 02:40 - 00994136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys2014-04-29 08:31 - 2014-02-22 10:00 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fileinfo.sys2014-04-29 08:31 - 2014-02-22 09:49 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys2014-04-29 08:31 - 2014-02-22 09:44 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys2014-04-29 08:31 - 2014-02-22 06:08 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll2014-04-29 08:31 - 2014-02-22 05:50 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe2014-04-29 08:31 - 2014-02-22 05:45 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhevents.dll2014-04-29 08:31 - 2014-02-22 05:39 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvcctl.dll2014-04-29 08:31 - 2014-02-22 04:17 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll2014-04-29 08:31 - 2014-02-22 04:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll2014-04-29 08:31 - 2014-02-22 03:54 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll2014-04-29 08:31 - 2014-02-22 03:53 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll2014-04-29 08:31 - 2014-02-22 03:52 - 01132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll2014-04-29 08:31 - 2014-02-22 03:43 - 00107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll2014-04-29 08:31 - 2014-02-22 02:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll2014-04-29 08:31 - 2014-02-21 22:43 - 00002440 ___RS () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk2014-04-29 08:31 - 2014-01-27 11:04 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll2014-04-29 08:30 - 2014-02-22 10:59 - 00526304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2014-04-29 08:30 - 2014-02-22 10:59 - 00461176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2014-04-29 08:30 - 2014-02-22 10:59 - 00407536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2014-04-29 08:30 - 2014-02-22 10:59 - 00139464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2014-04-29 08:30 - 2014-02-22 10:59 - 00123448 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll2014-04-29 08:30 - 2014-02-22 10:58 - 00036200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2014-04-29 08:30 - 2014-02-22 06:24 - 02825216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll2014-04-29 08:30 - 2014-02-22 05:37 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskpart.exe2014-04-29 08:30 - 2014-02-22 05:34 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmdskmgr.dll2014-04-29 08:30 - 2014-02-22 05:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll2014-04-29 08:30 - 2014-02-22 05:25 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE2014-04-29 08:30 - 2014-02-22 05:08 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll2014-04-29 08:30 - 2014-02-22 05:07 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll2014-04-29 08:30 - 2014-02-22 05:04 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfrgui.exe2014-04-29 08:30 - 2014-02-22 04:59 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll2014-04-29 08:30 - 2014-02-22 04:58 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAConn.dll2014-04-29 08:30 - 2014-02-22 04:56 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll2014-04-29 08:30 - 2014-02-22 04:47 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfp.exe2014-04-29 08:30 - 2014-02-22 04:38 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfpCommon.dll2014-04-29 08:30 - 2014-02-22 04:35 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll2014-04-29 08:30 - 2014-02-22 04:09 - 01224192 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll2014-04-29 08:30 - 2014-02-22 03:56 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll2014-04-29 08:30 - 2014-02-22 03:54 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll2014-04-29 08:30 - 2014-02-22 03:53 - 00825344 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll2014-04-29 08:30 - 2014-02-22 03:39 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe2014-04-29 08:30 - 2014-02-22 03:37 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe2014-04-29 08:30 - 2014-02-22 03:36 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe2014-04-29 08:30 - 2014-02-22 03:34 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll2014-04-29 08:30 - 2014-02-22 03:34 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll2014-04-29 08:30 - 2014-02-22 03:33 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll2014-04-29 08:30 - 2014-02-22 03:25 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll2014-04-29 08:30 - 2014-02-22 03:25 - 00399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll2014-04-29 08:30 - 2014-02-22 03:25 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll2014-04-29 08:30 - 2014-02-22 03:13 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll2014-04-29 08:30 - 2014-02-22 03:09 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe2014-04-29 08:30 - 2014-02-22 02:59 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll2014-04-29 08:30 - 2014-02-22 02:55 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll2014-04-29 08:30 - 2014-02-22 02:55 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\energytask.dll2014-04-29 08:30 - 2014-02-22 02:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AepRoam.dll2014-04-29 08:30 - 2014-02-22 02:53 - 12027904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll2014-04-29 08:30 - 2014-02-21 22:37 - 00000369 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2014-04-29 08:30 - 2014-02-21 22:37 - 00000369 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2014-04-29 08:30 - 2014-02-21 22:37 - 00000369 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2014-04-29 08:30 - 2014-02-21 22:37 - 00000369 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2014-04-29 08:30 - 2014-02-21 22:33 - 00262335 _____ () C:\WINDOWS\system32\dfpinc.dat2014-04-29 08:30 - 2014-01-27 11:54 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll2014-04-29 08:30 - 2014-01-27 09:38 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll2014-04-29 08:30 - 2014-01-22 00:21 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll2014-04-29 08:30 - 2013-12-04 09:54 - 00660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll2014-04-29 08:29 - 2014-02-22 10:15 - 01206000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe2014-04-29 08:29 - 2014-02-22 10:15 - 00531128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2014-04-29 08:29 - 2014-02-22 09:55 - 00388408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll2014-04-29 08:29 - 2014-02-22 09:55 - 00152848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll2014-04-29 08:29 - 2014-02-22 09:50 - 00043408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe2014-04-29 08:29 - 2014-02-22 09:48 - 00210736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe2014-04-29 08:29 - 2014-02-22 09:46 - 01927600 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll2014-04-29 08:29 - 2014-02-22 09:46 - 01000424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll [END of FRST.txt log, PART 2 OF 3] Link to post Share on other sites More sharing options...
baldyj Posted May 23, 2014 Author ID:833496 Share Posted May 23, 2014 [FRST.txt log, PART 3 OF 3:] 2014-04-29 08:29 - 2014-02-22 09:46 - 00669896 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll2014-04-29 08:29 - 2014-02-22 09:43 - 01659056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-04-29 08:29 - 2014-02-22 09:43 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-04-29 08:29 - 2014-02-22 09:43 - 01487520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2014-04-29 08:29 - 2014-02-22 09:43 - 01356360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2014-04-29 08:29 - 2014-02-22 09:43 - 00094560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll2014-04-29 08:29 - 2014-02-22 06:17 - 00902144 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe2014-04-29 08:29 - 2014-02-22 06:17 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe2014-04-29 08:29 - 2014-02-22 06:17 - 00874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe2014-04-29 08:29 - 2014-02-22 06:07 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll2014-04-29 08:29 - 2014-02-22 06:03 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe2014-04-29 08:29 - 2014-02-22 06:01 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\spcompat.dll2014-04-29 08:29 - 2014-02-22 05:59 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgrade.exe2014-04-29 08:29 - 2014-02-22 05:47 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe2014-04-29 08:29 - 2014-02-22 05:42 - 00038680 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe2014-04-29 08:29 - 2014-02-22 05:22 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2014-04-29 08:29 - 2014-02-22 05:17 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll2014-04-29 08:29 - 2014-02-22 05:16 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-04-29 08:29 - 2014-02-22 05:14 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cleanmgr.exe2014-04-29 08:29 - 2014-02-22 05:02 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll2014-04-29 08:29 - 2014-02-22 04:46 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe2014-04-29 08:29 - 2014-02-22 04:41 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netid.dll2014-04-29 08:29 - 2014-02-22 04:36 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2014-04-29 08:29 - 2014-02-22 04:22 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll2014-04-29 08:29 - 2014-02-22 04:18 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe2014-04-29 08:29 - 2014-02-22 04:15 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe2014-04-29 08:29 - 2014-02-22 03:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll2014-04-29 08:29 - 2014-02-22 03:48 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll2014-04-29 08:29 - 2014-02-22 03:46 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll2014-04-29 08:29 - 2014-02-22 03:44 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe2014-04-29 08:29 - 2014-02-22 03:38 - 00753664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll2014-04-29 08:29 - 2014-02-22 03:29 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll2014-04-29 08:29 - 2014-02-22 03:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll2014-04-29 08:29 - 2014-02-22 03:23 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2014-04-29 08:29 - 2014-02-22 03:04 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\perftrack.dll2014-04-29 08:29 - 2014-02-22 03:02 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll2014-04-29 08:29 - 2014-02-22 02:55 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConfigureExpandedStorage.dll2014-04-29 08:29 - 2014-02-22 02:47 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\AltTab.dll2014-04-29 08:29 - 2014-02-22 02:46 - 03312128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll2014-04-29 08:29 - 2014-02-22 02:44 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll2014-04-29 08:29 - 2014-02-22 02:24 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmIndexer.dll2014-04-29 08:29 - 2014-02-22 02:22 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-04-29 08:29 - 2014-02-22 02:17 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe2014-04-29 08:29 - 2014-01-31 03:19 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll2014-04-29 08:29 - 2013-12-04 09:16 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll2014-04-29 08:28 - 2014-02-22 09:49 - 00280920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys2014-04-29 08:28 - 2014-02-22 06:08 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll2014-04-29 08:28 - 2014-02-22 06:07 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll2014-04-29 08:28 - 2014-02-22 06:02 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aelupsvc.dll2014-04-29 08:28 - 2014-02-22 05:05 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentHost.dll2014-04-29 08:28 - 2014-02-22 05:02 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll2014-04-29 08:28 - 2014-02-22 04:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitagent.exe2014-04-29 08:28 - 2014-02-22 04:34 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeResults.exe2014-04-29 08:28 - 2013-12-10 01:35 - 00530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll2014-04-29 08:28 - 2013-11-10 17:41 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll2014-04-29 08:26 - 2014-02-22 06:08 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\OobeFldr.dll2014-04-29 08:26 - 2014-02-22 04:56 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\srchadmin.dll2014-04-29 08:24 - 2014-02-22 06:14 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys2014-04-29 08:23 - 2014-02-22 09:44 - 00539992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys2014-04-29 08:03 - 2014-03-19 22:19 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll2014-04-29 08:03 - 2014-03-19 21:41 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys2014-04-29 08:03 - 2014-03-19 21:41 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys2014-04-29 08:03 - 2014-03-19 21:40 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll2014-04-29 08:03 - 2014-03-19 01:13 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll2014-04-29 08:03 - 2014-03-13 06:35 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys2014-04-29 08:02 - 2014-03-19 17:55 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll2014-04-29 08:02 - 2014-03-19 17:39 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll2014-04-29 08:02 - 2014-03-19 17:36 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll2014-04-29 08:02 - 2014-03-18 23:20 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe2014-04-29 08:02 - 2014-03-18 23:08 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll2014-04-29 08:02 - 2014-03-11 09:02 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll2014-04-29 08:02 - 2014-03-11 08:28 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll2014-04-29 08:02 - 2014-03-11 07:02 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2014-04-29 08:02 - 2014-03-11 06:35 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2014-04-29 08:02 - 2014-03-08 05:34 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll2014-04-29 08:02 - 2014-03-08 02:44 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2014-04-29 08:02 - 2014-03-08 02:12 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll2014-04-29 08:02 - 2014-03-08 01:47 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll2014-04-29 08:02 - 2014-03-08 01:12 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll2014-04-29 08:02 - 2014-03-08 00:40 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll2014-04-29 08:02 - 2014-03-08 00:37 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll2014-04-29 08:02 - 2014-03-08 00:02 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll2014-04-29 08:02 - 2014-03-07 23:58 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll2014-04-29 08:02 - 2014-03-06 05:20 - 01200296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll2014-04-29 08:02 - 2014-03-06 05:19 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll2014-04-29 08:02 - 2014-03-06 05:19 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll2014-04-29 08:02 - 2014-03-06 05:13 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll2014-04-29 08:02 - 2014-03-06 05:13 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll2014-04-29 08:02 - 2014-03-06 04:35 - 00388408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll2014-04-29 08:02 - 2014-03-06 02:28 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll2014-04-29 08:02 - 2014-03-06 02:20 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll2014-04-29 08:02 - 2014-03-06 02:10 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll2014-04-29 08:02 - 2014-03-06 01:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll2014-04-29 08:02 - 2014-03-06 01:44 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll2014-04-29 08:02 - 2014-03-06 01:08 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll2014-04-29 08:02 - 2014-03-06 00:29 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll2014-04-29 08:02 - 2014-03-06 00:23 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll2014-04-29 08:02 - 2014-03-06 00:13 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll2014-04-29 08:02 - 2014-03-06 00:11 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll2014-04-29 08:02 - 2014-03-06 00:09 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2014-04-29 08:02 - 2014-03-06 00:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll2014-04-29 08:02 - 2014-03-06 00:04 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll2014-04-29 08:02 - 2014-03-05 23:54 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll2014-04-29 08:02 - 2014-03-05 23:51 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll2014-04-29 08:02 - 2014-03-05 23:42 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll2014-04-29 08:02 - 2014-03-05 23:33 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll2014-04-29 08:02 - 2014-03-05 23:27 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll2014-04-29 08:02 - 2014-03-05 23:21 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-04-29 08:02 - 2014-03-04 00:39 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll2014-04-29 08:02 - 2014-03-04 00:32 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll2014-04-29 08:02 - 2014-03-04 00:05 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll2014-04-29 08:02 - 2014-03-03 23:54 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll2014-04-29 08:02 - 2014-03-03 23:52 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll2014-04-29 08:02 - 2014-02-06 15:26 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll2014-04-29 08:01 - 2014-03-08 00:50 - 01066496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll2014-04-29 08:01 - 2014-03-08 00:31 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll2014-04-29 08:01 - 2014-03-08 00:30 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll2014-04-29 08:01 - 2014-03-08 00:25 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL2014-04-29 08:01 - 2014-03-06 04:46 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll2014-04-29 08:01 - 2014-03-06 04:35 - 00406512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2014-04-29 08:01 - 2014-03-06 04:35 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2014-04-29 08:01 - 2014-03-06 04:35 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2014-04-29 08:01 - 2014-03-06 02:09 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe2014-04-29 08:01 - 2014-03-06 01:16 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll2014-04-29 08:01 - 2014-03-06 00:59 - 12732416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2014-04-29 08:01 - 2014-03-06 00:04 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll2014-04-29 08:01 - 2014-03-04 05:16 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe2014-04-29 08:01 - 2014-03-04 05:10 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll2014-04-29 08:01 - 2014-03-04 00:42 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll2014-04-29 08:01 - 2013-12-23 17:28 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll2014-04-29 07:57 - 2014-03-19 18:53 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll2014-04-29 07:57 - 2014-03-19 18:48 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll2014-04-29 07:57 - 2014-03-18 23:31 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll2014-04-29 07:57 - 2014-03-12 07:45 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-04-29 07:57 - 2014-03-08 14:35 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS2014-04-29 07:57 - 2014-03-06 08:34 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll2014-04-29 07:57 - 2014-03-06 03:29 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll2014-04-29 07:57 - 2014-03-06 03:22 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2014-04-29 07:57 - 2014-03-06 03:19 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll2014-04-29 07:57 - 2014-03-06 02:38 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll2014-04-29 07:57 - 2014-03-06 00:57 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll2014-04-29 07:57 - 2014-03-06 00:32 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll2014-04-29 07:57 - 2014-03-06 00:31 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll2014-04-29 07:57 - 2014-03-06 00:27 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll2014-04-29 07:57 - 2014-03-06 00:24 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll2014-04-29 07:57 - 2014-03-06 00:21 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll2014-04-29 07:57 - 2014-03-06 00:16 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll2014-04-29 07:57 - 2014-03-06 00:01 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll2014-04-29 07:57 - 2014-03-05 23:28 - 08653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll2014-04-29 07:57 - 2014-03-04 01:00 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll2014-04-29 07:56 - 2014-03-19 19:29 - 04268544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll2014-04-29 07:56 - 2014-03-18 23:50 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe2014-04-29 07:56 - 2014-03-18 22:41 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll2014-04-29 07:56 - 2014-03-18 22:17 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-04-29 07:56 - 2014-03-11 09:45 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll2014-04-29 07:56 - 2014-03-11 08:25 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe2014-04-29 07:56 - 2014-03-11 08:05 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll2014-04-29 07:56 - 2014-03-11 08:03 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll2014-04-29 07:56 - 2014-03-11 08:00 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll2014-04-29 07:56 - 2014-03-08 14:40 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys2014-04-29 07:56 - 2014-03-08 03:02 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll2014-04-29 07:56 - 2014-03-08 02:33 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll2014-04-29 07:56 - 2014-03-08 02:25 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll2014-04-29 07:56 - 2014-03-08 01:03 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll2014-04-29 07:56 - 2014-03-08 01:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL2014-04-29 07:56 - 2014-03-08 00:46 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL2014-04-29 07:56 - 2014-03-08 00:41 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL2014-04-29 07:56 - 2014-03-08 00:04 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll2014-04-29 07:56 - 2014-03-06 08:35 - 01466864 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll2014-04-29 07:56 - 2014-03-06 06:51 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll2014-04-29 07:56 - 2014-03-06 06:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2014-04-29 07:56 - 2014-03-06 03:22 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys2014-04-29 07:56 - 2014-03-06 03:20 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys2014-04-29 07:56 - 2014-03-06 03:20 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys2014-04-29 07:56 - 2014-03-06 03:19 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys2014-04-29 07:56 - 2014-03-06 02:37 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll2014-04-29 07:56 - 2014-03-06 01:47 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll2014-04-29 07:56 - 2014-03-06 01:02 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll2014-04-29 07:56 - 2014-03-06 00:13 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll2014-04-29 07:56 - 2014-03-06 00:05 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll2014-04-29 07:56 - 2014-03-05 23:54 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll2014-04-29 07:56 - 2014-03-05 23:47 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll2014-04-29 07:56 - 2014-03-05 23:42 - 01129472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll2014-04-29 07:56 - 2014-03-05 23:20 - 06641152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-04-29 07:56 - 2014-03-04 06:15 - 02519384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-04-29 07:56 - 2014-03-04 06:15 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS2014-04-29 07:56 - 2014-03-04 01:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll2014-04-29 07:56 - 2014-03-04 00:56 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll2014-04-29 07:56 - 2014-03-04 00:50 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2014-04-29 07:56 - 2014-03-04 00:15 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll2014-04-29 07:56 - 2014-03-04 00:03 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll2014-04-29 07:55 - 2014-03-18 23:57 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe2014-04-29 07:55 - 2014-03-08 14:47 - 00565536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2014-04-29 07:55 - 2014-03-08 14:47 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2014-04-29 07:55 - 2014-03-08 09:29 - 01339240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll2014-04-29 07:55 - 2014-03-08 03:34 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2014-04-29 07:55 - 2014-03-08 01:53 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll2014-04-29 07:55 - 2014-03-08 01:51 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe2014-04-29 07:55 - 2014-03-08 01:09 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-04-29 07:55 - 2014-03-08 00:09 - 00958464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll2014-04-29 07:55 - 2014-03-06 08:34 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll2014-04-29 07:55 - 2014-03-06 06:51 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2014-04-29 07:55 - 2014-03-06 06:51 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2014-04-29 07:55 - 2014-03-06 06:40 - 00492256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll2014-04-29 07:55 - 2014-03-06 06:39 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll2014-04-29 07:55 - 2014-03-06 03:20 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys2014-04-29 07:55 - 2014-03-06 03:19 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys2014-04-29 07:55 - 2014-03-06 03:08 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll2014-04-29 07:55 - 2014-03-06 02:00 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll2014-04-29 07:55 - 2014-03-06 00:51 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll2014-04-29 07:55 - 2014-03-06 00:21 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll2014-04-29 07:55 - 2014-03-04 06:25 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe2014-04-29 07:55 - 2014-03-04 06:14 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll2014-04-29 07:55 - 2014-03-04 01:16 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll2014-04-29 07:55 - 2014-03-04 01:13 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll2014-04-29 07:55 - 2014-02-06 16:59 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll2014-04-29 07:55 - 2013-12-23 17:26 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll2014-04-29 07:54 - 2014-03-06 06:53 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll2014-04-29 07:53 - 2014-03-06 06:53 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll2014-04-29 07:52 - 2014-03-06 01:22 - 16875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2014-04-29 07:51 - 2014-03-08 09:29 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll2014-04-29 07:51 - 2014-03-06 03:22 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys2014-04-29 07:51 - 2014-03-06 02:41 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll2014-04-29 07:51 - 2014-03-06 00:39 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2014-04-29 07:49 - 2014-03-11 07:21 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2014-04-29 07:49 - 2014-03-08 14:38 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll2014-04-29 07:49 - 2014-03-08 14:35 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys2014-04-29 07:49 - 2014-03-06 03:19 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll2014-04-29 07:49 - 2014-03-06 03:19 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe2014-04-29 07:49 - 2014-03-06 03:08 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe2014-04-29 07:49 - 2014-03-04 00:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll2014-04-29 07:48 - 2014-03-11 09:18 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll2014-04-29 07:48 - 2014-03-08 01:04 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll2014-04-29 07:48 - 2014-03-08 00:48 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll2014-04-29 07:48 - 2014-03-07 23:41 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll2014-04-29 07:48 - 2014-03-07 23:11 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll2014-04-29 07:48 - 2014-03-06 06:40 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2014-04-29 07:48 - 2014-03-06 06:40 - 00463264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2014-04-29 07:48 - 2014-03-06 06:40 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2014-04-29 07:48 - 2014-03-06 06:40 - 00244888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2014-04-29 07:48 - 2014-03-06 00:34 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2014-04-29 07:48 - 2014-03-06 00:16 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2014-04-29 07:47 - 2014-03-11 06:42 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2014-04-29 07:45 - 2014-03-06 03:24 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys2014-04-29 07:45 - 2014-03-06 03:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys2014-04-29 07:45 - 2014-03-06 03:24 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys2014-04-29 07:44 - 2014-03-06 00:23 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll2014-04-29 07:44 - 2014-02-26 00:29 - 02678784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2014-04-27 14:34 - 2014-05-23 08:15 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-04-27 14:33 - 2014-04-27 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-04-27 14:33 - 2014-04-27 14:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-27 14:33 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-04-27 14:33 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-04-27 14:30 - 2014-04-27 14:32 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Adrienne\Downloads\mbam-setup-2.0.1.1004.exe2014-04-27 14:27 - 2014-05-23 08:27 - 00000316 _____ () C:\WINDOWS\Tasks\Digital Sites.job2014-04-27 14:27 - 2014-04-27 14:54 - 00000000 ____D () C:\Users\Adrienne\AppData\Roaming\DigitalSites2014-04-27 14:27 - 2014-04-27 14:27 - 00002650 _____ () C:\WINDOWS\System32\Tasks\Digital Sites2014-04-27 14:26 - 2014-04-27 14:26 - 01311304 _____ () C:\Users\Adrienne\Downloads\PDFWriterSetup.exe ==================== One Month Modified Files and Folders ======= 2014-05-23 08:54 - 2014-05-23 08:54 - 00020349 _____ () C:\Users\J\Desktop\FRST.txt2014-05-23 08:54 - 2014-05-23 08:54 - 00000000 ____D () C:\FRST2014-05-23 08:49 - 2014-05-23 08:49 - 02067456 _____ (Farbar) C:\Users\J\Desktop\FRST64.exe2014-05-23 08:44 - 2012-12-18 09:58 - 00003898 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{48185596-78D4-43A4-85BB-FA4A019EF6F1}2014-05-23 08:37 - 2012-12-18 10:21 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-05-23 08:35 - 2014-05-03 22:48 - 01386684 _____ () C:\WINDOWS\WindowsUpdate.log2014-05-23 08:27 - 2014-04-27 14:27 - 00000316 _____ () C:\WINDOWS\Tasks\Digital Sites.job2014-05-23 08:15 - 2014-04-27 14:34 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-05-23 08:13 - 2014-01-25 14:00 - 00000000 ____D () C:\Users\J\AppData\Local\Screencast-O-Matic2014-05-23 08:02 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-05-23 07:43 - 2012-12-18 10:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521255599-543702034-1577723873-10012014-05-23 07:37 - 2012-12-18 10:21 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-05-23 07:34 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-05-23 07:27 - 2012-12-18 09:58 - 00000000 ____D () C:\Users\J\AppData\Local\Adobe2014-05-23 07:25 - 2013-11-24 01:31 - 00000000 __RDO () C:\Users\J\SkyDrive2014-05-23 07:24 - 2013-05-31 14:10 - 00000370 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2014-05-22 20:31 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-05-22 20:30 - 2014-05-14 10:24 - 00006082 _____ () C:\WINDOWS\PFRO.log2014-05-22 20:30 - 2013-08-22 08:44 - 02985920 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-05-22 20:30 - 2013-08-22 07:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI2014-05-22 19:55 - 2012-12-30 16:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-22 18:57 - 2014-05-22 18:57 - 01641542 _____ () C:\Users\J\Desktop\20140508_073507_372_000013.flv2014-05-22 10:04 - 2013-01-07 18:25 - 00000000 ____D () C:\Users\J\AppData\Roaming\vlc2014-05-22 06:19 - 2012-12-18 15:22 - 00000000 ___RD () C:\Users\J\Google Drive2014-05-21 22:24 - 2012-12-19 16:09 - 04280832 ___SH () C:\Users\J\Desktop\Thumbs.db2014-05-21 21:55 - 2013-09-29 22:04 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-05-21 19:42 - 2014-05-21 19:42 - 00634116 _____ () C:\Users\J\Desktop\points.pptx2014-05-21 19:12 - 2012-12-19 20:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log2014-05-21 19:12 - 2012-12-19 20:28 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-05-21 18:00 - 2014-05-21 17:57 - 00000000 ____D () C:\Users\J\Desktop\Grade_Appeal2014-05-21 17:57 - 2014-05-21 17:57 - 01701183 _____ () C:\Users\J\Desktop\Grade_Appeal.zip2014-05-21 10:09 - 2014-05-17 21:41 - 00000000 ____D () C:\Users\J\Desktop\Shirt2014-05-21 08:22 - 2014-05-21 08:22 - 09248166 _____ () C:\Users\J\Desktop\Amtrak Route Atlas.psd2014-05-20 18:59 - 2014-05-07 18:26 - 00000000 ____D () C:\Users\J\Desktop\~combined_rubrics-papers2014-05-20 15:38 - 2013-06-01 21:35 - 01030084 _____ () C:\Users\J\tribler.exe.log2014-05-20 14:34 - 2014-05-08 16:34 - 00003176 _____ () C:\WINDOWS\setupact.log2014-05-20 13:20 - 2013-01-08 13:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521255599-543702034-1577723873-10062014-05-20 13:01 - 2013-01-08 13:35 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EDAEC3A7-9B57-4E6B-8023-F5D8FB5A7845}2014-05-20 12:59 - 2013-01-08 13:35 - 00000000 ___RD () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-20 12:59 - 2013-01-08 13:35 - 00000000 ___RD () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-19 19:30 - 2013-11-29 16:34 - 00003134 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJ2014-05-19 19:30 - 2013-11-29 16:34 - 00000328 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJ.job2014-05-17 00:01 - 2012-12-19 08:36 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521255599-543702034-1577723873-10052014-05-16 21:47 - 2012-12-25 10:39 - 00000000 ____D () C:\Users\August\AppData\Roaming\.minecraft2014-05-16 19:49 - 2012-12-19 08:31 - 00000000 ____D () C:\Users\August\AppData\Local\Adobe2014-05-15 18:52 - 2012-12-19 08:30 - 00000000 ___RD () C:\Users\August\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-15 18:52 - 2012-12-19 08:30 - 00000000 ___RD () C:\Users\August\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-14 11:08 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache2014-05-14 10:27 - 2012-12-18 09:58 - 00000000 ___RD () C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-14 10:27 - 2012-12-18 09:58 - 00000000 ___RD () C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-14 10:24 - 2013-09-29 21:51 - 00000000 ____D () C:\WINDOWS\ShellNew2014-05-14 10:24 - 2012-07-26 02:12 - 00000000 ____D () C:\WINDOWS\SchCache2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-05-14 09:51 - 2014-05-14 09:51 - 02289421 _____ () C:\Users\J\Desktop\choo-choo-test3.mp42014-05-14 09:48 - 2014-05-14 09:48 - 00004535 _____ () C:\Users\J\AppData\Roaming\CamStudio.cfg2014-05-14 09:48 - 2014-05-14 09:48 - 00000408 _____ () C:\Users\J\AppData\Roaming\CamShapes.ini2014-05-14 09:48 - 2014-05-14 09:48 - 00000408 _____ () C:\Users\J\AppData\Roaming\CamLayout.ini2014-05-14 09:48 - 2014-05-14 09:48 - 00000046 _____ () C:\Users\J\AppData\Roaming\Camdata.ini2014-05-14 09:48 - 2014-05-14 09:46 - 00000000 ____D () C:\Users\J\Documents\My CamStudio Temp Files2014-05-14 09:45 - 2014-05-14 09:45 - 00000096 _____ () C:\Users\J\AppData\Roaming\version2.xml2014-05-14 09:45 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates2014-05-14 09:45 - 2012-12-18 12:19 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-05-14 09:44 - 2014-05-14 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.72014-05-14 09:44 - 2014-05-14 09:44 - 00000000 ____D () C:\Program Files\CamStudio 2.72014-05-14 09:43 - 2013-08-15 15:17 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-05-14 09:41 - 2012-12-18 12:35 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-05-14 09:39 - 2012-11-28 12:25 - 00004248 _____ () C:\WINDOWS\system32\RaCoInst.log2014-05-14 09:34 - 2014-05-14 09:33 - 02285515 _____ () C:\Users\J\Desktop\choo-choo-test2.mp42014-05-14 09:22 - 2014-05-14 09:20 - 00000000 ____D () C:\Users\J\Desktop\video_text2014-05-14 09:20 - 2014-05-14 09:20 - 02286845 _____ () C:\Users\J\Desktop\choo-choo-test.mp42014-05-11 20:05 - 2014-05-11 20:05 - 00000000 ____D () C:\ProgramData\PureLeads2014-05-11 20:05 - 2014-05-11 20:05 - 00000000 ____D () C:\PROGRAM12014-05-11 20:05 - 2014-05-11 20:05 - 00000000 ____D () C:\Program Files (x86)\PureLeads2014-05-11 20:04 - 2014-05-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader2014-05-08 16:34 - 2014-05-08 16:34 - 00000000 _____ () C:\WINDOWS\setuperr.log2014-05-07 20:36 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-05-07 13:33 - 2014-05-07 13:33 - 00000000 ____D () C:\Users\J\AppData\Local\Foxit Reader2014-05-07 10:32 - 2013-08-09 00:03 - 00000000 ____D () C:\Users\J\Desktop\hugh_schedules2014-05-07 07:36 - 2014-05-07 07:20 - 00000000 ____D () C:\Users\J\Desktop\Up Series Paper Download May 7, 2014 720 AM2014-05-06 21:11 - 2014-05-06 18:14 - 00000000 ____D () C:\Users\J\AppData\Roaming\ImgBurn2014-05-06 17:51 - 2014-05-06 17:51 - 00001851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk2014-05-06 17:51 - 2014-05-06 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn2014-05-06 17:51 - 2014-05-06 17:51 - 00000000 ____D () C:\Program Files (x86)\ImgBurn2014-05-06 07:41 - 2013-11-24 01:01 - 00000000 ____D () C:\Users\J2014-05-06 07:32 - 2012-12-18 10:21 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-06 07:32 - 2012-12-18 10:21 - 00003636 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-05 22:40 - 2014-05-14 08:29 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-05-05 21:37 - 2013-06-01 21:35 - 01112867 _____ () C:\Users\J\tribler.exe.log.12014-05-05 21:25 - 2014-05-14 08:29 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-05-05 21:00 - 2014-05-14 08:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-05-05 20:10 - 2014-05-14 08:29 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-05-05 19:17 - 2013-03-12 15:43 - 00000000 ____D () C:\Users\J\Documents\Respondus Projects2014-05-04 15:45 - 2012-12-19 11:25 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521255599-543702034-1577723873-10042014-05-04 15:39 - 2014-05-01 15:15 - 00000000 ___RD () C:\Users\Adrienne\OneDrive2014-05-03 12:22 - 2014-05-03 12:22 - 00000000 ____D () C:\WINDOWS\SysWOW64\%SystemDrive%2014-05-03 12:07 - 2012-07-26 02:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-05-02 07:44 - 2014-04-21 13:58 - 00054272 ___SH () C:\Users\Adrienne\Desktop\Thumbs.db2014-05-02 07:43 - 2014-05-01 17:30 - 10144179 _____ () C:\Users\Adrienne\Desktop\Carl's ABCedario final.pptx2014-05-02 06:25 - 2014-05-02 06:25 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb2014-05-02 06:24 - 2014-05-02 06:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb2014-05-02 06:24 - 2012-12-19 11:17 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B83D9741-C318-4CAA-B53F-A7D829E00486}2014-05-01 22:44 - 2014-05-01 22:44 - 00000000 ____D () C:\Users\Adrienne\AppData\Roaming\Foxit Software2014-05-01 19:13 - 2013-08-18 18:05 - 00153600 ___SH () C:\Users\August\Desktop\Thumbs.db2014-05-01 19:09 - 2013-02-18 12:42 - 00244736 ___SH () C:\Users\August\Downloads\Thumbs.db2014-05-01 17:29 - 2014-04-21 13:58 - 08624640 _____ () C:\Users\Adrienne\Desktop\Carl's ABCedario.pptx2014-05-01 15:15 - 2013-11-24 01:01 - 00000000 ____D () C:\Users\Adrienne2014-05-01 15:15 - 2012-12-19 11:17 - 00000000 ___RD () C:\Users\Adrienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-01 15:15 - 2012-12-19 11:17 - 00000000 ___RD () C:\Users\Adrienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-01 14:30 - 2013-08-22 09:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-05-01 14:30 - 2013-08-22 09:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-04-30 18:53 - 2013-08-11 06:53 - 00000000 ___RD () C:\Users\J\Dropbox2014-04-30 17:07 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-04-30 17:07 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-04-30 17:07 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools2014-04-30 17:07 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-04-30 17:07 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv2014-04-30 17:07 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\setup2014-04-30 17:07 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\zh-HK2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\uk-UA2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sl-SI2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\ro-RO2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\lv-LV2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\lt-LT2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\hr-HR2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\et-EE2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\bg-BG2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\MediaViewer2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\FileManager2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Camera2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices2014-04-30 17:06 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform2014-04-30 17:06 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe2014-04-30 17:06 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism2014-04-30 17:06 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep2014-04-30 17:06 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\oobe2014-04-30 17:06 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\Dism2014-04-30 17:06 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\servicing2014-04-30 16:51 - 2014-04-30 16:51 - 02346942 _____ () C:\Users\August\Downloads\TechnicLauncher.exe2014-04-30 16:51 - 2013-11-10 16:28 - 00000000 ____D () C:\Users\August\AppData\Roaming\.technic2014-04-29 21:09 - 2013-06-01 21:35 - 00000000 ____D () C:\Users\J\AppData\Roaming\.Tribler2014-04-29 18:27 - 2012-12-19 08:30 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2D18D2C9-DFAC-491D-A869-CFF692D50EED}2014-04-29 09:35 - 2014-04-29 09:35 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll2014-04-29 09:35 - 2014-04-29 09:35 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll2014-04-29 09:29 - 2014-04-29 09:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe2014-04-29 09:29 - 2014-04-29 09:29 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll2014-04-29 09:29 - 2014-04-29 09:29 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll2014-04-29 09:29 - 2014-04-29 09:29 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll2014-04-29 09:29 - 2014-04-29 09:29 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll2014-04-29 09:28 - 2014-04-29 09:28 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2014-04-29 09:28 - 2014-04-29 09:28 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe2014-04-29 09:28 - 2014-04-29 09:28 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe2014-04-29 09:28 - 2014-04-29 09:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll2014-04-29 09:27 - 2014-04-29 09:27 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll2014-04-29 09:27 - 2014-04-29 09:27 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll2014-04-28 08:14 - 2013-05-01 00:23 - 00000000 ____D () C:\Program Files\CCleaner2014-04-27 15:12 - 2014-02-23 16:19 - 00000000 ___RD () C:\Users\Adrienne\SkyDrive2014-04-27 15:03 - 2013-08-22 09:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker2014-04-27 14:54 - 2014-04-27 14:27 - 00000000 ____D () C:\Users\Adrienne\AppData\Roaming\DigitalSites2014-04-27 14:33 - 2014-04-27 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-04-27 14:33 - 2014-04-27 14:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-04-27 14:33 - 2013-04-27 21:01 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-04-27 14:32 - 2014-04-27 14:30 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Adrienne\Downloads\mbam-setup-2.0.1.1004.exe2014-04-27 14:27 - 2014-04-27 14:27 - 00002650 _____ () C:\WINDOWS\System32\Tasks\Digital Sites2014-04-27 14:26 - 2014-04-27 14:26 - 01311304 _____ () C:\Users\Adrienne\Downloads\PDFWriterSetup.exe2014-04-25 12:35 - 2012-12-25 10:15 - 00000000 ____D () C:\Users\J\AppData\Roaming\.minecraft Files to move or delete:====================C:\Users\J\AppData\Roaming\CamLayout.iniC:\Users\J\AppData\Roaming\CamShapes.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-22 20:45 ==================== End Of Log ============================ [END of FRST.txt log, PART 3 OF 3] Link to post Share on other sites More sharing options...
baldyj Posted May 23, 2014 Author ID:833499 Share Posted May 23, 2014 [Addition.txt log:] Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014Ran by J at 2014-05-23 08:54:43Running from C:\Users\J\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)ACDSee 15 (HKLM-x32\...\{B580C89C-F7F8-4A78-BAF0-5560C6E9E76D}) (Version: 15.2.212 - ACD Systems International Inc.)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) HiddenAdobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) HiddenAdobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) HiddenAdobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)AMD VISION Engine Control Center (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) HiddenAny Video Converter 5.0.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)BBC iPlayer Downloads (HKLM-x32\...\{476A047B-BDA1-4B37-BB40-0710C7E9EB61}) (Version: 1.4.1 - BBC)Big Brainz Launcher (HKLM-x32\...\Big Brainz Launcher O) (Version: O - Big Brainz)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Profiles Desktop (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) HiddenCyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) HiddenCyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) HiddenCyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)CyberLink PowerDVD (x32 Version: 10.0.1.4319 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)DjVuLibre DjView 3.5.25.4+4.9.2 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.25.4+4.9.2 - DjVuZone)Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)DVDFab 9.1.2.8 (19/02/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) HiddenFoxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation)Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.57 - Google Inc.)Google Drive (HKLM-x32\...\{192A227B-A8C8-4C6D-B939-21FAEB007E1E}) (Version: 1.12.5329.1887 - Google, Inc.)Google Earth Plug-in (HKLM-x32\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenGoogle+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) HiddenHP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) HiddenHP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) HiddenIDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)iExplorer 3.2.3.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) HiddenJava SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)Mega Video Converter 1.7 (HKLM-x32\...\Mega Video Converter_is1) (Version: - Mega Video Converter)Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenOpen Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 10.0 - PlotSoft LLC)Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPicasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)PlayMemories Home (HKLM-x32\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenPrivate Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) HiddenPureLeads (HKLM-x32\...\PureLeads) (Version: 2.0.17 - PureLeads)RAIDXpert (HKLM-x32\...\InstallShield_{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.24 - AMD)RAIDXpert (x32 Version: 3.3.1540.24 - AMD) HiddenRalink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) HiddenRespondus 4.0 Campus-Wide (HKLM-x32\...\{8DB14A0D-7D84-46B3-AEE4-D265729C78BD}) (Version: 4.00.0000 - Respondus, Inc.)Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) HiddenSmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) HiddenSpybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTribler (HKLM-x32\...\Tribler) (Version: 6.2.0 - The Tribler Team)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Video Edit Master (HKLM-x32\...\{35A99221-DAF4-4769-880F-ECC57548FBCC}) (Version: 2.0.0 - Hazem Osman)VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenX2X Free VideoAudio Merger 1.0 (HKLM-x32\...\{D1F94695-C59F-4BF1-A9C5-370DCCE8364D}_is1) (Version: - x2xsoft.com)YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL) ==================== Restore Points ========================= 06-05-2014 01:52:55 Windows Update14-05-2014 15:38:48 Windows Update23-05-2014 03:09:31 Scheduled Checkpoint ==================== Hosts content: ========================== 2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {107C63ED-4C50-420E-97C6-F537A10C02CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)Task: {12E35CC0-3BC4-4935-B257-7445A7A96BB6} - System32\Tasks\AutoUpdaterTask => C:\Program Files (x86)\Auto Updater\AutoUpdater.exeTask: {14E3E2F2-BCF6-4534-9288-B090F6F63526} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {199E723E-64A7-454D-B041-B8F354F3EEF0} - System32\Tasks\AdobeAAMUpdater-1.0-Adolf-August => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-12-15] (Adobe Systems Incorporated)Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {26FFD5FC-48DC-4992-BF77-5544859EE146} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: {2C504622-9691-4895-8351-2603ADBC4664} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-johnbaldy@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-12-15] (Adobe Systems Incorporated)Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)Task: {35AA9D1D-0378-4C6F-A698-9FF53DE0C6A1} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {6843C6F5-70F5-40C9-A260-67B109024849} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{76B5D2AA-95F7-49B0-AF99-2B028D5E5ABB}.exeTask: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6D384673-19E1-42BA-BD59-0CF619A71911} - System32\Tasks\HPCeeScheduleForJ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {760C982A-E80D-4C4F-9FE4-D7B33AB4474E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {792E1504-7BE6-4182-9E9C-7BE3EB6A9DF9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)Task: {7B093085-8AAD-45E2-82AB-91AB645A7FAE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {7FC262C2-CF18-446D-8562-B6E444E33EEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18] (Google Inc.)Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {9988C793-EE5F-4679-9F1A-4C9855248B10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {ABD0DFC1-00B7-4CC0-8D1C-34A9FC632BD0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-07-13] (Hewlett-Packard)Task: {AE72B019-6F51-4916-851A-23D1C639255D} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-02-08] ()Task: {CC68F967-667C-45C2-B5EF-3A2C6FF9F087} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)Task: {CFB9D3EE-54E9-4929-9A05-83CEAB25971F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {E4E312A6-1358-4889-A885-C22A81BB07B1} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {E7EF5A26-2B85-4C29-AE0A-5260A88BBA5B} - System32\Tasks\Digital Sites => C:\Users\Adrienne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: {F87B39B1-9811-424C-8D70-D2D27EAFD464} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18] (Google Inc.)Task: {FB173491-4776-4FA6-AABE-DCE20E818C38} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {FCBBCF37-4121-46EC-B02D-8567DC4E2959} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{76B5D2AA-95F7-49B0-AF99-2B028D5E5ABB}.exeTask: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Adrienne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\HPCeeScheduleForJ.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2012-05-04 18:42 - 2012-05-04 18:42 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll2012-05-04 18:42 - 2012-05-04 18:42 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2011-07-22 16:48 - 2011-07-22 16:48 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll2012-11-28 12:32 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 17:45 - 2010-10-20 17:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2013-11-16 04:01 - 2013-11-14 05:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll2013-11-16 04:01 - 2013-11-14 05:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll2013-11-16 04:01 - 2013-11-14 05:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll2013-11-16 04:01 - 2013-11-14 05:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll2013-11-16 04:01 - 2013-11-14 05:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll2013-11-16 04:01 - 2013-11-14 05:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Adrienne\OneDrive:ms-propertiesAlternateDataStreams: C:\Users\Adrienne\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\J\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (05/23/2014 08:51:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/23/2014 08:51:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/23/2014 08:21:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/23/2014 08:21:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/23/2014 07:43:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/23/2014 07:43:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/23/2014 07:42:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: Activation of app SymantecCorporation.NortonStudio_v68kp9n051hdp!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/23/2014 07:36:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/23/2014 07:36:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/23/2014 07:36:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors:=============Error: (05/23/2014 08:51:45 AM) (Source: DCOM) (EventID: 10010) (User: ADOLF)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (05/23/2014 08:51:44 AM) (Source: DCOM) (EventID: 10010) (User: ADOLF)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (05/23/2014 08:21:50 AM) (Source: DCOM) (EventID: 10010) (User: ADOLF)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (05/23/2014 08:21:50 AM) (Source: DCOM) (EventID: 10010) (User: ADOLF)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (05/23/2014 07:43:46 AM) (Source: DCOM) (EventID: 10010) (User: ADOLF)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (05/23/2014 07:43:46 AM) (Source: DCOM) (EventID: 10010) (User: ADOLF)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (05/23/2014 07:42:42 AM) (Source: DCOM) (EventID: 10010) (User: ADOLF)Description: App.AppXqnry5k2463e1eva81cgfqeh461wt463a.mca Error: (05/23/2014 07:36:45 AM) (Source: DCOM) (EventID: 10010) (User: ADOLF)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (05/23/2014 07:36:45 AM) (Source: DCOM) (EventID: 10010) (User: ADOLF)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (05/23/2014 07:36:44 AM) (Source: DCOM) (EventID: 10010) (User: ADOLF)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Microsoft Office Sessions:=========================Error: (05/23/2014 08:51:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (05/23/2014 08:51:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (05/23/2014 08:21:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (05/23/2014 08:21:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (05/23/2014 07:43:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (05/23/2014 07:43:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (05/23/2014 07:42:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: SymantecCorporation.NortonStudio_v68kp9n051hdp!App-2144927141 Error: (05/23/2014 07:36:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (05/23/2014 07:36:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (05/23/2014 07:36:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADOLF)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 CodeIntegrity Errors:=================================== Date: 2014-05-22 20:47:47.545 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 10:53:54.603 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 10:53:54.509 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 10:51:35.220 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 10:51:31.939 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 10:51:26.922 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 10:51:19.733 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 10:51:14.483 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 10:51:10.810 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-05-14 10:51:05.668 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 32%Total physical RAM: 7983.3 MBAvailable physical RAM: 5401.2 MBTotal Pagefile: 8383.3 MBAvailable Pagefile: 5356.75 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.77 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:909.02 GB) (Free:247.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Recovery Image) (Fixed) (Total:20.48 GB) (Free:2.52 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive i: (THE_MATRIX_16X9LB_N_AMERICA) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931 GB) (Disk ID: 5FF7C865) Partition: GPT Partition Type. ==================== End Of Log ============================ [END of Addition.txt log:] Link to post Share on other sites More sharing options...
baldyj Posted May 26, 2014 Author ID:834288 Share Posted May 26, 2014 I'm still waiting for assistance. In the meantime, I've uninstalled a program called PureLeads; also, I've run Adwcleaner, reset the settings in IE, and looked for (but did not find) any suspicious entries among my Chrome extensions. In spite of the foregoing, the weird hypertext and SearchAssist pop-ups are still appearing on most web pages. Anyone out there? --J Link to post Share on other sites More sharing options...
baldyj Posted June 1, 2014 Author ID:836516 Share Posted June 1, 2014 No one's written me back! What gives? Link to post Share on other sites More sharing options...
Valinorum Posted June 1, 2014 ID:836559 Share Posted June 1, 2014 Sorry for the delay. We are constantly in look-out for topics with zero reply. When you reply to your own topic we merely assume that you have been attend to by one of the helpers. Hi baldyj, My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.Please do not install any new software while we are working on this system as it may hinder our process.Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.Please do not try to fix anything without being ask.Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.If you are confused about any instruction stop and ask. Do not keep on going.Do not repeat the steps if you face any problems.I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage. Step #1 Scan with Malwarebytes' Anti-MalwareRe-run MBAM.Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;Click on Setting--Navigate to the tab Detection and Protection and check all the boxes under Detection OptionsFrom the Dashboard click on Scan Now;If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;Copy and Paste the contents of the log in your next reply.Step #2 Fix with AdwCleanerDownload AdwCleaner by Xplode to your Desktop from the following link.Download Link #1Download Link #2Right-click on AdwCleaner.exe and choose Run as administrator;Click on Scan and let the program run unhindered;When done, click on Clean and allow the system to reboot after it is done;A log will be opened automatically after the restart;Copy and Paste the contents of this log in your reply.Step #3 Fix with Junkware Removal Tool Download Junkware Removal Tool by thisisu to your Desktop from the link below. Download Link 1 Download Link 2Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);Please be patient as the tool cleans your system;After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;Copy and Paste the contents of the log in your next reply.Required Log(s):Malwarebutes' Anti-Malware LogAdwCleaner LogJunkware Removal Tool LogRegards, Valinorum Link to post Share on other sites More sharing options...
baldyj Posted June 1, 2014 Author ID:836685 Share Posted June 1, 2014 Hi Valinorum, Thanks for responding. I've run MBAM, AdwCleaner and JRT and am posting all logs below. I did turn off my anti-spyware (Windows Defender) before using JRT; I did not turn it off for AdwCleaner or MBAM. MBAM Log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/1/2014Scan Time: 11:53:13 AMLogfile: MBAM_log.txtAdministrator: Yes Version: 2.00.1.1004Malware Database: v2014.06.01.07Rootkit Database: v2014.05.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: J Scan Type: Threat ScanResult: CompletedObjects Scanned: 405510Time Elapsed: 12 min, 26 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 2PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj, Quarantined, [e863185b3a413cfa1e2fd3bb3fc39d63], PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp, Quarantined, [b398bdb6443703337fcf6a2431d1f50b], Files: 10PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\000005.sst, Quarantined, [e863185b3a413cfa1e2fd3bb3fc39d63], PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\000062.log, Quarantined, [e863185b3a413cfa1e2fd3bb3fc39d63], PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\CURRENT, Quarantined, [e863185b3a413cfa1e2fd3bb3fc39d63], PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\LOCK, Quarantined, [e863185b3a413cfa1e2fd3bb3fc39d63], PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\MANIFEST-000061, Quarantined, [e863185b3a413cfa1e2fd3bb3fc39d63], PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\000005.sst, Quarantined, [b398bdb6443703337fcf6a2431d1f50b], PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\000062.log, Quarantined, [b398bdb6443703337fcf6a2431d1f50b], PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\CURRENT, Quarantined, [b398bdb6443703337fcf6a2431d1f50b], PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\LOCK, Quarantined, [b398bdb6443703337fcf6a2431d1f50b], PUP.Optional.Spigot.A, C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\MANIFEST-000061, Quarantined, [b398bdb6443703337fcf6a2431d1f50b], Physical Sectors: 0(No malicious items detected) (end) AdwCleaner Log [R1]: # AdwCleaner v3.211 - Report created 01/06/2014 at 11:58:10# Updated 26/05/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : J - ADOLF# Running from : C:\Users\J\Desktop\adwcleaner_3.211.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17037 -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\August\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb ************************* AdwCleaner[R0].txt - [4926 octets] - [25/05/2014 17:53:26]AdwCleaner[R1].txt - [1019 octets] - [01/06/2014 11:58:10]AdwCleaner[s0].txt - [5155 octets] - [25/05/2014 17:56:13] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1139 octets] ########## AdwCleaner Log [s1]: # AdwCleaner v3.211 - Report created 01/06/2014 at 12:08:42# Updated 26/05/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : J - ADOLF# Running from : C:\Users\J\Desktop\adwcleaner_3.211.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AppDataLow\Software ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17037 -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\August\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb ************************* AdwCleaner[R0].txt - [4926 octets] - [25/05/2014 17:53:26]AdwCleaner[R1].txt - [1219 octets] - [01/06/2014 11:58:10]AdwCleaner[s0].txt - [5155 octets] - [25/05/2014 17:56:13]AdwCleaner[s1].txt - [1144 octets] - [01/06/2014 12:08:42] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1204 octets] ########## JRT Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 8.1 x64Ran by J on Sun 06/01/2014 at 12:13:34.79~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3521255599-543702034-1577723873-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\J\AppData\Roaming\mywordtool" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 06/01/2014 at 12:17:32.89End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Again, thanks. I'll wait for your reply. Link to post Share on other sites More sharing options...
Valinorum Posted June 2, 2014 ID:836837 Share Posted June 2, 2014 How is your system running? Give me a fresh FRST.exe scan log, please. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 6, 2014 Root Admin ID:838393 Share Posted June 6, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
baldyj Posted June 8, 2014 Author ID:839057 Share Posted June 8, 2014 Thanks. I'm copying the FRST scan log below: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014Ran by J (administrator) on ADOLF on 06-06-2014 20:19:20Running from C:\Users\J\DesktopPlatform: Windows 8.1 (Update 1) (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe(AMD) C:\Windows\System32\atieclxx.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [ACSW15EN] => C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe [1135304 2012-12-17] (ACD Systems)HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-3521255599-543702034-1577723873-1001\...\Run: [CAHeadless] => c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-15] (Adobe Systems Incorporated)HKU\S-1-5-21-3521255599-543702034-1577723873-1001\...\MountPoints2: {30e561c4-9980-11e3-beca-902b34e22353} - "J:\LaunchU3.exe" -aSSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)GroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1006\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1005\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1004\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {68765B4E-2BE1-4DD1-BC44-6BDE604C9B2A} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\J\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) Chrome: =======CHR HomePage: about:TabsCHR RestoreOnStartup: "https://mail.google.com/mail/u/0/#inbox"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Extension: (Google Drive) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-19]CHR Extension: (YouTube) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-19]CHR Extension: (Google Search) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-19]CHR Extension: (The Camelizer - Amazon Price Tracker) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2013-01-27]CHR Extension: (Hola Better Internet) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-03-31]CHR Extension: (InvisibleHand) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2013-01-06]CHR Extension: (Boomerang for Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2013-06-25]CHR Extension: (Amazon Price Tracker - Keepa.com) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2013-01-27]CHR Extension: (Google Wallet) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR Extension: (Adblock Pro) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2013-12-22]CHR Extension: (Gmail) - C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-19]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-24] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-24] (Microsoft Corporation)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-06 20:19 - 2014-06-06 20:19 - 00018957 _____ () C:\Users\J\Desktop\FRST.txt2014-06-06 20:18 - 2014-06-06 20:18 - 02072576 _____ (Farbar) C:\Users\J\Desktop\FRST64.exe2014-06-04 14:09 - 2014-06-04 14:09 - 00000000 ____D () C:\Users\J\AppData\Roaming\Unity2014-06-04 14:06 - 2014-06-04 14:06 - 01080944 _____ (Unity Technologies ApS) C:\Users\J\Downloads\UnityWebPlayer.exe2014-06-04 14:06 - 2014-06-04 14:06 - 00000000 ____D () C:\Users\J\AppData\Local\Unity2014-05-31 16:30 - 2014-05-31 16:30 - 00000000 ____D () C:\Users\August\AppData\Roaming\Unity2014-05-31 12:45 - 2014-05-31 12:45 - 01080944 _____ (Unity Technologies ApS) C:\Users\August\Downloads\UnityWebPlayer.exe2014-05-31 12:45 - 2014-05-31 12:45 - 00000000 ____D () C:\Users\August\AppData\Local\Unity2014-05-30 21:37 - 2014-06-02 18:33 - 00000000 ____D () C:\Users\August\AppData\Local\wf-launcher2014-05-30 21:37 - 2014-06-02 18:31 - 00000000 ____D () C:\ProgramData\GFACE2014-05-30 21:37 - 2014-05-30 21:38 - 00000000 ____D () C:\Users\August\AppData\Local\Warface Launcher2014-05-30 21:37 - 2014-05-30 21:37 - 00002014 _____ () C:\Users\August\Downloads\Warface Launcher.lnk2014-05-30 21:37 - 2014-05-30 21:37 - 00000000 ____D () C:\Users\August\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher2014-05-30 21:35 - 2014-05-30 21:36 - 29289064 _____ () C:\Users\August\Downloads\warface-launcher.exe2014-05-29 18:50 - 2014-05-29 18:50 - 02697315 _____ () C:\Users\J\Desktop\test_05-29-2014_am.mp42014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\J\Documents\ProcAlyzer Dumps2014-05-25 17:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll2014-05-25 17:53 - 2014-06-01 12:11 - 00000000 ____D () C:\AdwCleaner2014-05-25 17:46 - 2014-06-01 12:10 - 00160634 _____ () C:\WINDOWS\PFRO.log2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 __SHD () C:\Users\J\AppData\Local\EmieUserList2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 __SHD () C:\Users\J\AppData\Local\EmieSiteList2014-05-25 13:46 - 2014-05-25 13:46 - 00001365 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-25 13:46 - 2014-05-25 13:46 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking2014-05-25 13:46 - 2014-05-25 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-25 13:45 - 2014-05-25 13:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-25 13:45 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe2014-05-24 17:52 - 2014-06-06 20:16 - 01286674 _____ () C:\WINDOWS\WindowsUpdate.log2014-05-23 21:17 - 2014-05-23 21:17 - 17473320 _____ () C:\Users\J\Desktop\points.mp42014-05-23 09:24 - 2014-06-01 12:27 - 00000000 ____D () C:\Users\J\Desktop\MBAM_searchassist_files2014-05-23 08:54 - 2014-06-06 20:19 - 00000000 ____D () C:\FRST2014-05-22 18:57 - 2014-05-22 18:57 - 01641542 _____ () C:\Users\J\Desktop\20140508_073507_372_000013.flv2014-05-21 19:42 - 2014-05-21 19:42 - 00634116 _____ () C:\Users\J\Desktop\points.pptx2014-05-21 17:57 - 2014-05-21 18:00 - 00000000 ____D () C:\Users\J\Desktop\Grade_Appeal2014-05-17 21:41 - 2014-06-01 10:51 - 00000000 ____D () C:\Users\J\Desktop\Shirt2014-05-14 09:51 - 2014-05-14 09:51 - 02289421 _____ () C:\Users\J\Desktop\choo-choo-test3.mp42014-05-14 09:48 - 2014-05-14 09:48 - 00004535 _____ () C:\Users\J\AppData\Roaming\CamStudio.cfg2014-05-14 09:48 - 2014-05-14 09:48 - 00000408 _____ () C:\Users\J\AppData\Roaming\CamShapes.ini2014-05-14 09:48 - 2014-05-14 09:48 - 00000408 _____ () C:\Users\J\AppData\Roaming\CamLayout.ini2014-05-14 09:48 - 2014-05-14 09:48 - 00000046 _____ () C:\Users\J\AppData\Roaming\Camdata.ini2014-05-14 09:46 - 2014-05-14 09:48 - 00000000 ____D () C:\Users\J\Documents\My CamStudio Temp Files2014-05-14 09:45 - 2014-05-14 09:45 - 00000096 _____ () C:\Users\J\AppData\Roaming\version2.xml2014-05-14 09:33 - 2014-05-14 09:34 - 02285515 _____ () C:\Users\J\Desktop\choo-choo-test2.mp42014-05-14 09:20 - 2014-05-14 09:22 - 00000000 ____D () C:\Users\J\Desktop\video_text2014-05-14 09:20 - 2014-05-14 09:20 - 02286845 _____ () C:\Users\J\Desktop\choo-choo-test.mp42014-05-14 08:29 - 2014-05-05 22:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-05-14 08:29 - 2014-05-05 21:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-05-14 08:29 - 2014-05-05 21:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-05-14 08:29 - 2014-05-05 20:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-05-14 08:29 - 2014-04-11 04:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll2014-05-14 08:29 - 2014-04-11 04:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-05-14 08:29 - 2014-04-11 02:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll2014-05-14 08:29 - 2014-04-11 00:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2014-05-14 08:29 - 2014-04-10 23:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2014-05-14 08:29 - 2014-04-10 23:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2014-05-14 08:29 - 2014-04-10 21:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll2014-05-14 08:29 - 2014-04-10 21:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-05-14 08:29 - 2014-04-10 21:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-05-14 08:29 - 2014-04-10 21:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2014-05-14 08:29 - 2014-04-10 21:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-05-14 08:29 - 2014-04-10 21:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2014-05-14 08:29 - 2014-04-10 21:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-05-14 08:29 - 2014-04-10 21:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2014-05-14 08:29 - 2014-04-10 21:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2014-05-14 08:29 - 2014-04-10 21:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-05-14 08:29 - 2014-04-10 20:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-05-14 08:29 - 2014-04-10 20:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll2014-05-14 08:29 - 2014-04-10 20:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2014-05-14 08:29 - 2014-04-10 20:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-05-14 08:29 - 2014-04-10 20:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-05-14 08:29 - 2014-04-10 20:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-05-14 08:29 - 2014-04-10 20:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2014-05-14 08:29 - 2014-04-10 20:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll2014-05-14 08:29 - 2014-04-10 20:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-05-14 08:29 - 2014-04-10 20:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll2014-05-14 08:29 - 2014-04-10 20:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-05-14 08:29 - 2014-03-23 20:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys2014-05-14 08:29 - 2014-03-23 20:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys2014-05-14 08:29 - 2014-03-23 20:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys2014-05-14 08:29 - 2014-03-13 01:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe2014-05-14 08:29 - 2014-03-13 00:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe2014-05-14 08:27 - 2014-04-08 16:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll2014-05-14 08:27 - 2014-04-08 16:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll2014-05-14 08:27 - 2014-04-08 12:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll2014-05-14 08:27 - 2014-04-08 12:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll2014-05-14 08:27 - 2014-03-27 03:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-05-14 08:27 - 2014-03-27 01:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-05-11 20:05 - 2014-05-11 20:05 - 00000000 ____D () C:\PROGRAM12014-05-11 20:05 - 2013-11-13 21:41 - 00439296 _____ (Sendori) C:\WINDOWS\system32\plsapp64.dll2014-05-11 20:04 - 2014-05-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader2014-05-07 18:26 - 2014-05-20 18:59 - 00000000 ____D () C:\Users\J\Desktop\~combined_rubrics-papers2014-05-07 13:33 - 2014-05-07 13:33 - 00000000 ____D () C:\Users\J\AppData\Local\Foxit Reader2014-05-07 07:20 - 2014-05-07 07:36 - 00000000 ____D () C:\Users\J\Desktop\Up Series Paper Download May 7, 2014 720 AM ==================== One Month Modified Files and Folders ======= 2014-06-06 20:19 - 2014-06-06 20:19 - 00018957 _____ () C:\Users\J\Desktop\FRST.txt2014-06-06 20:19 - 2014-05-23 08:54 - 00000000 ____D () C:\FRST2014-06-06 20:19 - 2013-11-24 01:01 - 00000000 ____D () C:\Users\J\AppData\Local\Temp2014-06-06 20:18 - 2014-06-06 20:18 - 02072576 _____ (Farbar) C:\Users\J\Desktop\FRST64.exe2014-06-06 20:18 - 2012-12-18 10:05 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521255599-543702034-1577723873-10012014-06-06 20:16 - 2014-05-24 17:52 - 01286674 _____ () C:\WINDOWS\WindowsUpdate.log2014-06-06 20:16 - 2012-12-18 09:58 - 00003898 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{48185596-78D4-43A4-85BB-FA4A019EF6F1}2014-06-06 20:16 - 2012-12-18 09:58 - 00000000 ____D () C:\Users\J\AppData\Local\Adobe2014-06-06 20:15 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-06-06 20:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-06-06 20:13 - 2013-11-24 01:31 - 00000000 __RDO () C:\Users\J\SkyDrive2014-06-06 20:13 - 2013-05-31 14:10 - 00000370 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2014-06-06 20:13 - 2012-12-19 16:09 - 04371456 ___SH () C:\Users\J\Desktop\Thumbs.db2014-06-06 20:13 - 2012-12-18 10:21 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-06-05 22:49 - 2013-06-01 21:35 - 00788206 _____ () C:\Users\J\tribler.exe.log2014-06-04 22:37 - 2012-12-18 10:21 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-06-04 19:38 - 2013-11-24 01:00 - 00000000 ____D () C:\Users\August\AppData\Local\Temp2014-06-04 19:38 - 2012-12-19 08:30 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2D18D2C9-DFAC-491D-A869-CFF692D50EED}2014-06-04 19:31 - 2012-12-19 20:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log2014-06-04 19:31 - 2012-12-19 20:28 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-06-04 19:30 - 2013-11-29 16:34 - 00003134 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForJ2014-06-04 19:30 - 2013-11-29 16:34 - 00000328 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForJ.job2014-06-04 19:28 - 2014-01-25 14:00 - 00000000 ____D () C:\Users\J\AppData\Local\Screencast-O-Matic2014-06-04 17:38 - 2012-12-25 10:15 - 00000000 ____D () C:\Users\J\AppData\Roaming\.minecraft2014-06-04 17:17 - 2013-01-07 18:25 - 00000000 ____D () C:\Users\J\AppData\Roaming\vlc2014-06-04 14:16 - 2012-12-19 08:36 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521255599-543702034-1577723873-10052014-06-04 14:09 - 2014-06-04 14:09 - 00000000 ____D () C:\Users\J\AppData\Roaming\Unity2014-06-04 14:06 - 2014-06-04 14:06 - 01080944 _____ (Unity Technologies ApS) C:\Users\J\Downloads\UnityWebPlayer.exe2014-06-04 14:06 - 2014-06-04 14:06 - 00000000 ____D () C:\Users\J\AppData\Local\Unity2014-06-04 02:00 - 2012-12-19 08:31 - 00000000 ____D () C:\Users\August\AppData\Local\Adobe2014-06-02 18:33 - 2014-05-30 21:37 - 00000000 ____D () C:\Users\August\AppData\Local\wf-launcher2014-06-02 18:31 - 2014-05-30 21:37 - 00000000 ____D () C:\ProgramData\GFACE2014-06-02 17:42 - 2013-11-24 01:01 - 00000000 ____D () C:\Users\J2014-06-02 16:57 - 2012-12-25 10:39 - 00000000 ____D () C:\Users\August\AppData\Roaming\.minecraft2014-06-02 14:50 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-06-01 12:27 - 2014-05-23 09:24 - 00000000 ____D () C:\Users\J\Desktop\MBAM_searchassist_files2014-06-01 12:11 - 2014-05-25 17:53 - 00000000 ____D () C:\AdwCleaner2014-06-01 12:10 - 2014-05-25 17:46 - 00160634 _____ () C:\WINDOWS\PFRO.log2014-06-01 12:09 - 2013-08-22 07:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI2014-06-01 11:38 - 2014-04-27 14:34 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-06-01 11:27 - 2013-02-18 12:42 - 00340480 ___SH () C:\Users\August\Downloads\Thumbs.db2014-06-01 11:11 - 2013-08-18 18:05 - 00223232 ___SH () C:\Users\August\Desktop\Thumbs.db2014-06-01 10:51 - 2014-05-17 21:41 - 00000000 ____D () C:\Users\J\Desktop\Shirt2014-05-31 16:30 - 2014-05-31 16:30 - 00000000 ____D () C:\Users\August\AppData\Roaming\Unity2014-05-31 12:45 - 2014-05-31 12:45 - 01080944 _____ (Unity Technologies ApS) C:\Users\August\Downloads\UnityWebPlayer.exe2014-05-31 12:45 - 2014-05-31 12:45 - 00000000 ____D () C:\Users\August\AppData\Local\Unity2014-05-30 21:38 - 2014-05-30 21:37 - 00000000 ____D () C:\Users\August\AppData\Local\Warface Launcher2014-05-30 21:37 - 2014-05-30 21:37 - 00002014 _____ () C:\Users\August\Downloads\Warface Launcher.lnk2014-05-30 21:37 - 2014-05-30 21:37 - 00000000 ____D () C:\Users\August\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher2014-05-30 21:36 - 2014-05-30 21:35 - 29289064 _____ () C:\Users\August\Downloads\warface-launcher.exe2014-05-29 18:50 - 2014-05-29 18:50 - 02697315 _____ () C:\Users\J\Desktop\test_05-29-2014_am.mp42014-05-28 22:15 - 2013-06-01 21:35 - 01264690 _____ () C:\Users\J\tribler.exe.log.12014-05-28 15:36 - 2012-12-18 15:22 - 00000000 ___RD () C:\Users\J\Google Drive2014-05-28 07:53 - 2012-12-30 16:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-25 22:14 - 2014-05-25 22:14 - 00000000 ____D () C:\Users\J\Documents\ProcAlyzer Dumps2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 __SHD () C:\Users\J\AppData\Local\EmieUserList2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 __SHD () C:\Users\J\AppData\Local\EmieSiteList2014-05-25 13:48 - 2014-05-25 13:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-25 13:46 - 2014-05-25 13:46 - 00001365 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-25 13:46 - 2014-05-25 13:46 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking2014-05-25 13:46 - 2014-05-25 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-25 13:45 - 2012-12-30 16:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy2014-05-23 21:17 - 2014-05-23 21:17 - 17473320 _____ () C:\Users\J\Desktop\points.mp42014-05-23 09:27 - 2013-05-01 00:23 - 00000000 ____D () C:\Program Files\CCleaner2014-05-22 20:30 - 2013-08-22 08:44 - 02985920 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-05-22 18:57 - 2014-05-22 18:57 - 01641542 _____ () C:\Users\J\Desktop\20140508_073507_372_000013.flv2014-05-21 21:55 - 2013-09-29 22:04 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-05-21 19:42 - 2014-05-21 19:42 - 00634116 _____ () C:\Users\J\Desktop\points.pptx2014-05-21 18:00 - 2014-05-21 17:57 - 00000000 ____D () C:\Users\J\Desktop\Grade_Appeal2014-05-20 18:59 - 2014-05-07 18:26 - 00000000 ____D () C:\Users\J\Desktop\~combined_rubrics-papers2014-05-20 13:52 - 2013-11-24 01:01 - 00000000 ____D () C:\Users\Carl\AppData\Local\Temp2014-05-20 13:20 - 2013-01-08 13:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521255599-543702034-1577723873-10062014-05-20 13:01 - 2013-01-08 13:35 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EDAEC3A7-9B57-4E6B-8023-F5D8FB5A7845}2014-05-20 12:59 - 2013-01-08 13:35 - 00000000 ___RD () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-20 12:59 - 2013-01-08 13:35 - 00000000 ___RD () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-15 18:52 - 2012-12-19 08:30 - 00000000 ___RD () C:\Users\August\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-15 18:52 - 2012-12-19 08:30 - 00000000 ___RD () C:\Users\August\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-14 11:08 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache2014-05-14 10:27 - 2012-12-18 09:58 - 00000000 ___RD () C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-14 10:27 - 2012-12-18 09:58 - 00000000 ___RD () C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-14 10:24 - 2013-09-29 21:51 - 00000000 ____D () C:\WINDOWS\ShellNew2014-05-14 10:24 - 2012-07-26 02:12 - 00000000 ____D () C:\WINDOWS\SchCache2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-05-14 10:23 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-05-14 09:51 - 2014-05-14 09:51 - 02289421 _____ () C:\Users\J\Desktop\choo-choo-test3.mp42014-05-14 09:48 - 2014-05-14 09:48 - 00004535 _____ () C:\Users\J\AppData\Roaming\CamStudio.cfg2014-05-14 09:48 - 2014-05-14 09:48 - 00000408 _____ () C:\Users\J\AppData\Roaming\CamShapes.ini2014-05-14 09:48 - 2014-05-14 09:48 - 00000408 _____ () C:\Users\J\AppData\Roaming\CamLayout.ini2014-05-14 09:48 - 2014-05-14 09:48 - 00000046 _____ () C:\Users\J\AppData\Roaming\Camdata.ini2014-05-14 09:48 - 2014-05-14 09:46 - 00000000 ____D () C:\Users\J\Documents\My CamStudio Temp Files2014-05-14 09:45 - 2014-05-14 09:45 - 00000096 _____ () C:\Users\J\AppData\Roaming\version2.xml2014-05-14 09:45 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates2014-05-14 09:45 - 2012-12-18 12:19 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-05-14 09:45 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-05-14 09:43 - 2013-08-15 15:17 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-05-14 09:41 - 2012-12-18 12:35 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-05-14 09:39 - 2012-11-28 12:25 - 00004248 _____ () C:\WINDOWS\system32\RaCoInst.log2014-05-14 09:34 - 2014-05-14 09:33 - 02285515 _____ () C:\Users\J\Desktop\choo-choo-test2.mp42014-05-14 09:22 - 2014-05-14 09:20 - 00000000 ____D () C:\Users\J\Desktop\video_text2014-05-14 09:20 - 2014-05-14 09:20 - 02286845 _____ () C:\Users\J\Desktop\choo-choo-test.mp42014-05-11 20:05 - 2014-05-11 20:05 - 00000000 ____D () C:\PROGRAM12014-05-11 20:04 - 2014-05-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader2014-05-07 20:36 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-05-07 13:33 - 2014-05-07 13:33 - 00000000 ____D () C:\Users\J\AppData\Local\Foxit Reader2014-05-07 10:32 - 2013-08-09 00:03 - 00000000 ____D () C:\Users\J\Desktop\hugh_schedules2014-05-07 07:36 - 2014-05-07 07:20 - 00000000 ____D () C:\Users\J\Desktop\Up Series Paper Download May 7, 2014 720 AM Files to move or delete:====================C:\Users\J\AppData\Roaming\CamLayout.iniC:\Users\J\AppData\Roaming\CamShapes.ini Some content of TEMP:====================C:\Users\J\AppData\Local\Temp\Foxit Reader Updater.exeC:\Users\J\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-02 15:06 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Valinorum Posted June 8, 2014 ID:839059 Share Posted June 8, 2014 Hi baldyj, Step #4 Fix with FRSTMake sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.Open Notepad.exe. Do not use any other text editor software;Copy and Paste the contents inside the code-box to your Notepad --StartHKU\S-1-5-21-3521255599-543702034-1577723873-1001\...\MountPoints2: {30e561c4-9980-11e3-beca-902b34e22353} - "J:\LaunchU3.exe" -aGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1006\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1005\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1004\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1001\User: Group Policy restriction detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION2014-06-06 20:13 - 2013-05-31 14:10 - 00000370 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.jobC:\Users\J\AppData\Roaming\CamLayout.iniC:\Users\J\AppData\Roaming\CamShapes.iniC:\Users\J\AppData\Local\Temp\Quarantine.exeEndClick on File > Save as...Inside the File Name box type fixlist.txt;From the Save as type drop down list, choose All FilesSave the file to your Desktop;Re-run FRST.exe and click Fix;Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.After the completion, a log will be produced;Copy and Paste the contents of the log in your next reply.Step #5 ESET Online ScannerDisable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.Download esetsmartinstaller_enu.exe by clicking here.Right-click on the program and choose Run as administrator.Accept their terms and condition and proceed.Install Add-On/Active X if prompted.From the Computer Scan Setting --Uncheck the box beside Remove Found Threats;Check the box beside Scan archivesClick on Advanced Setting and check the following boxes--Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick on Start and wait for the virus signature database to update.The online scan will begin automatically and can take several hours.Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.After the Scan finishes --If no threats were found:Put a checkmark in Uninstall application on close.Close the program and report that nothing was foundIf threats were found:Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).Copy and Paste contents of the log file in your next reply.Note: Enable your security programs afterwards.Required Log(s):FRST Fix LogESET Scan LogRegards,Valinorum Link to post Share on other sites More sharing options...
baldyj Posted June 9, 2014 Author ID:839345 Share Posted June 9, 2014 Hi Valinorum: I've run both Farbar and the ESET Online Scanner. Here are their respective logs: FRST Fix Log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014Ran by J at 2014-06-08 18:58:04 Run:1Running from C:\Users\J\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************StartHKU\S-1-5-21-3521255599-543702034-1577723873-1001\...\MountPoints2: {30e561c4-9980-11e3-beca-902b34e22353} - "J:\LaunchU3.exe" -aGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1006\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1005\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1004\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1001\User: Group Policy restriction detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION2014-06-06 20:13 - 2013-05-31 14:10 - 00000370 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.jobC:\Users\J\AppData\Roaming\CamLayout.iniC:\Users\J\AppData\Roaming\CamShapes.iniC:\Users\J\AppData\Local\Temp\Quarantine.exeEnd***************** 'HKU\S-1-5-21-3521255599-543702034-1577723873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30e561c4-9980-11e3-beca-902b34e22353}' => Key deleted successfully.'HKCR\CLSID\{30e561c4-9980-11e3-beca-902b34e22353}'=> Key not found.C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1006\User => Moved successfully.C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1005\User => Moved successfully.C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1004\User => Moved successfully.C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3521255599-543702034-1577723873-1001\User => Moved successfully.'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.C:\Users\J\AppData\Roaming\CamLayout.ini => Moved successfully.C:\Users\J\AppData\Roaming\CamShapes.ini => Moved successfully.C:\Users\J\AppData\Local\Temp\Quarantine.exe => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== ESET Scan Log: ESETSmartInstaller@High as downloader log:all ok# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7587# api_version=3.0.2# EOSSerial=7258f1b48f3b7a40a4ca823f67dc8a59# engine=18621# end=stopped# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2014-06-09 01:44:41# local_time=2014-06-08 07:44:41 (-0700, Mountain Daylight Time)# country="United States"# lang=1033# osver=6.2.9200 NT # compatibility_mode_1=''# compatibility_mode=5893 16776573 100 94 0 5736602 0 0# scanned=92496# found=20# cleaned=0# scan_time=1788sh=84FC42975159350F95809F48056B2F2CA356DA41 ft=1 fh=c71c0011223d60ed vn="Win32/InstallCore.GB potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3521255599-543702034-1577723873-1005\$R55740T.exe"sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3521255599-543702034-1577723873-1005\$RB1NW65.exe"sh=E02A7005C77125365329E9D3706288CD3AF0A5EB ft=1 fh=2a1df3c6c30dfc20 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3521255599-543702034-1577723873-1005\$RFAL9KX.exe"sh=CB20DFD703B61B9470BBB3B1BE157D47A8C0849A ft=1 fh=63788d9fe9c2f077 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3521255599-543702034-1577723873-1005\$RFRH7DE.exe"sh=D52378F0E5E9FE399292DA2703F5B7CD7B671D19 ft=1 fh=a255fc24f8538e85 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3521255599-543702034-1577723873-1005\$RN81K1V.exe"sh=69AF8D82BD65216B649368B4F1A0CB2708D296E1 ft=1 fh=10fa131a8ddb2fc9 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.26.7.519_0\APISupport\APISupport.dll.vir"sh=02A100B872E4557B3D38BB2C8183647A8373817A ft=1 fh=62fa77ff477e89c5 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.26.7.519_0\nativeMessaging\TBMessagingHost.exe.vir"sh=DA8C384EEFD7FE4FE271A611EF0443F980FB2C9E ft=1 fh=678d83e5795ef47a vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.26.9.505_0\APISupport\APISupport.dll.vir"sh=A984DB85C2A5132D994C64801282DDB5E487BA32 ft=1 fh=cb3e05eb79620296 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir"sh=DA8C384EEFD7FE4FE271A611EF0443F980FB2C9E ft=1 fh=678d83e5795ef47a vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.26.9.505_1\APISupport\APISupport.dll.vir"sh=A984DB85C2A5132D994C64801282DDB5E487BA32 ft=1 fh=cb3e05eb79620296 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.26.9.505_1\nativeMessaging\TBMessagingHost.exe.vir"sh=FFC8C0F5F61304C9FB8C8AE8F84363FD4B303ECC ft=1 fh=a070018d0efef5d2 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_0\APISupport\APISupport.dll.vir"sh=FADE4553CF63ABD446132E31C7F927AC9D191F5D ft=1 fh=cfebcaa46fcaed43 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_0\nativeMessaging\TBMessagingHost.exe.vir"sh=6324A1B6DDC60ED6DBF3FD7D5E0D8ED87A69D1DC ft=1 fh=94b7f1c67327f691 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_0\plugins\ChromeApiPlugin.dll.vir"sh=FFC8C0F5F61304C9FB8C8AE8F84363FD4B303ECC ft=1 fh=a070018d0efef5d2 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_1\APISupport\APISupport.dll.vir"sh=FADE4553CF63ABD446132E31C7F927AC9D191F5D ft=1 fh=cfebcaa46fcaed43 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_1\nativeMessaging\TBMessagingHost.exe.vir"sh=6324A1B6DDC60ED6DBF3FD7D5E0D8ED87A69D1DC ft=1 fh=94b7f1c67327f691 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_1\plugins\ChromeApiPlugin.dll.vir"sh=FFC8C0F5F61304C9FB8C8AE8F84363FD4B303ECC ft=1 fh=a070018d0efef5d2 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_2\APISupport\APISupport.dll.vir"sh=FADE4553CF63ABD446132E31C7F927AC9D191F5D ft=1 fh=cfebcaa46fcaed43 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_2\nativeMessaging\TBMessagingHost.exe.vir"sh=6324A1B6DDC60ED6DBF3FD7D5E0D8ED87A69D1DC ft=1 fh=94b7f1c67327f691 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.29.0.520_2\plugins\ChromeApiPlugin.dll.vir" Thanks! Link to post Share on other sites More sharing options...
Valinorum Posted June 9, 2014 ID:839576 Share Posted June 9, 2014 Hi baldyj, How is your system running?Step #4 Fix with FRSTMake sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.Open Notepad.exe. Do not use any other text editor software;Copy and Paste the contents inside the code-box to your Notepad --StartC:\$Recycle.Bin\EndClick on File > Save as...Inside the File Name box type fixlist.txt;From the Save as type drop down list, choose All FilesSave the file to your Desktop;Re-run FRST.exe and click Fix;Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.After the completion, a log will be produced;Copy and Paste the contents of the log in your next reply.Required Log(s):FRST Fix LogRegards,Valinorum Link to post Share on other sites More sharing options...
baldyj Posted June 10, 2014 Author ID:839775 Share Posted June 10, 2014 Hi Valinorum, The system seems to be running O.K.; there are no obvious problems. Most important, none of the symptoms (mainly, hypertext directing to SearchAssist links) are present. As requested, I've run FRST with the fix you provided. Please see below: FRST Fix Log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-06-2014Ran by J at 2014-06-09 20:30:27 Run:2Running from C:\Users\J\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************StartC:\$Recycle.Bin\End***************** C:\$Recycle.Bin => Moved successfully. ==== End of Fixlog ==== Thanks. Link to post Share on other sites More sharing options...
Valinorum Posted June 10, 2014 ID:839786 Share Posted June 10, 2014 Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak. ♣ Removal of Tools and Quarantined Files ♣ Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.Cleanup with Delfix Please download DelFix by Xplode to your Desktop. Download LinkDouble-click to run the program;Note: Windows Vista/7/8 users right-click and choose Run as administratorMake sure that all the boxes are checked;Click Run;A log will be opened after the operation is finished;Copy and Paste it in your next reply ♣ Prevention and Future Guidelines ♣ Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.Keep Windows up-to-date. It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.Run antivirus software and keep it up-to-date, too. Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!Keep your web browser plugins and other programs updated also. This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats. A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC. No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit. Download NoSript by Giorgio Maone. Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.Watch out for new threat named CryptoLocker CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures. How to prevent your computer from becoming infected by CryptoLocker.And last of all, surf smart. It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?Regards, Valinorum Link to post Share on other sites More sharing options...
baldyj Posted June 10, 2014 Author ID:839788 Share Posted June 10, 2014 HI Valinorum, Yes, it seems to me to be clean; but it's good to have your confirmation of the same by virtue of viewing the logs. Thank you very much! I'll pay heed to the advice given in your most recent note, and I'll remove all tools. Again, thank you very much. Link to post Share on other sites More sharing options...
Valinorum Posted June 10, 2014 ID:839790 Share Posted June 10, 2014 You are welcome. Browse safely and I will ask a moderator to close this topic as solved. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 10, 2014 Root Admin ID:839811 Share Posted June 10, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts